Zdravím,
Při brouzdání po internetu na mě vyskočilo vyskakovací okno z hláškou že mi prej zašifrovali data a ať jim zaplatím a odpočítával se čas a zobrazovala se tam i moje Ip adresa ňijak jsem nelenil a rychle restartoval počítač. Prosím o zjištění jestli je to mu opravdu tak že mám infikovanej počítač nebo to byla podvodná informace.Díky za pomoc.
Přikládám log RSIT
Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrátor at 2015-03-29 20:16:53
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1029 GB (54%) free of 1908 GB
Total RAM: 8175 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:58, on 29.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Administrátor.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O4 - HKUS\S-1-5-18\..\Run: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - http://assets.photobox.com/assets/v/ra3 ... _0fSS8.cab
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - https://carina.cd.cz/dwa85W.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - https://carina.cd.cz/dwa7W.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6457 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /s "NS" /m "C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /c /a /s UserSession2
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b58d72f4-5579-456b-8212-6a6ca03df70d 1
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-682509082-533512337-1267490790-920949865325587282021111928-21222567721869578300
\??\C:\Windows\system32\conhost.exe "1483144758-168598702618759391441129384444-39845194720661951561761209907-1602324035
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Users\Administrátor\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Acrobat Update Task.job - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
=========Mozilla firefox=========
ProfilePath - C:\Users\Administrátor\AppData\Roaming\Mozilla\Firefox\Profiles\aoprsa0j.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.75.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.75.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-13 553896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-13 211880]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-09 13672152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*WerKernelReporting]
C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=60
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2015-03-29 20:16:53 ----D---- C:\rsit
2015-03-29 20:16:53 ----D---- C:\Program Files\trend micro
2015-03-29 19:48:49 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2015-03-29 19:47:04 ----D---- C:\Windows\LastGood
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-03-29 19:46:02 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglv64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvinitx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\NvIFR64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-03-29 19:46:00 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\NvFBC64.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispgenco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuda.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-03-29 19:45:55 ----A---- C:\Windows\system32\nvcompiler.dll
2015-03-29 19:10:55 ----A---- C:\Windows\ntbtlog.txt
2015-03-22 17:05:22 ----D---- C:\ProgramData\WarThunder
2015-03-17 14:48:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-16 16:31:34 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wextract.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\url.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshta.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\inseng.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\icardie.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\elshyph.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\wextract.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\webcheck.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\vbscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\url.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\pngfilt.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\occache.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmled.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtml.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshta.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\msfeeds.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\licmgr10.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\jscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\inseng.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\imgutil.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iexpress.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieUnatt.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iesetup.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iernonce.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iepeers.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iedkcs32.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dat
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ie4uinit.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\icardie.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtrans.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtmsft.dll
2015-03-15 22:07:47 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-03-11 19:04:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-03-11 18:13:00 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-03-11 18:13:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12:59 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-03-11 18:12:57 ----A---- C:\Windows\system32\crypt32.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\wmp.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\mf.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-03-11 18:12:55 ----A---- C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12:54 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-03-11 18:12:54 ----A---- C:\Windows\system32\quartz.dll
2015-03-11 18:12:53 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\winload.exe
2015-03-11 18:12:51 ----A---- C:\Windows\system32\msscp.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptnet.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\audiosrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srcore.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\smss.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rstrui.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\qdvd.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcawrk.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcasvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcalua.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcadm.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msmmsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\EncDump.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\appid.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\csrsrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\blackbox.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\audiodg.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidapi.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\system32\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\pcaevts.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\apisetschema.dll
2015-03-11 18:12:03 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspisrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsass.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsasrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\cng.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\adtschema.dll
2015-03-11 18:11:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-03-11 18:11:30 ----A---- C:\Windows\system32\shell32.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpudd.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpcorets.dll
2015-03-11 18:11:27 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-03-11 18:11:27 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:11:10 ----D---- C:\ProgramData\Malwarebytes
2015-03-11 18:11:10 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-03-11 18:09:34 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-03-11 18:09:34 ----A---- C:\Windows\system32\ubpm.dll
2015-03-11 18:09:01 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-03-11 18:09:01 ----A---- C:\Windows\system32\msctf.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmfd.dll
2015-03-11 18:08:59 ----A---- C:\Windows\system32\win32k.sys
2015-03-11 18:08:39 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-03-11 18:08:39 ----A---- C:\Windows\system32\WMPhoto.dll
2015-03-11 17:35:41 ----D---- C:\AdwCleaner
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files\Symantec Shared
2015-03-11 17:35:06 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-11 17:34:20 ----D---- C:\Windows\system32\drivers\NSx64
2015-03-11 17:34:20 ----D---- C:\Program Files (x86)\Norton Security
2015-03-11 17:34:19 ----D---- C:\ProgramData\Norton
2015-03-11 17:34:04 ----D---- C:\ProgramData\NortonInstaller
2015-03-11 17:34:04 ----D---- C:\Program Files (x86)\NortonInstaller
2015-03-11 17:09:42 ----SHD---- C:\Config.Msi
2015-03-10 22:25:44 ----D---- C:\Program Files\TeamSpeak 3 Client
======List of files/folders modified in the last 1 month======
2015-03-29 20:16:58 ----D---- C:\Windows\Prefetch
2015-03-29 20:16:53 ----RD---- C:\Program Files
2015-03-29 19:50:30 ----D---- C:\Windows\System32
2015-03-29 19:50:30 ----D---- C:\Windows\inf
2015-03-29 19:50:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-29 19:49:30 ----D---- C:\ProgramData\NVIDIA
2015-03-29 19:49:17 ----D---- C:\Windows\SysWOW64
2015-03-29 19:49:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-03-29 19:48:47 ----D---- C:\Windows\system32\DriverStore
2015-03-29 19:47:19 ----D---- C:\Windows\temp
2015-03-29 19:47:06 ----D---- C:\Windows\system32\drivers
2015-03-29 19:47:06 ----D---- C:\Program Files\NVIDIA Corporation
2015-03-29 19:47:04 ----D---- C:\Windows
2015-03-29 19:43:22 ----D---- C:\Windows\system32\config
2015-03-29 19:29:16 ----A---- C:\Windows\SYSWOW64\log.txt
2015-03-29 19:27:55 ----SD---- C:\System Volume Information
2015-03-29 12:22:07 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-28 14:11:35 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-27 22:36:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-03-26 16:37:54 ----D---- C:\Windows\system32\catroot2
2015-03-22 17:05:22 ----D---- C:\ProgramData
2015-03-20 21:47:22 ----D---- C:\Windows\SYSWOW64\directx
2015-03-20 21:47:14 ----HD---- C:\Windows\msdownld.tmp
2015-03-20 21:47:11 ----D---- C:\Windows\Logs
2015-03-20 16:22:05 ----D---- C:\Windows\rescache
2015-03-18 22:21:36 ----RD---- C:\Program Files (x86)
2015-03-18 09:19:03 ----D---- C:\Windows\winsxs
2015-03-18 00:24:07 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-03-18 00:24:07 ----D---- C:\Windows\system32\cs-CZ
2015-03-16 16:36:18 ----D---- C:\Program Files\Internet Explorer
2015-03-16 16:36:14 ----D---- C:\Windows\SYSWOW64\migration
2015-03-16 16:36:13 ----D---- C:\Windows\SYSWOW64\en-US
2015-03-16 16:36:11 ----D---- C:\Windows\system32\migration
2015-03-16 16:36:11 ----D---- C:\Windows\PolicyDefinitions
2015-03-16 16:36:10 ----D---- C:\Windows\system32\en-US
2015-03-15 22:27:50 ----D---- C:\Windows\servicing
2015-03-15 22:10:01 ----D---- C:\Windows\Panther
2015-03-15 22:02:34 ----D---- C:\Windows\debug
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvapi64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvcpl.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvshext.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvmctray.dll
2015-03-13 13:34:50 ----D---- C:\Windows\system32\Tasks
2015-03-11 19:13:11 ----D---- C:\Windows\SYSWOW64\Dism
2015-03-11 19:13:11 ----D---- C:\Windows\system32\Dism
2015-03-11 19:13:11 ----D---- C:\Program Files\Windows Media Player
2015-03-11 19:13:11 ----D---- C:\Program Files (x86)\Windows Media Player
2015-03-11 19:13:02 ----D---- C:\Windows\system32\Boot
2015-03-11 19:03:39 ----D---- C:\Program Files (x86)\Common Files
2015-03-11 18:28:50 ----SHD---- C:\Windows\Installer
2015-03-11 18:28:45 ----D---- C:\ProgramData\Microsoft Help
2015-03-11 18:22:20 ----D---- C:\Windows\system32\MRT
2015-03-11 18:18:19 ----A---- C:\Windows\system32\MRT.exe
2015-03-11 18:12:31 ----D---- C:\Programy
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files
2015-03-11 17:27:23 ----D---- C:\Program Files (x86)\Steam
2015-03-11 17:10:04 ----DC---- C:\Windows\system32\DRVSTORE
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-02-06 564824]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NSx64\1601000.009\SYMDS64.SYS [2014-09-09 490712]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS [2014-09-09 1151704]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [2015-03-09 1622744]
R1 ccSet_NS;NS Settings Manager; C:\Windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys [2014-09-09 165080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-03-11 487216]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys [2015-03-27 671448]
R1 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2015-03-17 107736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NSx64\1601000.009\SRTSPX64.SYS [2014-09-09 42200]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS [2014-09-09 271576]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS [2014-09-09 565464]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2015-01-02 42696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-03-11 142640]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-14 3962840]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-03-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-03-29 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-03-17 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-12-08 64624]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\ENG64.SYS [2015-03-11 129752]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\EX64.SYS [2015-03-11 2137304]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-05 195728]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-01-20 888536]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NSx64\1601000.009\SRTSP64.SYS [2014-12-02 914648]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2015-03-11 102616]
S1 FldSafe;FldSafe; C:\Windows\system32\DRIVERS\FldSafe.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2015-01-02 310728]
S3 agvkhi1n;agvkhi1n; C:\Windows\system32\drivers\agvkhi1n.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 gdrv;gdrv; C:\Windows\system32\drivers\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 Prot6Flt;Prot6Flt; C:\Windows\system32\DRIVERS\Prot6Flt.sys []
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 NS;Norton Security; C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [2014-12-10 282528]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-03-13 935056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-03-13 410768]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-16 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-14 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-27 148080]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-25 1903472]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Možné zašifrování dat
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Možné zašifrování dat
Zdravím!
Zašifrování dat by byl průšvih, většina rošifrovat nejde. Dejte log ComboFix:
Zašifrování dat by byl průšvih, většina rošifrovat nejde. Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Možné zašifrování dat
Tady je ten log:
ComboFix 15-03-29.01 - Administrátor 29.03.2015 20:38:08.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6083 [GMT 2:00]
Spuštěný z: c:\users\Administrßtor\Downloads\ComboFix.exe
AV: Norton Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\~WRL1324.tmp
c:\windows\msdownld.tmp
c:\windows\SysWow64\SET62BC.tmp
c:\windows\SysWow64\SET67CF.tmp
c:\windows\SysWow64\SET72FD.tmp
c:\windows\SysWow64\SET7CE5.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-28 do 2015-03-29 )))))))))))))))))))))))))))))))
.
.
2015-03-29 18:55 . 2015-03-29 18:55 -------- d-----w- c:\users\TATA\AppData\Local\temp
2015-03-29 18:16 . 2015-03-29 18:17 -------- d-----w- C:\rsit
2015-03-29 18:16 . 2015-03-29 18:16 -------- d-----w- c:\program files\trend micro
2015-03-29 17:48 . 2015-03-13 15:38 622224 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-03-29 17:47 . 2015-03-29 17:47 -------- d-----w- c:\windows\LastGood
2015-03-29 17:45 . 2015-03-13 19:41 3611792 ----a-w- c:\windows\system32\nvcuvid.dll
2015-03-29 17:45 . 2015-03-13 19:41 3249352 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-03-29 17:45 . 2015-03-13 19:41 13210080 ----a-w- c:\windows\system32\nvcuda.dll
2015-03-29 17:45 . 2015-03-13 19:41 10715864 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-03-29 17:45 . 2015-03-13 19:41 2906928 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-03-29 17:45 . 2015-03-13 19:41 25460880 ----a-w- c:\windows\system32\nvcompiler.dll
2015-03-29 17:45 . 2015-03-13 19:41 20466376 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-03-27 20:36 . 2015-03-27 20:36 455328 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp120.dll
2015-03-27 20:36 . 2015-03-27 20:36 3466856 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_47.dll
2015-03-27 20:36 . 2015-03-27 20:36 169584 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-03-27 20:36 . 2015-03-27 20:36 970912 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr120.dll
2015-03-22 15:05 . 2015-03-22 15:05 -------- d-----w- c:\programdata\WarThunder
2015-03-19 16:39 . 2015-03-27 20:04 -------- d-----w- c:\users\Petr\AppData\Local\WarThunder
2015-03-17 12:48 . 2015-02-20 02:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 17:09 . 2015-03-11 17:09 -------- d-----w- c:\users\Administrátor\AppData\Local\NPE
2015-03-11 17:04 . 2015-03-16 15:03 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-11 17:04 . 2015-03-16 15:03 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-11 17:03 . 2015-03-11 17:03 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2015-03-11 16:13 . 2015-02-03 03:34 5554104 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-11 16:13 . 2015-02-03 03:12 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-03-11 16:11 . 2015-03-06 05:56 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-11 16:09 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-03-11 16:08 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-03-11 16:08 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 16:08 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-11 15:35 . 2015-03-29 17:14 -------- d-----w- C:\AdwCleaner
2015-03-11 15:35 . 2015-03-11 15:35 102616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-11 15:35 . 2015-03-11 15:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2015-03-11 15:34 . 2015-03-13 11:29 -------- d-----w- c:\windows\system32\drivers\NSx64
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Norton Security
2015-03-11 15:34 . 2015-03-11 15:35 -------- d-----w- c:\programdata\Norton
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\NortonInstaller
2015-03-10 20:25 . 2015-03-10 20:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-03-10 20:09 . 2015-03-16 19:23 -------- d-----w- c:\users\Petr\AppData\Roaming\TS3Client
2015-03-10 20:09 . 2015-03-10 20:09 -------- d-----w- c:\users\Petr\AppData\Local\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-13 19:41 . 2014-11-11 13:42 73872 ----a-w- c:\windows\system32\OpenCL.dll
2015-03-13 19:41 . 2014-11-11 13:42 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-03-13 19:41 . 2014-11-11 13:39 18580512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-03-13 19:41 . 2014-11-11 13:39 3303448 ----a-w- c:\windows\system32\nvapi64.dll
2015-03-13 19:41 . 2014-11-11 13:39 14121624 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-03-13 16:16 . 2014-11-11 13:43 6861968 ----a-w- c:\windows\system32\nvcpl.dll
2015-03-13 16:16 . 2014-11-11 13:43 3526856 ----a-w- c:\windows\system32\nvsvc64.dll
2015-03-13 16:16 . 2014-11-11 13:43 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-03-13 16:16 . 2014-11-11 13:43 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-03-13 16:16 . 2014-11-11 13:43 386248 ----a-w- c:\windows\system32\nvmctray.dll
2015-03-13 16:16 . 2014-11-11 13:43 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2015-03-11 16:18 . 2011-04-14 20:47 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-11 13:10 . 2014-11-11 13:43 4246327 ----a-w- c:\windows\system32\nvcoproc.bin
2015-03-06 05:42 . 2015-03-11 16:11 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-11 16:11 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-13 17:44 . 2015-02-13 17:44 320424 ----a-w- c:\windows\system32\javaws.exe
2015-02-13 17:44 . 2015-02-13 17:44 189352 ----a-w- c:\windows\system32\javaw.exe
2015-02-13 17:44 . 2015-02-13 17:44 189352 ----a-w- c:\windows\system32\java.exe
2015-02-13 17:44 . 2015-02-13 17:44 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-13 08:42 . 2015-02-12 21:40 2232 ----a-w- c:\windows\system32\ASOROSet.bin
2015-02-05 21:01 . 2015-02-12 21:32 30536 ----a-w- c:\windows\system32\nvhdap64.dll
2015-02-05 21:01 . 2015-02-12 21:32 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-02-05 21:01 . 2015-02-12 21:32 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-12 21:32 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2014-11-11 13:39 18575880 ----a-w- c:\windows\system32\SET733C.tmp
2015-02-05 21:01 . 2014-11-11 13:39 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-02-05 21:01 . 2014-11-11 13:39 3299512 ----a-w- c:\windows\system32\SET6175.tmp
2015-02-04 03:16 . 2015-02-11 13:15 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 13:15 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 13:15 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 13:15 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 13:15 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 13:15 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 13:15 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 13:15 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-09 03:14 . 2015-02-11 13:15 91136 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 13:15 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-11 13:15 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-11 13:15 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-01-02 18:39 . 2015-01-02 18:20 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2015-01-02 18:20 . 2015-01-02 18:20 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 FldSafe;FldSafe;c:\windows\system32\DRIVERS\FldSafe.sys;c:\windows\SYSNATIVE\DRIVERS\FldSafe.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NSx64\1601000.009\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [x]
S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NSx64\1601000.009\SYMNETS.SYS [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe;c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-23 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 07:48]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://carina.cd.cz/dwa85W.cab
FF - ProfilePath - c:\users\Administrátor\AppData\Roaming\Mozilla\Firefox\Profiles\aoprsa0j.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-AviraSpeedup - c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NS]
"ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.1.0.9\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.1.0.9;c:\program files (x86)\Norton Security\Engine64\22.1.0.9"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz]
@DACL=(02 0000)
.
Celkový čas: 2015-03-29 20:57:32
ComboFix-quarantined-files.txt 2015-03-29 18:57
.
Před spuštěním: Volných bajtů: 1 078 837 706 752
Po spuštění: Volných bajtů: 1 078 671 491 072
.
- - End Of File - - 677484EC830F9D114DFAF50D37DCE998
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 15-03-29.01 - Administrátor 29.03.2015 20:38:08.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6083 [GMT 2:00]
Spuštěný z: c:\users\Administrßtor\Downloads\ComboFix.exe
AV: Norton Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\~WRL1324.tmp
c:\windows\msdownld.tmp
c:\windows\SysWow64\SET62BC.tmp
c:\windows\SysWow64\SET67CF.tmp
c:\windows\SysWow64\SET72FD.tmp
c:\windows\SysWow64\SET7CE5.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-28 do 2015-03-29 )))))))))))))))))))))))))))))))
.
.
2015-03-29 18:55 . 2015-03-29 18:55 -------- d-----w- c:\users\TATA\AppData\Local\temp
2015-03-29 18:16 . 2015-03-29 18:17 -------- d-----w- C:\rsit
2015-03-29 18:16 . 2015-03-29 18:16 -------- d-----w- c:\program files\trend micro
2015-03-29 17:48 . 2015-03-13 15:38 622224 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-03-29 17:47 . 2015-03-29 17:47 -------- d-----w- c:\windows\LastGood
2015-03-29 17:45 . 2015-03-13 19:41 3611792 ----a-w- c:\windows\system32\nvcuvid.dll
2015-03-29 17:45 . 2015-03-13 19:41 3249352 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-03-29 17:45 . 2015-03-13 19:41 13210080 ----a-w- c:\windows\system32\nvcuda.dll
2015-03-29 17:45 . 2015-03-13 19:41 10715864 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-03-29 17:45 . 2015-03-13 19:41 2906928 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-03-29 17:45 . 2015-03-13 19:41 25460880 ----a-w- c:\windows\system32\nvcompiler.dll
2015-03-29 17:45 . 2015-03-13 19:41 20466376 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-03-27 20:36 . 2015-03-27 20:36 455328 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp120.dll
2015-03-27 20:36 . 2015-03-27 20:36 3466856 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_47.dll
2015-03-27 20:36 . 2015-03-27 20:36 169584 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-03-27 20:36 . 2015-03-27 20:36 970912 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr120.dll
2015-03-22 15:05 . 2015-03-22 15:05 -------- d-----w- c:\programdata\WarThunder
2015-03-19 16:39 . 2015-03-27 20:04 -------- d-----w- c:\users\Petr\AppData\Local\WarThunder
2015-03-17 12:48 . 2015-02-20 02:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 17:09 . 2015-03-11 17:09 -------- d-----w- c:\users\Administrátor\AppData\Local\NPE
2015-03-11 17:04 . 2015-03-16 15:03 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-11 17:04 . 2015-03-16 15:03 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-11 17:03 . 2015-03-11 17:03 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2015-03-11 16:13 . 2015-02-03 03:34 5554104 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-11 16:13 . 2015-02-03 03:12 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-03-11 16:11 . 2015-03-06 05:56 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-11 16:09 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-03-11 16:08 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-03-11 16:08 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 16:08 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-11 15:35 . 2015-03-29 17:14 -------- d-----w- C:\AdwCleaner
2015-03-11 15:35 . 2015-03-11 15:35 102616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-11 15:35 . 2015-03-11 15:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2015-03-11 15:34 . 2015-03-13 11:29 -------- d-----w- c:\windows\system32\drivers\NSx64
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Norton Security
2015-03-11 15:34 . 2015-03-11 15:35 -------- d-----w- c:\programdata\Norton
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\NortonInstaller
2015-03-10 20:25 . 2015-03-10 20:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-03-10 20:09 . 2015-03-16 19:23 -------- d-----w- c:\users\Petr\AppData\Roaming\TS3Client
2015-03-10 20:09 . 2015-03-10 20:09 -------- d-----w- c:\users\Petr\AppData\Local\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-13 19:41 . 2014-11-11 13:42 73872 ----a-w- c:\windows\system32\OpenCL.dll
2015-03-13 19:41 . 2014-11-11 13:42 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-03-13 19:41 . 2014-11-11 13:39 18580512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-03-13 19:41 . 2014-11-11 13:39 3303448 ----a-w- c:\windows\system32\nvapi64.dll
2015-03-13 19:41 . 2014-11-11 13:39 14121624 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-03-13 16:16 . 2014-11-11 13:43 6861968 ----a-w- c:\windows\system32\nvcpl.dll
2015-03-13 16:16 . 2014-11-11 13:43 3526856 ----a-w- c:\windows\system32\nvsvc64.dll
2015-03-13 16:16 . 2014-11-11 13:43 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-03-13 16:16 . 2014-11-11 13:43 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-03-13 16:16 . 2014-11-11 13:43 386248 ----a-w- c:\windows\system32\nvmctray.dll
2015-03-13 16:16 . 2014-11-11 13:43 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2015-03-11 16:18 . 2011-04-14 20:47 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-11 13:10 . 2014-11-11 13:43 4246327 ----a-w- c:\windows\system32\nvcoproc.bin
2015-03-06 05:42 . 2015-03-11 16:11 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-11 16:11 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-13 17:44 . 2015-02-13 17:44 320424 ----a-w- c:\windows\system32\javaws.exe
2015-02-13 17:44 . 2015-02-13 17:44 189352 ----a-w- c:\windows\system32\javaw.exe
2015-02-13 17:44 . 2015-02-13 17:44 189352 ----a-w- c:\windows\system32\java.exe
2015-02-13 17:44 . 2015-02-13 17:44 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-13 08:42 . 2015-02-12 21:40 2232 ----a-w- c:\windows\system32\ASOROSet.bin
2015-02-05 21:01 . 2015-02-12 21:32 30536 ----a-w- c:\windows\system32\nvhdap64.dll
2015-02-05 21:01 . 2015-02-12 21:32 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-02-05 21:01 . 2015-02-12 21:32 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-12 21:32 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2014-11-11 13:39 18575880 ----a-w- c:\windows\system32\SET733C.tmp
2015-02-05 21:01 . 2014-11-11 13:39 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-02-05 21:01 . 2014-11-11 13:39 3299512 ----a-w- c:\windows\system32\SET6175.tmp
2015-02-04 03:16 . 2015-02-11 13:15 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 13:15 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 13:15 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 13:15 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 13:15 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 13:15 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 13:15 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 13:15 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-09 03:14 . 2015-02-11 13:15 91136 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 13:15 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-11 13:15 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-11 13:15 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-01-02 18:39 . 2015-01-02 18:20 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2015-01-02 18:20 . 2015-01-02 18:20 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 FldSafe;FldSafe;c:\windows\system32\DRIVERS\FldSafe.sys;c:\windows\SYSNATIVE\DRIVERS\FldSafe.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NSx64\1601000.009\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [x]
S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NSx64\1601000.009\SYMNETS.SYS [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe;c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-23 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 07:48]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://carina.cd.cz/dwa85W.cab
FF - ProfilePath - c:\users\Administrátor\AppData\Roaming\Mozilla\Firefox\Profiles\aoprsa0j.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-AviraSpeedup - c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NS]
"ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.1.0.9\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.1.0.9;c:\program files (x86)\Norton Security\Engine64\22.1.0.9"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz]
@DACL=(02 0000)
.
Celkový čas: 2015-03-29 20:57:32
ComboFix-quarantined-files.txt 2015-03-29 18:57
.
Před spuštěním: Volných bajtů: 1 078 837 706 752
Po spuštění: Volných bajtů: 1 078 671 491 072
.
- - End Of File - - 677484EC830F9D114DFAF50D37DCE998
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Možné zašifrování dat
Dočistíme. Přesunte ComboFix na kořenový adresář c:\. Otevřte poznámkový blok a zkopírujte do něj:
Uložte rovněž na kořenový adresář c:\ jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\system32\SET733C.tmp
c:\windows\system32\SET6175.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Možné zašifrování dat
Nový log:
ComboFix 15-03-29.01 - Administrátor 29.03.2015 21:56:22.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.5642 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Norton Security *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\SET6175.tmp"
"c:\windows\system32\SET733C.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-28 do 2015-03-29 )))))))))))))))))))))))))))))))
.
.
2015-03-29 20:02 . 2015-03-29 20:02 -------- d-----w- c:\users\TATA\AppData\Local\temp
2015-03-29 20:02 . 2015-03-29 20:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-29 20:02 . 2015-03-29 20:02 -------- d-----w- c:\users\Petr\AppData\Local\temp
2015-03-29 18:16 . 2015-03-29 18:17 -------- d-----w- C:\rsit
2015-03-29 18:16 . 2015-03-29 18:16 -------- d-----w- c:\program files\trend micro
2015-03-29 17:48 . 2015-03-13 15:38 622224 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-03-29 17:45 . 2015-03-13 19:41 3611792 ----a-w- c:\windows\system32\nvcuvid.dll
2015-03-29 17:45 . 2015-03-13 19:41 3249352 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-03-29 17:45 . 2015-03-13 19:41 13210080 ----a-w- c:\windows\system32\nvcuda.dll
2015-03-29 17:45 . 2015-03-13 19:41 10715864 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-03-29 17:45 . 2015-03-13 19:41 2906928 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-03-29 17:45 . 2015-03-13 19:41 25460880 ----a-w- c:\windows\system32\nvcompiler.dll
2015-03-29 17:45 . 2015-03-13 19:41 20466376 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-03-27 20:36 . 2015-03-27 20:36 455328 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp120.dll
2015-03-27 20:36 . 2015-03-27 20:36 3466856 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_47.dll
2015-03-27 20:36 . 2015-03-27 20:36 169584 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-03-27 20:36 . 2015-03-27 20:36 970912 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr120.dll
2015-03-22 15:05 . 2015-03-22 15:05 -------- d-----w- c:\programdata\WarThunder
2015-03-19 16:39 . 2015-03-27 20:04 -------- d-----w- c:\users\Petr\AppData\Local\WarThunder
2015-03-17 12:48 . 2015-02-20 02:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 17:09 . 2015-03-11 17:09 -------- d-----w- c:\users\Administrátor\AppData\Local\NPE
2015-03-11 17:04 . 2015-03-16 15:03 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-11 17:04 . 2015-03-16 15:03 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-11 17:03 . 2015-03-11 17:03 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2015-03-11 16:13 . 2015-02-03 03:34 5554104 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-11 16:13 . 2015-02-03 03:12 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-03-11 16:11 . 2015-03-06 05:56 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-11 16:09 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-03-11 16:08 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-03-11 16:08 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 16:08 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-11 15:35 . 2015-03-29 17:14 -------- d-----w- C:\AdwCleaner
2015-03-11 15:35 . 2015-03-11 15:35 102616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-11 15:35 . 2015-03-11 15:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2015-03-11 15:34 . 2015-03-13 11:29 -------- d-----w- c:\windows\system32\drivers\NSx64
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Norton Security
2015-03-11 15:34 . 2015-03-11 15:35 -------- d-----w- c:\programdata\Norton
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\NortonInstaller
2015-03-10 20:25 . 2015-03-10 20:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-03-10 20:09 . 2015-03-16 19:23 -------- d-----w- c:\users\Petr\AppData\Roaming\TS3Client
2015-03-10 20:09 . 2015-03-10 20:09 -------- d-----w- c:\users\Petr\AppData\Local\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-13 19:41 . 2014-11-11 13:42 73872 ----a-w- c:\windows\system32\OpenCL.dll
2015-03-13 19:41 . 2014-11-11 13:42 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-03-13 19:41 . 2014-11-11 13:39 18580512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-03-13 19:41 . 2014-11-11 13:39 3303448 ----a-w- c:\windows\system32\nvapi64.dll
2015-03-13 19:41 . 2014-11-11 13:39 14121624 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-03-13 16:16 . 2014-11-11 13:43 6861968 ----a-w- c:\windows\system32\nvcpl.dll
2015-03-13 16:16 . 2014-11-11 13:43 3526856 ----a-w- c:\windows\system32\nvsvc64.dll
2015-03-13 16:16 . 2014-11-11 13:43 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-03-13 16:16 . 2014-11-11 13:43 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-03-13 16:16 . 2014-11-11 13:43 386248 ----a-w- c:\windows\system32\nvmctray.dll
2015-03-13 16:16 . 2014-11-11 13:43 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2015-03-11 16:18 . 2011-04-14 20:47 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-11 13:10 . 2014-11-11 13:43 4246327 ----a-w- c:\windows\system32\nvcoproc.bin
2015-03-06 05:42 . 2015-03-11 16:11 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-11 16:11 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-13 17:44 . 2015-02-13 17:44 320424 ----a-w- c:\windows\system32\javaws.exe
2015-02-13 17:44 . 2015-02-13 17:44 189352 ----a-w- c:\windows\system32\javaw.exe
2015-02-13 17:44 . 2015-02-13 17:44 189352 ----a-w- c:\windows\system32\java.exe
2015-02-13 17:44 . 2015-02-13 17:44 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-13 08:42 . 2015-02-12 21:40 2232 ----a-w- c:\windows\system32\ASOROSet.bin
2015-02-05 21:01 . 2015-02-12 21:32 30536 ----a-w- c:\windows\system32\nvhdap64.dll
2015-02-05 21:01 . 2015-02-12 21:32 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-02-05 21:01 . 2015-02-12 21:32 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-12 21:32 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2014-11-11 13:39 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-02-04 03:16 . 2015-02-11 13:15 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 13:15 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 13:15 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 13:15 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 13:15 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 13:15 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 13:15 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 13:15 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-09 03:14 . 2015-02-11 13:15 91136 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 13:15 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-11 13:15 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-11 13:15 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-01-02 18:39 . 2015-01-02 18:20 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2015-01-02 18:20 . 2015-01-02 18:20 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 FldSafe;FldSafe;c:\windows\system32\DRIVERS\FldSafe.sys;c:\windows\SYSNATIVE\DRIVERS\FldSafe.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NSx64\1601000.009\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [x]
S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NSx64\1601000.009\SYMNETS.SYS [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe;c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-23 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 07:48]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://carina.cd.cz/dwa85W.cab
FF - ProfilePath - c:\users\Administrátor\AppData\Roaming\Mozilla\Firefox\Profiles\aoprsa0j.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NS]
"ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.1.0.9\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.1.0.9;c:\program files (x86)\Norton Security\Engine64\22.1.0.9"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz]
@DACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-03-29 22:13:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-29 20:13
ComboFix2.txt 2015-03-29 18:57
.
Před spuštěním: Volných bajtů: 1 064 220 635 136
Po spuštění: Volných bajtů: 1 064 357 974 016
.
- - End Of File - - 6ADF3BA9335442887A3FDA5685E225E8
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 15-03-29.01 - Administrátor 29.03.2015 21:56:22.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.5642 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Norton Security *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\SET6175.tmp"
"c:\windows\system32\SET733C.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-28 do 2015-03-29 )))))))))))))))))))))))))))))))
.
.
2015-03-29 20:02 . 2015-03-29 20:02 -------- d-----w- c:\users\TATA\AppData\Local\temp
2015-03-29 20:02 . 2015-03-29 20:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-29 20:02 . 2015-03-29 20:02 -------- d-----w- c:\users\Petr\AppData\Local\temp
2015-03-29 18:16 . 2015-03-29 18:17 -------- d-----w- C:\rsit
2015-03-29 18:16 . 2015-03-29 18:16 -------- d-----w- c:\program files\trend micro
2015-03-29 17:48 . 2015-03-13 15:38 622224 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-03-29 17:45 . 2015-03-13 19:41 3611792 ----a-w- c:\windows\system32\nvcuvid.dll
2015-03-29 17:45 . 2015-03-13 19:41 3249352 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-03-29 17:45 . 2015-03-13 19:41 13210080 ----a-w- c:\windows\system32\nvcuda.dll
2015-03-29 17:45 . 2015-03-13 19:41 10715864 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-03-29 17:45 . 2015-03-13 19:41 2906928 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-03-29 17:45 . 2015-03-13 19:41 25460880 ----a-w- c:\windows\system32\nvcompiler.dll
2015-03-29 17:45 . 2015-03-13 19:41 20466376 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-03-27 20:36 . 2015-03-27 20:36 455328 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp120.dll
2015-03-27 20:36 . 2015-03-27 20:36 3466856 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_47.dll
2015-03-27 20:36 . 2015-03-27 20:36 169584 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-03-27 20:36 . 2015-03-27 20:36 970912 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr120.dll
2015-03-22 15:05 . 2015-03-22 15:05 -------- d-----w- c:\programdata\WarThunder
2015-03-19 16:39 . 2015-03-27 20:04 -------- d-----w- c:\users\Petr\AppData\Local\WarThunder
2015-03-17 12:48 . 2015-02-20 02:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 17:09 . 2015-03-11 17:09 -------- d-----w- c:\users\Administrátor\AppData\Local\NPE
2015-03-11 17:04 . 2015-03-16 15:03 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-11 17:04 . 2015-03-16 15:03 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-11 17:03 . 2015-03-11 17:03 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2015-03-11 16:13 . 2015-02-03 03:34 5554104 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-11 16:13 . 2015-02-03 03:12 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-03-11 16:11 . 2015-03-06 05:56 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-11 16:09 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-03-11 16:08 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-03-11 16:08 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 16:08 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-11 15:35 . 2015-03-29 17:14 -------- d-----w- C:\AdwCleaner
2015-03-11 15:35 . 2015-03-11 15:35 102616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-11 15:35 . 2015-03-11 15:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2015-03-11 15:34 . 2015-03-13 11:29 -------- d-----w- c:\windows\system32\drivers\NSx64
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Norton Security
2015-03-11 15:34 . 2015-03-11 15:35 -------- d-----w- c:\programdata\Norton
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\NortonInstaller
2015-03-10 20:25 . 2015-03-10 20:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-03-10 20:09 . 2015-03-16 19:23 -------- d-----w- c:\users\Petr\AppData\Roaming\TS3Client
2015-03-10 20:09 . 2015-03-10 20:09 -------- d-----w- c:\users\Petr\AppData\Local\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-13 19:41 . 2014-11-11 13:42 73872 ----a-w- c:\windows\system32\OpenCL.dll
2015-03-13 19:41 . 2014-11-11 13:42 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-03-13 19:41 . 2014-11-11 13:39 18580512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-03-13 19:41 . 2014-11-11 13:39 3303448 ----a-w- c:\windows\system32\nvapi64.dll
2015-03-13 19:41 . 2014-11-11 13:39 14121624 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-03-13 16:16 . 2014-11-11 13:43 6861968 ----a-w- c:\windows\system32\nvcpl.dll
2015-03-13 16:16 . 2014-11-11 13:43 3526856 ----a-w- c:\windows\system32\nvsvc64.dll
2015-03-13 16:16 . 2014-11-11 13:43 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-03-13 16:16 . 2014-11-11 13:43 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-03-13 16:16 . 2014-11-11 13:43 386248 ----a-w- c:\windows\system32\nvmctray.dll
2015-03-13 16:16 . 2014-11-11 13:43 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2015-03-11 16:18 . 2011-04-14 20:47 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-11 13:10 . 2014-11-11 13:43 4246327 ----a-w- c:\windows\system32\nvcoproc.bin
2015-03-06 05:42 . 2015-03-11 16:11 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-11 16:11 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-13 17:44 . 2015-02-13 17:44 320424 ----a-w- c:\windows\system32\javaws.exe
2015-02-13 17:44 . 2015-02-13 17:44 189352 ----a-w- c:\windows\system32\javaw.exe
2015-02-13 17:44 . 2015-02-13 17:44 189352 ----a-w- c:\windows\system32\java.exe
2015-02-13 17:44 . 2015-02-13 17:44 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-13 08:42 . 2015-02-12 21:40 2232 ----a-w- c:\windows\system32\ASOROSet.bin
2015-02-05 21:01 . 2015-02-12 21:32 30536 ----a-w- c:\windows\system32\nvhdap64.dll
2015-02-05 21:01 . 2015-02-12 21:32 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-02-05 21:01 . 2015-02-12 21:32 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-12 21:32 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2014-11-11 13:39 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-02-04 03:16 . 2015-02-11 13:15 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 13:15 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 13:15 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 13:15 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 13:15 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 13:15 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 13:15 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 13:15 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-09 03:14 . 2015-02-11 13:15 91136 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 13:15 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-11 13:15 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-11 13:15 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-01-02 18:39 . 2015-01-02 18:20 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2015-01-02 18:20 . 2015-01-02 18:20 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 FldSafe;FldSafe;c:\windows\system32\DRIVERS\FldSafe.sys;c:\windows\SYSNATIVE\DRIVERS\FldSafe.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NSx64\1601000.009\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [x]
S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1601000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NSx64\1601000.009\SYMNETS.SYS [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe;c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-23 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 07:48]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 15:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://carina.cd.cz/dwa85W.cab
FF - ProfilePath - c:\users\Administrátor\AppData\Roaming\Mozilla\Firefox\Profiles\aoprsa0j.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NS]
"ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.1.0.9\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.1.0.9\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.1.0.9;c:\program files (x86)\Norton Security\Engine64\22.1.0.9"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz]
@DACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-03-29 22:13:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-29 20:13
ComboFix2.txt 2015-03-29 18:57
.
Před spuštěním: Volných bajtů: 1 064 220 635 136
Po spuštění: Volných bajtů: 1 064 357 974 016
.
- - End Of File - - 6ADF3BA9335442887A3FDA5685E225E8
A36C5E4F47E84449FF07ED3517B43A31
Re: Možné zašifrování dat
Nový log z RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrátor at 2015-03-29 22:17:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1015 GB (53%) free of 1908 GB
Total RAM: 8175 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:18:03, on 29.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Administrátor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - http://assets.photobox.com/assets/v/ra3 ... _0fSS8.cab
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - https://carina.cd.cz/dwa85W.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - https://carina.cd.cz/dwa7W.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6149 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /s "NS" /m "C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b58d72f4-5579-456b-8212-6a6ca03df70d 1
\??\C:\Windows\system32\conhost.exe "-100227608734487177-1355235862-1755842909-12134906545194960711212612074116408725
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /c /a /s UserSession
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "115435277219489745522101671880-1155398520-10580110932063087100-431942402034626297
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
taskeng.exe {94C76F25-37D9-4331-AF09-D00E04C3BB9A}
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Users\Administrátor\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Acrobat Update Task.job - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
=========Mozilla firefox=========
ProfilePath - C:\Users\Administrátor\AppData\Roaming\Mozilla\Firefox\Profiles\aoprsa0j.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.75.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.75.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-13 553896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-13 211880]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-09 13672152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*WerKernelReporting]
C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=60
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2015-03-29 22:13:47 ----D---- C:\Windows\temp
2015-03-29 22:13:43 ----A---- C:\ComboFix.txt
2015-03-29 22:09:06 ----D---- C:\$RECYCLE.BIN
2015-03-29 22:06:17 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-03-29 21:54:21 ----D---- C:\ComboFix
2015-03-29 20:36:29 ----A---- C:\Windows\zip.exe
2015-03-29 20:36:29 ----A---- C:\Windows\SWSC.exe
2015-03-29 20:36:29 ----A---- C:\Windows\SWREG.exe
2015-03-29 20:36:29 ----A---- C:\Windows\sed.exe
2015-03-29 20:36:29 ----A---- C:\Windows\PEV.exe
2015-03-29 20:36:29 ----A---- C:\Windows\NIRCMD.exe
2015-03-29 20:36:29 ----A---- C:\Windows\MBR.exe
2015-03-29 20:36:29 ----A---- C:\Windows\grep.exe
2015-03-29 20:36:20 ----D---- C:\Qoobox
2015-03-29 20:36:08 ----D---- C:\Windows\erdnt
2015-03-29 20:35:47 ----R---- C:\ComboFix.exe
2015-03-29 20:16:53 ----D---- C:\rsit
2015-03-29 20:16:53 ----D---- C:\Program Files\trend micro
2015-03-29 19:48:49 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-03-29 19:46:02 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglv64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvinitx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\NvIFR64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-03-29 19:46:00 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\NvFBC64.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispgenco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuda.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-03-29 19:45:55 ----A---- C:\Windows\system32\nvcompiler.dll
2015-03-22 17:05:22 ----D---- C:\ProgramData\WarThunder
2015-03-17 14:48:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-16 16:31:34 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wextract.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\url.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshta.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\inseng.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\icardie.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\elshyph.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\wextract.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\webcheck.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\vbscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\url.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\pngfilt.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\occache.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmled.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtml.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshta.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\msfeeds.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\licmgr10.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\jscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\inseng.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\imgutil.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iexpress.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieUnatt.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iesetup.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iernonce.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iepeers.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iedkcs32.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dat
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ie4uinit.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\icardie.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtrans.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtmsft.dll
2015-03-11 19:04:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-03-11 18:13:00 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-03-11 18:13:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12:59 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-03-11 18:12:57 ----A---- C:\Windows\system32\crypt32.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\wmp.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\mf.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-03-11 18:12:55 ----A---- C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12:54 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-03-11 18:12:54 ----A---- C:\Windows\system32\quartz.dll
2015-03-11 18:12:53 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\winload.exe
2015-03-11 18:12:51 ----A---- C:\Windows\system32\msscp.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptnet.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\audiosrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srcore.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\smss.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rstrui.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\qdvd.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcawrk.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcasvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcalua.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcadm.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msmmsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\EncDump.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\appid.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\csrsrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\blackbox.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\audiodg.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidapi.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\system32\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\pcaevts.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\apisetschema.dll
2015-03-11 18:12:03 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspisrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsass.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsasrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\cng.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\adtschema.dll
2015-03-11 18:11:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-03-11 18:11:30 ----A---- C:\Windows\system32\shell32.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpudd.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpcorets.dll
2015-03-11 18:11:27 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-03-11 18:11:27 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:11:10 ----D---- C:\ProgramData\Malwarebytes
2015-03-11 18:11:10 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-03-11 18:09:34 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-03-11 18:09:34 ----A---- C:\Windows\system32\ubpm.dll
2015-03-11 18:09:01 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-03-11 18:09:01 ----A---- C:\Windows\system32\msctf.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmfd.dll
2015-03-11 18:08:59 ----A---- C:\Windows\system32\win32k.sys
2015-03-11 18:08:39 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-03-11 18:08:39 ----A---- C:\Windows\system32\WMPhoto.dll
2015-03-11 17:35:41 ----D---- C:\AdwCleaner
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files\Symantec Shared
2015-03-11 17:35:06 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-11 17:34:20 ----D---- C:\Windows\system32\drivers\NSx64
2015-03-11 17:34:20 ----D---- C:\Program Files (x86)\Norton Security
2015-03-11 17:34:19 ----D---- C:\ProgramData\Norton
2015-03-11 17:34:04 ----D---- C:\ProgramData\NortonInstaller
2015-03-11 17:34:04 ----D---- C:\Program Files (x86)\NortonInstaller
2015-03-11 17:09:42 ----D---- C:\Config.Msi
2015-03-10 22:25:44 ----D---- C:\Program Files\TeamSpeak 3 Client
======List of files/folders modified in the last 1 month======
2015-03-29 22:17:03 ----D---- C:\Windows\inf
2015-03-29 22:14:12 ----D---- C:\Windows\system32\drivers
2015-03-29 22:14:08 ----D---- C:\Windows\System32
2015-03-29 22:14:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-29 22:13:47 ----D---- C:\Windows
2015-03-29 22:10:38 ----A---- C:\Windows\SYSWOW64\log.txt
2015-03-29 22:09:10 ----A---- C:\Windows\system.ini
2015-03-29 22:09:01 ----D---- C:\Windows\system32\drivers\etc
2015-03-29 22:06:39 ----D---- C:\Windows\system32\config
2015-03-29 22:06:32 ----D---- C:\ProgramData\NVIDIA
2015-03-29 22:06:02 ----SHD---- C:\System Volume Information
2015-03-29 21:59:48 ----D---- C:\Windows\SYSWOW64\drivers
2015-03-29 21:59:48 ----D---- C:\Windows\SysWOW64
2015-03-29 21:59:48 ----D---- C:\Windows\AppPatch
2015-03-29 21:59:47 ----D---- C:\Program Files (x86)\Common Files
2015-03-29 21:08:48 ----D---- C:\Windows\Panther
2015-03-29 21:08:48 ----D---- C:\Windows\Logs
2015-03-29 21:07:44 ----D---- C:\Windows\winsxs
2015-03-29 20:52:16 ----AD---- C:\ProgramData\TEMP
2015-03-29 20:36:12 ----D---- C:\Windows\Prefetch
2015-03-29 20:16:53 ----RD---- C:\Program Files
2015-03-29 19:49:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-03-29 19:48:47 ----D---- C:\Windows\system32\DriverStore
2015-03-29 19:47:06 ----D---- C:\Program Files\NVIDIA Corporation
2015-03-29 12:22:07 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-28 14:11:35 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-27 22:36:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-03-26 16:37:54 ----D---- C:\Windows\system32\catroot2
2015-03-22 17:05:22 ----D---- C:\ProgramData
2015-03-20 21:47:22 ----D---- C:\Windows\SYSWOW64\directx
2015-03-20 16:22:05 ----D---- C:\Windows\rescache
2015-03-18 22:21:36 ----RD---- C:\Program Files (x86)
2015-03-18 00:24:07 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-03-18 00:24:07 ----D---- C:\Windows\system32\cs-CZ
2015-03-16 16:36:18 ----D---- C:\Program Files\Internet Explorer
2015-03-16 16:36:14 ----D---- C:\Windows\SYSWOW64\migration
2015-03-16 16:36:13 ----D---- C:\Windows\SYSWOW64\en-US
2015-03-16 16:36:11 ----D---- C:\Windows\system32\migration
2015-03-16 16:36:11 ----D---- C:\Windows\PolicyDefinitions
2015-03-16 16:36:10 ----D---- C:\Windows\system32\en-US
2015-03-15 22:27:50 ----D---- C:\Windows\servicing
2015-03-15 22:02:34 ----D---- C:\Windows\debug
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvapi64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvcpl.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvshext.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvmctray.dll
2015-03-13 13:34:50 ----D---- C:\Windows\system32\Tasks
2015-03-11 19:13:11 ----D---- C:\Windows\SYSWOW64\Dism
2015-03-11 19:13:11 ----D---- C:\Windows\system32\Dism
2015-03-11 19:13:11 ----D---- C:\Program Files\Windows Media Player
2015-03-11 19:13:11 ----D---- C:\Program Files (x86)\Windows Media Player
2015-03-11 19:13:02 ----D---- C:\Windows\system32\Boot
2015-03-11 18:28:50 ----SHD---- C:\Windows\Installer
2015-03-11 18:28:45 ----D---- C:\ProgramData\Microsoft Help
2015-03-11 18:22:20 ----D---- C:\Windows\system32\MRT
2015-03-11 18:18:19 ----A---- C:\Windows\system32\MRT.exe
2015-03-11 18:12:31 ----D---- C:\Programy
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files
2015-03-11 17:27:23 ----D---- C:\Program Files (x86)\Steam
2015-03-11 17:10:04 ----DC---- C:\Windows\system32\DRVSTORE
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-02-06 564824]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NSx64\1601000.009\SYMDS64.SYS [2014-09-09 490712]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS [2014-09-09 1151704]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [2015-03-09 1622744]
R1 ccSet_NS;NS Settings Manager; C:\Windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys [2014-09-09 165080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-03-11 487216]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys [2015-03-27 671448]
R1 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2015-03-17 107736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NSx64\1601000.009\SRTSPX64.SYS [2014-09-09 42200]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS [2014-09-09 271576]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS [2014-09-09 565464]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2015-01-02 42696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-03-11 142640]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-14 3962840]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-03-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-03-29 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-03-17 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-12-08 64624]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\ENG64.SYS [2015-03-11 129752]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\EX64.SYS [2015-03-11 2137304]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-05 195728]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-01-20 888536]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NSx64\1601000.009\SRTSP64.SYS [2014-12-02 914648]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2015-03-11 102616]
S1 FldSafe;FldSafe; C:\Windows\system32\DRIVERS\FldSafe.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2015-01-02 310728]
S3 apaprcbq;apaprcbq; C:\Windows\system32\drivers\apaprcbq.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 gdrv;gdrv; C:\Windows\system32\drivers\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 Prot6Flt;Prot6Flt; C:\Windows\system32\DRIVERS\Prot6Flt.sys []
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 NS;Norton Security; C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [2014-12-10 282528]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-03-13 935056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-03-13 410768]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-16 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-14 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-27 148080]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-25 1903472]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrátor at 2015-03-29 22:17:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1015 GB (53%) free of 1908 GB
Total RAM: 8175 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:18:03, on 29.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Administrátor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - http://assets.photobox.com/assets/v/ra3 ... _0fSS8.cab
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - https://carina.cd.cz/dwa85W.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - https://carina.cd.cz/dwa7W.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6149 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /s "NS" /m "C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b58d72f4-5579-456b-8212-6a6ca03df70d 1
\??\C:\Windows\system32\conhost.exe "-100227608734487177-1355235862-1755842909-12134906545194960711212612074116408725
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /c /a /s UserSession
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "115435277219489745522101671880-1155398520-10580110932063087100-431942402034626297
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
taskeng.exe {94C76F25-37D9-4331-AF09-D00E04C3BB9A}
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Users\Administrátor\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Acrobat Update Task.job - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
=========Mozilla firefox=========
ProfilePath - C:\Users\Administrátor\AppData\Roaming\Mozilla\Firefox\Profiles\aoprsa0j.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.75.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.75.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-13 553896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-13 211880]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-09 13672152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*WerKernelReporting]
C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=60
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2015-03-29 22:13:47 ----D---- C:\Windows\temp
2015-03-29 22:13:43 ----A---- C:\ComboFix.txt
2015-03-29 22:09:06 ----D---- C:\$RECYCLE.BIN
2015-03-29 22:06:17 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-03-29 21:54:21 ----D---- C:\ComboFix
2015-03-29 20:36:29 ----A---- C:\Windows\zip.exe
2015-03-29 20:36:29 ----A---- C:\Windows\SWSC.exe
2015-03-29 20:36:29 ----A---- C:\Windows\SWREG.exe
2015-03-29 20:36:29 ----A---- C:\Windows\sed.exe
2015-03-29 20:36:29 ----A---- C:\Windows\PEV.exe
2015-03-29 20:36:29 ----A---- C:\Windows\NIRCMD.exe
2015-03-29 20:36:29 ----A---- C:\Windows\MBR.exe
2015-03-29 20:36:29 ----A---- C:\Windows\grep.exe
2015-03-29 20:36:20 ----D---- C:\Qoobox
2015-03-29 20:36:08 ----D---- C:\Windows\erdnt
2015-03-29 20:35:47 ----R---- C:\ComboFix.exe
2015-03-29 20:16:53 ----D---- C:\rsit
2015-03-29 20:16:53 ----D---- C:\Program Files\trend micro
2015-03-29 19:48:49 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-03-29 19:46:02 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglv64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvinitx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\NvIFR64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-03-29 19:46:00 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\NvFBC64.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispgenco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuda.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-03-29 19:45:55 ----A---- C:\Windows\system32\nvcompiler.dll
2015-03-22 17:05:22 ----D---- C:\ProgramData\WarThunder
2015-03-17 14:48:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-16 16:31:34 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wextract.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\url.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshta.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\inseng.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\icardie.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\elshyph.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\wextract.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\webcheck.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\vbscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\url.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\pngfilt.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\occache.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmled.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtml.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshta.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\msfeeds.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\licmgr10.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\jscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\inseng.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\imgutil.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iexpress.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieUnatt.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iesetup.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iernonce.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iepeers.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iedkcs32.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dat
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ie4uinit.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\icardie.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtrans.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtmsft.dll
2015-03-11 19:04:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-03-11 18:13:00 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-03-11 18:13:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12:59 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-03-11 18:12:57 ----A---- C:\Windows\system32\crypt32.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\wmp.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\mf.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-03-11 18:12:55 ----A---- C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12:54 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-03-11 18:12:54 ----A---- C:\Windows\system32\quartz.dll
2015-03-11 18:12:53 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\winload.exe
2015-03-11 18:12:51 ----A---- C:\Windows\system32\msscp.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptnet.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\audiosrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srcore.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\smss.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rstrui.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\qdvd.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcawrk.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcasvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcalua.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcadm.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msmmsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\EncDump.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\appid.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\csrsrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\blackbox.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\audiodg.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidapi.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\system32\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\pcaevts.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\apisetschema.dll
2015-03-11 18:12:03 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspisrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsass.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsasrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\cng.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\adtschema.dll
2015-03-11 18:11:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-03-11 18:11:30 ----A---- C:\Windows\system32\shell32.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpudd.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpcorets.dll
2015-03-11 18:11:27 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-03-11 18:11:27 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:11:10 ----D---- C:\ProgramData\Malwarebytes
2015-03-11 18:11:10 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-03-11 18:09:34 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-03-11 18:09:34 ----A---- C:\Windows\system32\ubpm.dll
2015-03-11 18:09:01 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-03-11 18:09:01 ----A---- C:\Windows\system32\msctf.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmfd.dll
2015-03-11 18:08:59 ----A---- C:\Windows\system32\win32k.sys
2015-03-11 18:08:39 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-03-11 18:08:39 ----A---- C:\Windows\system32\WMPhoto.dll
2015-03-11 17:35:41 ----D---- C:\AdwCleaner
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files\Symantec Shared
2015-03-11 17:35:06 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-11 17:34:20 ----D---- C:\Windows\system32\drivers\NSx64
2015-03-11 17:34:20 ----D---- C:\Program Files (x86)\Norton Security
2015-03-11 17:34:19 ----D---- C:\ProgramData\Norton
2015-03-11 17:34:04 ----D---- C:\ProgramData\NortonInstaller
2015-03-11 17:34:04 ----D---- C:\Program Files (x86)\NortonInstaller
2015-03-11 17:09:42 ----D---- C:\Config.Msi
2015-03-10 22:25:44 ----D---- C:\Program Files\TeamSpeak 3 Client
======List of files/folders modified in the last 1 month======
2015-03-29 22:17:03 ----D---- C:\Windows\inf
2015-03-29 22:14:12 ----D---- C:\Windows\system32\drivers
2015-03-29 22:14:08 ----D---- C:\Windows\System32
2015-03-29 22:14:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-29 22:13:47 ----D---- C:\Windows
2015-03-29 22:10:38 ----A---- C:\Windows\SYSWOW64\log.txt
2015-03-29 22:09:10 ----A---- C:\Windows\system.ini
2015-03-29 22:09:01 ----D---- C:\Windows\system32\drivers\etc
2015-03-29 22:06:39 ----D---- C:\Windows\system32\config
2015-03-29 22:06:32 ----D---- C:\ProgramData\NVIDIA
2015-03-29 22:06:02 ----SHD---- C:\System Volume Information
2015-03-29 21:59:48 ----D---- C:\Windows\SYSWOW64\drivers
2015-03-29 21:59:48 ----D---- C:\Windows\SysWOW64
2015-03-29 21:59:48 ----D---- C:\Windows\AppPatch
2015-03-29 21:59:47 ----D---- C:\Program Files (x86)\Common Files
2015-03-29 21:08:48 ----D---- C:\Windows\Panther
2015-03-29 21:08:48 ----D---- C:\Windows\Logs
2015-03-29 21:07:44 ----D---- C:\Windows\winsxs
2015-03-29 20:52:16 ----AD---- C:\ProgramData\TEMP
2015-03-29 20:36:12 ----D---- C:\Windows\Prefetch
2015-03-29 20:16:53 ----RD---- C:\Program Files
2015-03-29 19:49:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-03-29 19:48:47 ----D---- C:\Windows\system32\DriverStore
2015-03-29 19:47:06 ----D---- C:\Program Files\NVIDIA Corporation
2015-03-29 12:22:07 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-28 14:11:35 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-27 22:36:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-03-26 16:37:54 ----D---- C:\Windows\system32\catroot2
2015-03-22 17:05:22 ----D---- C:\ProgramData
2015-03-20 21:47:22 ----D---- C:\Windows\SYSWOW64\directx
2015-03-20 16:22:05 ----D---- C:\Windows\rescache
2015-03-18 22:21:36 ----RD---- C:\Program Files (x86)
2015-03-18 00:24:07 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-03-18 00:24:07 ----D---- C:\Windows\system32\cs-CZ
2015-03-16 16:36:18 ----D---- C:\Program Files\Internet Explorer
2015-03-16 16:36:14 ----D---- C:\Windows\SYSWOW64\migration
2015-03-16 16:36:13 ----D---- C:\Windows\SYSWOW64\en-US
2015-03-16 16:36:11 ----D---- C:\Windows\system32\migration
2015-03-16 16:36:11 ----D---- C:\Windows\PolicyDefinitions
2015-03-16 16:36:10 ----D---- C:\Windows\system32\en-US
2015-03-15 22:27:50 ----D---- C:\Windows\servicing
2015-03-15 22:02:34 ----D---- C:\Windows\debug
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvapi64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvcpl.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvshext.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvmctray.dll
2015-03-13 13:34:50 ----D---- C:\Windows\system32\Tasks
2015-03-11 19:13:11 ----D---- C:\Windows\SYSWOW64\Dism
2015-03-11 19:13:11 ----D---- C:\Windows\system32\Dism
2015-03-11 19:13:11 ----D---- C:\Program Files\Windows Media Player
2015-03-11 19:13:11 ----D---- C:\Program Files (x86)\Windows Media Player
2015-03-11 19:13:02 ----D---- C:\Windows\system32\Boot
2015-03-11 18:28:50 ----SHD---- C:\Windows\Installer
2015-03-11 18:28:45 ----D---- C:\ProgramData\Microsoft Help
2015-03-11 18:22:20 ----D---- C:\Windows\system32\MRT
2015-03-11 18:18:19 ----A---- C:\Windows\system32\MRT.exe
2015-03-11 18:12:31 ----D---- C:\Programy
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files
2015-03-11 17:27:23 ----D---- C:\Program Files (x86)\Steam
2015-03-11 17:10:04 ----DC---- C:\Windows\system32\DRVSTORE
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-02-06 564824]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NSx64\1601000.009\SYMDS64.SYS [2014-09-09 490712]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS [2014-09-09 1151704]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [2015-03-09 1622744]
R1 ccSet_NS;NS Settings Manager; C:\Windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys [2014-09-09 165080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-03-11 487216]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys [2015-03-27 671448]
R1 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2015-03-17 107736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NSx64\1601000.009\SRTSPX64.SYS [2014-09-09 42200]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS [2014-09-09 271576]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS [2014-09-09 565464]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2015-01-02 42696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-03-11 142640]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-14 3962840]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-03-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-03-29 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-03-17 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-12-08 64624]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\ENG64.SYS [2015-03-11 129752]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\EX64.SYS [2015-03-11 2137304]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-05 195728]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-01-20 888536]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NSx64\1601000.009\SRTSP64.SYS [2014-12-02 914648]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2015-03-11 102616]
S1 FldSafe;FldSafe; C:\Windows\system32\DRIVERS\FldSafe.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2015-01-02 310728]
S3 apaprcbq;apaprcbq; C:\Windows\system32\drivers\apaprcbq.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 gdrv;gdrv; C:\Windows\system32\drivers\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 Prot6Flt;Prot6Flt; C:\Windows\system32\DRIVERS\Prot6Flt.sys []
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 NS;Norton Security; C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [2014-12-10 282528]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-03-13 935056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-03-13 410768]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-16 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-14 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-27 148080]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-25 1903472]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Možné zašifrování dat
Vše smazáno. PC by měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Možné zašifrování dat
Děkuji. Ještě taková maličkost nenachází se v mém PC takové ty standartní nepotřebné zpomalovače typu google update, tollbar ?
Nový log
Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrátor at 2015-03-30 15:33:11
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1238 GB (65%) free of 1908 GB
Total RAM: 8175 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:33:17, on 30.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Administrátor.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - http://assets.photobox.com/assets/v/ra3 ... _0fSS8.cab
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - https://carina.cd.cz/dwa85W.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - https://carina.cd.cz/dwa7W.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6296 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /s "NS" /m "C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /c /a /s UserSession2
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3076 CREDAT:267521 /prefetch:2
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b58d72f4-5579-456b-8212-6a6ca03df70d 1
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "12712320521607889935-1891632849-371502212-1224251902-2135442847-1147571230-1348809621
\??\C:\Windows\system32\conhost.exe "11750961663850154961963814244-570562383925457742-327548251-1362503426942480090
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
taskeng.exe {7FB87059-CFEC-406F-9381-98831B519B7B}
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\wuauclt.exe"
taskhost.exe $(Arg0)
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1492778448-2556657456-2968204072-10023_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1492778448-2556657456-2968204072-10023 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Petr\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Acrobat Update Task.job - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
=========Mozilla firefox=========
ProfilePath - C:\Users\Administrátor\AppData\Roaming\Mozilla\Firefox\Profiles\aoprsa0j.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.75.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.75.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-13 553896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-13 211880]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-09 13672152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*WerKernelReporting]
C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=60
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2015-03-30 15:33:11 ----D---- C:\rsit
2015-03-30 06:40:28 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-03-29 22:37:41 ----SHD---- C:\$RECYCLE.BIN
2015-03-29 22:13:47 ----D---- C:\Windows\temp
2015-03-29 21:54:21 ----D---- C:\ComboFix
2015-03-29 20:36:29 ----A---- C:\Windows\zip.exe
2015-03-29 20:36:29 ----A---- C:\Windows\SWSC.exe
2015-03-29 20:36:29 ----A---- C:\Windows\SWREG.exe
2015-03-29 20:36:29 ----A---- C:\Windows\sed.exe
2015-03-29 20:36:29 ----A---- C:\Windows\PEV.exe
2015-03-29 20:36:29 ----A---- C:\Windows\NIRCMD.exe
2015-03-29 20:36:29 ----A---- C:\Windows\MBR.exe
2015-03-29 20:36:29 ----A---- C:\Windows\grep.exe
2015-03-29 20:36:20 ----D---- C:\Qoobox
2015-03-29 20:36:08 ----D---- C:\Windows\erdnt
2015-03-29 20:16:53 ----D---- C:\Program Files\trend micro
2015-03-29 19:48:49 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-03-29 19:46:02 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglv64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvinitx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\NvIFR64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-03-29 19:46:00 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\NvFBC64.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispgenco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuda.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-03-29 19:45:55 ----A---- C:\Windows\system32\nvcompiler.dll
2015-03-22 17:05:22 ----D---- C:\ProgramData\WarThunder
2015-03-17 14:48:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-16 16:31:34 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wextract.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\url.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshta.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\inseng.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\icardie.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\elshyph.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\wextract.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\webcheck.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\vbscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\url.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\pngfilt.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\occache.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmled.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtml.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshta.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\msfeeds.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\licmgr10.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\jscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\inseng.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\imgutil.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iexpress.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieUnatt.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iesetup.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iernonce.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iepeers.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iedkcs32.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dat
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ie4uinit.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\icardie.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtrans.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtmsft.dll
2015-03-11 19:04:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-03-11 18:13:00 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-03-11 18:13:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12:59 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-03-11 18:12:57 ----A---- C:\Windows\system32\crypt32.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\wmp.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\mf.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-03-11 18:12:55 ----A---- C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12:54 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-03-11 18:12:54 ----A---- C:\Windows\system32\quartz.dll
2015-03-11 18:12:53 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\winload.exe
2015-03-11 18:12:51 ----A---- C:\Windows\system32\msscp.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptnet.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\audiosrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srcore.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\smss.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rstrui.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\qdvd.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcawrk.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcasvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcalua.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcadm.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msmmsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\EncDump.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\appid.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\csrsrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\blackbox.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\audiodg.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidapi.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\system32\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\pcaevts.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\apisetschema.dll
2015-03-11 18:12:03 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspisrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsass.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsasrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\cng.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\adtschema.dll
2015-03-11 18:11:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-03-11 18:11:30 ----A---- C:\Windows\system32\shell32.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpudd.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpcorets.dll
2015-03-11 18:11:27 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-03-11 18:11:27 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:11:10 ----D---- C:\ProgramData\Malwarebytes
2015-03-11 18:11:10 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-03-11 18:09:34 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-03-11 18:09:34 ----A---- C:\Windows\system32\ubpm.dll
2015-03-11 18:09:01 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-03-11 18:09:01 ----A---- C:\Windows\system32\msctf.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmfd.dll
2015-03-11 18:08:59 ----A---- C:\Windows\system32\win32k.sys
2015-03-11 18:08:39 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-03-11 18:08:39 ----A---- C:\Windows\system32\WMPhoto.dll
2015-03-11 17:35:41 ----D---- C:\AdwCleaner
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files\Symantec Shared
2015-03-11 17:35:06 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-11 17:34:20 ----D---- C:\Windows\system32\drivers\NSx64
2015-03-11 17:34:20 ----D---- C:\Program Files (x86)\Norton Security
2015-03-11 17:34:19 ----D---- C:\ProgramData\Norton
2015-03-11 17:34:04 ----D---- C:\ProgramData\NortonInstaller
2015-03-11 17:34:04 ----D---- C:\Program Files (x86)\NortonInstaller
2015-03-10 22:25:44 ----D---- C:\Program Files\TeamSpeak 3 Client
======List of files/folders modified in the last 1 month======
2015-03-30 15:32:46 ----D---- C:\Windows\System32
2015-03-30 15:32:46 ----D---- C:\Windows\inf
2015-03-30 15:32:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-30 15:29:15 ----A---- C:\Windows\SYSWOW64\log.txt
2015-03-30 15:28:21 ----SHD---- C:\System Volume Information
2015-03-30 15:25:32 ----D---- C:\ProgramData\NVIDIA
2015-03-30 06:53:35 ----D---- C:\Windows\system32\config
2015-03-30 06:40:50 ----D---- C:\Windows
2015-03-29 23:59:04 ----D---- C:\Windows\winsxs
2015-03-29 23:39:51 ----SD---- C:\Users\Administrátor\AppData\Roaming\Microsoft
2015-03-29 22:23:01 ----SHD---- C:\Windows\Installer
2015-03-29 22:23:01 ----D---- C:\ProgramData\Skype
2015-03-29 22:22:59 ----RD---- C:\Program Files (x86)
2015-03-29 22:22:59 ----D---- C:\Program Files (x86)\Common Files
2015-03-29 22:22:21 ----D---- C:\Program Files (x86)\Google
2015-03-29 22:20:57 ----D---- C:\Program Files (x86)\Origin Games
2015-03-29 22:14:12 ----D---- C:\Windows\system32\drivers
2015-03-29 22:09:10 ----A---- C:\Windows\system.ini
2015-03-29 22:09:01 ----D---- C:\Windows\system32\drivers\etc
2015-03-29 21:59:48 ----D---- C:\Windows\SYSWOW64\drivers
2015-03-29 21:59:48 ----D---- C:\Windows\SysWOW64
2015-03-29 21:59:48 ----D---- C:\Windows\AppPatch
2015-03-29 21:08:48 ----D---- C:\Windows\Panther
2015-03-29 21:08:48 ----D---- C:\Windows\Logs
2015-03-29 20:52:16 ----AD---- C:\ProgramData\TEMP
2015-03-29 20:36:12 ----D---- C:\Windows\Prefetch
2015-03-29 20:16:53 ----RD---- C:\Program Files
2015-03-29 19:49:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-03-29 19:48:47 ----D---- C:\Windows\system32\DriverStore
2015-03-29 19:47:06 ----D---- C:\Program Files\NVIDIA Corporation
2015-03-29 12:22:07 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-28 14:11:35 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-27 22:36:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-03-26 16:37:54 ----D---- C:\Windows\system32\catroot2
2015-03-22 17:05:22 ----D---- C:\ProgramData
2015-03-20 21:47:22 ----D---- C:\Windows\SYSWOW64\directx
2015-03-20 16:22:05 ----D---- C:\Windows\rescache
2015-03-18 00:24:07 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-03-18 00:24:07 ----D---- C:\Windows\system32\cs-CZ
2015-03-16 16:36:18 ----D---- C:\Program Files\Internet Explorer
2015-03-16 16:36:14 ----D---- C:\Windows\SYSWOW64\migration
2015-03-16 16:36:13 ----D---- C:\Windows\SYSWOW64\en-US
2015-03-16 16:36:11 ----D---- C:\Windows\system32\migration
2015-03-16 16:36:11 ----D---- C:\Windows\PolicyDefinitions
2015-03-16 16:36:10 ----D---- C:\Windows\system32\en-US
2015-03-15 22:27:50 ----D---- C:\Windows\servicing
2015-03-15 22:02:34 ----D---- C:\Windows\debug
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvapi64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvcpl.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvshext.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvmctray.dll
2015-03-13 13:34:50 ----D---- C:\Windows\system32\Tasks
2015-03-11 19:13:11 ----D---- C:\Windows\SYSWOW64\Dism
2015-03-11 19:13:11 ----D---- C:\Windows\system32\Dism
2015-03-11 19:13:11 ----D---- C:\Program Files\Windows Media Player
2015-03-11 19:13:11 ----D---- C:\Program Files (x86)\Windows Media Player
2015-03-11 19:13:02 ----D---- C:\Windows\system32\Boot
2015-03-11 18:28:45 ----D---- C:\ProgramData\Microsoft Help
2015-03-11 18:22:20 ----D---- C:\Windows\system32\MRT
2015-03-11 18:18:19 ----A---- C:\Windows\system32\MRT.exe
2015-03-11 18:12:31 ----D---- C:\Programy
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files
2015-03-11 17:27:23 ----D---- C:\Program Files (x86)\Steam
2015-03-11 17:10:04 ----DC---- C:\Windows\system32\DRVSTORE
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-02-06 564824]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NSx64\1601000.009\SYMDS64.SYS [2014-09-09 490712]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS [2014-09-09 1151704]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [2015-03-09 1622744]
R1 ccSet_NS;NS Settings Manager; C:\Windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys [2014-09-09 165080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-03-11 487216]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys [2015-03-27 671448]
R1 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2015-03-17 107736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NSx64\1601000.009\SRTSPX64.SYS [2014-09-09 42200]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS [2014-09-09 271576]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS [2014-09-09 565464]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2015-01-02 42696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-03-11 142640]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-14 3962840]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-03-17 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-03-17 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-12-08 64624]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\ENG64.SYS [2015-03-11 129752]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\EX64.SYS [2015-03-11 2137304]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-05 195728]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-01-20 888536]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NSx64\1601000.009\SRTSP64.SYS [2014-12-02 914648]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2015-03-11 102616]
S1 FldSafe;FldSafe; C:\Windows\system32\DRIVERS\FldSafe.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2015-01-02 310728]
S3 afqmssoi;afqmssoi; C:\Windows\system32\drivers\afqmssoi.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 gdrv;gdrv; C:\Windows\system32\drivers\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-03-29 136408]
S3 Prot6Flt;Prot6Flt; C:\Windows\system32\DRIVERS\Prot6Flt.sys []
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 NS;Norton Security; C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [2014-12-10 282528]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-03-13 935056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-03-13 410768]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-16 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-14 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-27 148080]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-25 1903472]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
-----------------EOF-----------------
Nový log
Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrátor at 2015-03-30 15:33:11
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1238 GB (65%) free of 1908 GB
Total RAM: 8175 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:33:17, on 30.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Administrátor.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - http://assets.photobox.com/assets/v/ra3 ... _0fSS8.cab
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - https://carina.cd.cz/dwa85W.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - https://carina.cd.cz/dwa7W.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6296 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /s "NS" /m "C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe" /c /a /s UserSession2
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3076 CREDAT:267521 /prefetch:2
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b58d72f4-5579-456b-8212-6a6ca03df70d 1
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "12712320521607889935-1891632849-371502212-1224251902-2135442847-1147571230-1348809621
\??\C:\Windows\system32\conhost.exe "11750961663850154961963814244-570562383925457742-327548251-1362503426942480090
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
taskeng.exe {7FB87059-CFEC-406F-9381-98831B519B7B}
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\wuauclt.exe"
taskhost.exe $(Arg0)
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1492778448-2556657456-2968204072-10023_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1492778448-2556657456-2968204072-10023 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Petr\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Acrobat Update Task.job - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0408ca3c18acf.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042c2adf2cc5.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
=========Mozilla firefox=========
ProfilePath - C:\Users\Administrátor\AppData\Roaming\Mozilla\Firefox\Profiles\aoprsa0j.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.75.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.75.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-13 553896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-13 211880]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05 886584]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05 664888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-09 13672152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*WerKernelReporting]
C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=60
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2015-03-30 15:33:11 ----D---- C:\rsit
2015-03-30 06:40:28 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-03-29 22:37:41 ----SHD---- C:\$RECYCLE.BIN
2015-03-29 22:13:47 ----D---- C:\Windows\temp
2015-03-29 21:54:21 ----D---- C:\ComboFix
2015-03-29 20:36:29 ----A---- C:\Windows\zip.exe
2015-03-29 20:36:29 ----A---- C:\Windows\SWSC.exe
2015-03-29 20:36:29 ----A---- C:\Windows\SWREG.exe
2015-03-29 20:36:29 ----A---- C:\Windows\sed.exe
2015-03-29 20:36:29 ----A---- C:\Windows\PEV.exe
2015-03-29 20:36:29 ----A---- C:\Windows\NIRCMD.exe
2015-03-29 20:36:29 ----A---- C:\Windows\MBR.exe
2015-03-29 20:36:29 ----A---- C:\Windows\grep.exe
2015-03-29 20:36:20 ----D---- C:\Qoobox
2015-03-29 20:36:08 ----D---- C:\Windows\erdnt
2015-03-29 20:16:53 ----D---- C:\Program Files\trend micro
2015-03-29 19:48:49 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-03-29 19:46:02 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-03-29 19:46:02 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-03-29 19:46:01 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvopencl.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglv64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\nvinitx.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\NvIFR64.dll
2015-03-29 19:46:01 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-03-29 19:46:00 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\NvFBC64.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispgenco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvdispco6434788.dll
2015-03-29 19:46:00 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuvid.dll
2015-03-29 19:45:59 ----A---- C:\Windows\system32\nvcuda.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-03-29 19:45:55 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-03-29 19:45:55 ----A---- C:\Windows\system32\nvcompiler.dll
2015-03-22 17:05:22 ----D---- C:\ProgramData\WarThunder
2015-03-17 14:48:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-16 16:31:34 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\wextract.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\url.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\mshta.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\inseng.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\icardie.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-03-16 16:31:32 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\wininet.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\urlmon.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msrating.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msls31.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\mshtmler.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedssync.exe
2015-03-16 16:31:32 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsproxy.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jsIntl.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\jscript9.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieui.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iesysprep.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\iertutil.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\ieframe.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\IEAdvpack.dll
2015-03-16 16:31:32 ----A---- C:\Windows\system32\elshyph.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\wextract.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\webcheck.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\vbscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\url.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\pngfilt.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\occache.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtmled.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshtml.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\mshta.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\msfeeds.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\licmgr10.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\jscript.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\inseng.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\imgutil.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iexpress.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieUnatt.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iesetup.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iernonce.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iepeers.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\iedkcs32.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ieapfltr.dat
2015-03-16 16:31:31 ----A---- C:\Windows\system32\ie4uinit.exe
2015-03-16 16:31:31 ----A---- C:\Windows\system32\icardie.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtrans.dll
2015-03-16 16:31:31 ----A---- C:\Windows\system32\dxtmsft.dll
2015-03-11 19:04:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-03-11 18:13:00 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-03-11 18:13:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12:59 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-03-11 18:12:57 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-03-11 18:12:57 ----A---- C:\Windows\system32\crypt32.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\wmp.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\mf.dll
2015-03-11 18:12:56 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-03-11 18:12:55 ----A---- C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12:54 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-03-11 18:12:54 ----A---- C:\Windows\system32\quartz.dll
2015-03-11 18:12:53 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\winload.exe
2015-03-11 18:12:51 ----A---- C:\Windows\system32\msscp.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptui.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\cryptnet.dll
2015-03-11 18:12:51 ----A---- C:\Windows\system32\audiosrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\wintrust.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srcore.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\srclient.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\smss.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rstrui.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\qdvd.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcawrk.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcasvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcalua.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\pcadm.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msnetobj.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\msmmsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfps.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfpmp.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\mfplat.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\evr.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\EncDump.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\drivers\appid.sys
2015-03-11 18:12:50 ----A---- C:\Windows\system32\csrsrv.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\cryptsp.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\blackbox.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioSes.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\AudioEng.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\audiodg.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidsvc.dll
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:12:50 ----A---- C:\Windows\system32\appidapi.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\wmploc.DLL
2015-03-11 18:12:49 ----A---- C:\Windows\system32\spwmp.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\pcaevts.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\mferror.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\dxmasf.dll
2015-03-11 18:12:49 ----A---- C:\Windows\system32\apisetschema.dll
2015-03-11 18:12:03 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\wdigest.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\TSpkg.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspisrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\sspicli.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\schannel.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\secur32.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\ncrypt.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msv1_0.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msobjs.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\msaudite.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsass.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\lsasrv.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\kerberos.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\drivers\cng.sys
2015-03-11 18:11:49 ----A---- C:\Windows\system32\credssp.dll
2015-03-11 18:11:49 ----A---- C:\Windows\system32\auditpol.exe
2015-03-11 18:11:49 ----A---- C:\Windows\system32\adtschema.dll
2015-03-11 18:11:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-03-11 18:11:30 ----A---- C:\Windows\system32\shell32.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpudd.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 18:11:29 ----A---- C:\Windows\system32\rdpcorets.dll
2015-03-11 18:11:27 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-03-11 18:11:27 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:11:10 ----D---- C:\ProgramData\Malwarebytes
2015-03-11 18:11:10 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-03-11 18:11:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-03-11 18:09:34 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-03-11 18:09:34 ----A---- C:\Windows\system32\ubpm.dll
2015-03-11 18:09:01 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-03-11 18:09:01 ----A---- C:\Windows\system32\msctf.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\lpk.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\fontsub.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\dciman32.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmlib.dll
2015-03-11 18:09:00 ----A---- C:\Windows\system32\atmfd.dll
2015-03-11 18:08:59 ----A---- C:\Windows\system32\win32k.sys
2015-03-11 18:08:39 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-03-11 18:08:39 ----A---- C:\Windows\system32\WMPhoto.dll
2015-03-11 17:35:41 ----D---- C:\AdwCleaner
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files\Symantec Shared
2015-03-11 17:35:06 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-11 17:34:20 ----D---- C:\Windows\system32\drivers\NSx64
2015-03-11 17:34:20 ----D---- C:\Program Files (x86)\Norton Security
2015-03-11 17:34:19 ----D---- C:\ProgramData\Norton
2015-03-11 17:34:04 ----D---- C:\ProgramData\NortonInstaller
2015-03-11 17:34:04 ----D---- C:\Program Files (x86)\NortonInstaller
2015-03-10 22:25:44 ----D---- C:\Program Files\TeamSpeak 3 Client
======List of files/folders modified in the last 1 month======
2015-03-30 15:32:46 ----D---- C:\Windows\System32
2015-03-30 15:32:46 ----D---- C:\Windows\inf
2015-03-30 15:32:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-30 15:29:15 ----A---- C:\Windows\SYSWOW64\log.txt
2015-03-30 15:28:21 ----SHD---- C:\System Volume Information
2015-03-30 15:25:32 ----D---- C:\ProgramData\NVIDIA
2015-03-30 06:53:35 ----D---- C:\Windows\system32\config
2015-03-30 06:40:50 ----D---- C:\Windows
2015-03-29 23:59:04 ----D---- C:\Windows\winsxs
2015-03-29 23:39:51 ----SD---- C:\Users\Administrátor\AppData\Roaming\Microsoft
2015-03-29 22:23:01 ----SHD---- C:\Windows\Installer
2015-03-29 22:23:01 ----D---- C:\ProgramData\Skype
2015-03-29 22:22:59 ----RD---- C:\Program Files (x86)
2015-03-29 22:22:59 ----D---- C:\Program Files (x86)\Common Files
2015-03-29 22:22:21 ----D---- C:\Program Files (x86)\Google
2015-03-29 22:20:57 ----D---- C:\Program Files (x86)\Origin Games
2015-03-29 22:14:12 ----D---- C:\Windows\system32\drivers
2015-03-29 22:09:10 ----A---- C:\Windows\system.ini
2015-03-29 22:09:01 ----D---- C:\Windows\system32\drivers\etc
2015-03-29 21:59:48 ----D---- C:\Windows\SYSWOW64\drivers
2015-03-29 21:59:48 ----D---- C:\Windows\SysWOW64
2015-03-29 21:59:48 ----D---- C:\Windows\AppPatch
2015-03-29 21:08:48 ----D---- C:\Windows\Panther
2015-03-29 21:08:48 ----D---- C:\Windows\Logs
2015-03-29 20:52:16 ----AD---- C:\ProgramData\TEMP
2015-03-29 20:36:12 ----D---- C:\Windows\Prefetch
2015-03-29 20:16:53 ----RD---- C:\Program Files
2015-03-29 19:49:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-03-29 19:48:47 ----D---- C:\Windows\system32\DriverStore
2015-03-29 19:47:06 ----D---- C:\Program Files\NVIDIA Corporation
2015-03-29 12:22:07 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-28 14:11:35 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-27 22:36:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-03-26 16:37:54 ----D---- C:\Windows\system32\catroot2
2015-03-22 17:05:22 ----D---- C:\ProgramData
2015-03-20 21:47:22 ----D---- C:\Windows\SYSWOW64\directx
2015-03-20 16:22:05 ----D---- C:\Windows\rescache
2015-03-18 00:24:07 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-03-18 00:24:07 ----D---- C:\Windows\system32\cs-CZ
2015-03-16 16:36:18 ----D---- C:\Program Files\Internet Explorer
2015-03-16 16:36:14 ----D---- C:\Windows\SYSWOW64\migration
2015-03-16 16:36:13 ----D---- C:\Windows\SYSWOW64\en-US
2015-03-16 16:36:11 ----D---- C:\Windows\system32\migration
2015-03-16 16:36:11 ----D---- C:\Windows\PolicyDefinitions
2015-03-16 16:36:10 ----D---- C:\Windows\system32\en-US
2015-03-15 22:27:50 ----D---- C:\Windows\servicing
2015-03-15 22:02:34 ----D---- C:\Windows\debug
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\OpenCL.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvapi64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvcpl.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvshext.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvmctray.dll
2015-03-13 13:34:50 ----D---- C:\Windows\system32\Tasks
2015-03-11 19:13:11 ----D---- C:\Windows\SYSWOW64\Dism
2015-03-11 19:13:11 ----D---- C:\Windows\system32\Dism
2015-03-11 19:13:11 ----D---- C:\Program Files\Windows Media Player
2015-03-11 19:13:11 ----D---- C:\Program Files (x86)\Windows Media Player
2015-03-11 19:13:02 ----D---- C:\Windows\system32\Boot
2015-03-11 18:28:45 ----D---- C:\ProgramData\Microsoft Help
2015-03-11 18:22:20 ----D---- C:\Windows\system32\MRT
2015-03-11 18:18:19 ----A---- C:\Windows\system32\MRT.exe
2015-03-11 18:12:31 ----D---- C:\Programy
2015-03-11 17:35:06 ----D---- C:\Program Files\Common Files
2015-03-11 17:27:23 ----D---- C:\Program Files (x86)\Steam
2015-03-11 17:10:04 ----DC---- C:\Windows\system32\DRVSTORE
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-02-06 564824]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NSx64\1601000.009\SYMDS64.SYS [2014-09-09 490712]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS [2014-09-09 1151704]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [2015-03-09 1622744]
R1 ccSet_NS;NS Settings Manager; C:\Windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys [2014-09-09 165080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-03-11 487216]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150327.001\IDSvia64.sys [2015-03-27 671448]
R1 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2015-03-17 107736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NSx64\1601000.009\SRTSPX64.SYS [2014-09-09 42200]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS [2014-09-09 271576]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NSx64\1601000.009\SYMNETS.SYS [2014-09-09 565464]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2015-01-02 42696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-03-11 142640]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-14 3962840]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-03-17 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-03-17 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-12-08 64624]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\ENG64.SYS [2015-03-11 129752]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20150329.001\EX64.SYS [2015-03-11 2137304]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-05 195728]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-01-20 888536]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NSx64\1601000.009\SRTSP64.SYS [2014-12-02 914648]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2015-03-11 102616]
S1 FldSafe;FldSafe; C:\Windows\system32\DRIVERS\FldSafe.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2015-01-02 310728]
S3 afqmssoi;afqmssoi; C:\Windows\system32\drivers\afqmssoi.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 gdrv;gdrv; C:\Windows\system32\drivers\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-03-29 136408]
S3 Prot6Flt;Prot6Flt; C:\Windows\system32\DRIVERS\Prot6Flt.sys []
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 NS;Norton Security; C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [2014-12-10 282528]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-03-13 935056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-03-13 410768]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-16 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-14 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 107912]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-27 148080]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-25 1903472]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
-----------------EOF-----------------
Re: Možné zašifrování dat
Ještě přikládám ten info log vím že se používá hlavně ten první ale když už se vytvořil třeba z něho něco zjistíte děkuji.
info.txt logfile of random's system information tool 1.10 2015-03-30 15:33:19
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A0CDDE45B00008020210007A3130D000800000020030000A3140D07EFFFFF002803000058DDE8000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
-->MsiExec /X{B455E95A-B804-439F-B533-336B1635AE97}
4Story CZ 4.4.145-->"C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\unins000.exe"
Adobe Flash Player 17 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe -maintain activex
Adobe Reader XI (11.0.10) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}
Aegisub 3.2.1-->"C:\Program Files (x86)\Aegisub\unins000.exe"
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Dragon Age II-->"C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age 2.exe"
Dragon Age: Origins-->"C:\Program Files (x86)\Common Files\EAInstaller\Dragon Age\Cleanup.exe" uninstall_game -autologging
FormatFactory 3.3.5.0-->C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Gameforge Live 2.0.5-->"C:\Program Files (x86)\GameforgeLive\unins000.exe"
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301}
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
IrfanView (remove only)-->"C:\Program Files (x86)\IrfanView\iv_uninstall.exe"
Java 7 Update 75 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F06417075FF}
linguatec Voice Reader-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{93293322-B694-4270-B7FE-DDE1A681ACCA}\setup.exe" -l0x9 -removeonly
Malwarebytes Anti-Malware verze 2.1.4.1018-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Microsoft .NET Framework 4.5.2 (CSY)-->MsiExec.exe /X{C48AF3CF-C632-3C19-838E-7DAB7283D46A}
Microsoft .NET Framework 4.5.2 (čeština)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\CSY\\Setup.exe /repair /x86 /x64 /lcid 1029
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft ASP.NET MVC 4 Runtime-->MsiExec.exe /X{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005-->"C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Mozilla Firefox 36.0.4 (x86 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Norton Security-->"C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\562C4DD5\22.1.0.9\InstStub.exe" /X /ARP
NVIDIA GeForce Experience 2.1.5-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Ovladač 3D Vision 347.88-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladač HD audia 1.3.33.0-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Ovladač řídící jednotky 3D Vision 347.09-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 347.88-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /I{B455E95A-B804-439F-B533-336B1635AE97}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Systémový software PhysX 9.14.0702-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
ON_OFF Charge B11.0110.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DECD372-76A1-4483-BF10-B547790A3261}\setup.exe" -l0x9 -removeonly
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
OSCAR Editor-->C:\Program Files (x86)\InstallShield Installation Information\{B93E815A-ED3F-436C-8175-C0BB1AD4AA36}\setup.exe -runfromtemp -l0x0409
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\SETUP.EXE" -runfromtemp -l0x0405 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B7727B4D-5EA3-4C11-9D30-15E47616DCAF}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {EA575F57-C5D1-4B5A-B9F9-F16EEBC6B58C}
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition -->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A4A50F66-DD0F-4150-A19F-0F35531D6E21}
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {8907F32C-DF89-4C2F-AEDE-0DB4B65451C0}
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {319FC809-3841-4739-A25F-FDBADF073697}
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {32DA925D-8B7D-4298-B893-6291D28CE809}
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6B4A3804-666A-4DD8-84A7-B97701416784}
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {F7DFD2B8-0CD1-4A51-AC71-A0582FE796C2}
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {36842896-D83B-4C92-8261-6312B7DEB562}
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {4C1BE82B-9AC0-4AB9-B76D-5467131955E1}
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {FC572B0C-6356-46CC-A01E-CCCEC4340BF5}
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {56BB0BAB-7C3C-40C1-8F70-1AAE6A5FE45F}
Security Update for Microsoft Office 2007 suites (KB2984939) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {655A1E6F-9591-485A-A29D-CB9BCFD38B82}
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6C1A25BE-E3D5-4A5A-B677-8833E5996C20}
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956107) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {8019D09F-F0F7-4117-B207-3563876C95AF}
Security Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A1AB4C88-5F23-43DF-B461-32E5CBA84F7B}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {732E7378-7132-4C0F-B30E-C00A0F8AC1EB}
Security Update for Microsoft Office Word 2007 (KB2956109) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {ACD04559-C0BB-4EF7-95AA-F5DB49AFD583}
State of War-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Cypron Studios\State of War\Uninst.isu"
Steam-->C:\Program Files (x86)\Steam\uninstall.exe
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {BB006B39-9FD7-4DD5-942E-CDF1BBD718DB}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {A030537D-0034-46AD-A730-B1119786F607}
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {53DEC068-4690-4F6B-9946-7D21EF02236B}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956104) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A8AEAD3C-C39C-47DA-A9B3-7F8C895B9E6A}
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Visual Studio 2012 x64 Redistributables-->MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Sync-->MsiExec.exe /X{E570CB6B-1CBC-4ADD-969F-7B3338A6BDB6}
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Xvid Video Codec-->C:\Program Files (x86)\Xvid\uninstall.exe
Zaklínač-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0005 -removeonly
======System event log======
Computer Name: Petr-PC
Event Code: 10016
Message: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{B77C4C36-0154-4C52-AB49-FAA03837E47F}
a APPID
{EA022610-0748-4C24-B229-6C507EBDFDBB}
uživateli Petr-PC\Petr SID (S-1-5-21-1492778448-2556657456-2968204072-1002) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Record Number: 1135404
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20150329221213.000000-000
Event Type: Chyba
User: Petr-PC\Petr
Computer Name: Petr-PC
Event Code: 7036
Message: Stav služby Ochrana softwaru byl změněn na: Zastaveno
Record Number: 1135403
Source Name: Service Control Manager
Time Written: 20150329220622.675320-000
Event Type: Informace
User:
Computer Name: Petr-PC
Event Code: 206
Message: Služba Pomocník s kompatibilitou programů úspěšně provedla inicializaci druhé fáze.
Record Number: 1135402
Source Name: Microsoft-Windows-Application-Experience
Time Written: 20150329220614.906507-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Petr-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Windows PowerShell.
Record Number: 1135401
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150329220304.974746-000
Event Type: Informace
User: Petr-PC\Administrátor
Computer Name: Petr-PC
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 1135400
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150329220304.834346-000
Event Type: Informace
User: Petr-PC\Administrátor
=====Application event log=====
Computer Name: Petr-PC
Event Code: 2003
Message:
Record Number: 123693487
Source Name: NvStreamSvc
Time Written: 20150329221355.000000-000
Event Type: Informace
User:
Computer Name: Petr-PC
Event Code: 2003
Message:
Record Number: 123693486
Source Name: NvStreamSvc
Time Written: 20150329221354.000000-000
Event Type: Informace
User:
Computer Name: Petr-PC
Event Code: 903
Message: Služba Ochrana softwaru byla ukončena.
Record Number: 123693485
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20150329220622.000000-000
Event Type: Informace
User:
Computer Name: Petr-PC
Event Code: 1000
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně načteny. Data záznamu v datové části obsahují nové indexové hodnoty přiřazené této službě.
Record Number: 123693484
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20150329220433.636105-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Petr-PC
Event Code: 1001
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně odstraněny. Data záznamu obsahují nové hodnoty položek Last Counter a Last Help systémového registru.
Record Number: 123693483
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20150329220433.558104-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: Petr-PC
Event Code: 4608
Message: Spouští se systém Windows.
Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 113894
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150330044039.890451-000
Event Type: Úspěšný audit
User:
Computer Name: Petr-PC
Event Code: 1100
Message: Služba protokolování událostí byla ukončena.
Record Number: 113893
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150329221358.241830-000
Event Type: Úspěšný audit
User:
Computer Name: Petr-PC
Event Code: 4634
Message: Účet byl odhlášen.
Předmět:
ID zabezpečení: S-1-5-21-1492778448-2556657456-2968204072-1011
Název účtu: Administrátor
Doména účtu: Petr-PC
ID přihlášení: 0x1ecaec
Typ přihlášení: 2
Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 113892
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150329221357.305829-000
Event Type: Úspěšný audit
User:
Computer Name: Petr-PC
Event Code: 4647
Message: Odhlášení spuštěné uživatelem:
Předmět:
ID zabezpečení: S-1-5-21-1492778448-2556657456-2968204072-1002
Název účtu: Petr
Doména účtu: Petr-PC
ID přihlášení: 0x962ba
Tato událost je generována, pokud je spuštěno odhlášení. Není povolena žádná další uživatelem spuštěná akce. Tuto událost lze interpretovat jako událost odhlášení.
Record Number: 113891
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150329221356.962628-000
Event Type: Úspěšný audit
User:
Computer Name: Petr-PC
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-1492778448-2556657456-2968204072-1011
Název účtu: Administrátor
Název domény: Petr-PC
ID přihlášení: 0x1ecaec
Record Number: 113890
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150329220304.693945-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"configsetroot"=%SystemRoot%\ConfigSetRoot
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=8
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\PHYSX\COMMON;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=2a07
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"ESET_OPTIONS"=
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.10 2015-03-30 15:33:19
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A0CDDE45B00008020210007A3130D000800000020030000A3140D07EFFFFF002803000058DDE8000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
-->MsiExec /X{B455E95A-B804-439F-B533-336B1635AE97}
4Story CZ 4.4.145-->"C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\unins000.exe"
Adobe Flash Player 17 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe -maintain activex
Adobe Reader XI (11.0.10) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}
Aegisub 3.2.1-->"C:\Program Files (x86)\Aegisub\unins000.exe"
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Dragon Age II-->"C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age 2.exe"
Dragon Age: Origins-->"C:\Program Files (x86)\Common Files\EAInstaller\Dragon Age\Cleanup.exe" uninstall_game -autologging
FormatFactory 3.3.5.0-->C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Gameforge Live 2.0.5-->"C:\Program Files (x86)\GameforgeLive\unins000.exe"
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301}
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
IrfanView (remove only)-->"C:\Program Files (x86)\IrfanView\iv_uninstall.exe"
Java 7 Update 75 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F06417075FF}
linguatec Voice Reader-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{93293322-B694-4270-B7FE-DDE1A681ACCA}\setup.exe" -l0x9 -removeonly
Malwarebytes Anti-Malware verze 2.1.4.1018-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Microsoft .NET Framework 4.5.2 (CSY)-->MsiExec.exe /X{C48AF3CF-C632-3C19-838E-7DAB7283D46A}
Microsoft .NET Framework 4.5.2 (čeština)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\CSY\\Setup.exe /repair /x86 /x64 /lcid 1029
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft ASP.NET MVC 4 Runtime-->MsiExec.exe /X{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005-->"C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Mozilla Firefox 36.0.4 (x86 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Norton Security-->"C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\562C4DD5\22.1.0.9\InstStub.exe" /X /ARP
NVIDIA GeForce Experience 2.1.5-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Ovladač 3D Vision 347.88-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladač HD audia 1.3.33.0-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Ovladač řídící jednotky 3D Vision 347.09-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 347.88-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /I{B455E95A-B804-439F-B533-336B1635AE97}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Systémový software PhysX 9.14.0702-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
ON_OFF Charge B11.0110.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DECD372-76A1-4483-BF10-B547790A3261}\setup.exe" -l0x9 -removeonly
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
OSCAR Editor-->C:\Program Files (x86)\InstallShield Installation Information\{B93E815A-ED3F-436C-8175-C0BB1AD4AA36}\setup.exe -runfromtemp -l0x0409
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\SETUP.EXE" -runfromtemp -l0x0405 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B7727B4D-5EA3-4C11-9D30-15E47616DCAF}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {EA575F57-C5D1-4B5A-B9F9-F16EEBC6B58C}
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition -->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A4A50F66-DD0F-4150-A19F-0F35531D6E21}
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {8907F32C-DF89-4C2F-AEDE-0DB4B65451C0}
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {319FC809-3841-4739-A25F-FDBADF073697}
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {32DA925D-8B7D-4298-B893-6291D28CE809}
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6B4A3804-666A-4DD8-84A7-B97701416784}
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {F7DFD2B8-0CD1-4A51-AC71-A0582FE796C2}
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {36842896-D83B-4C92-8261-6312B7DEB562}
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {4C1BE82B-9AC0-4AB9-B76D-5467131955E1}
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {FC572B0C-6356-46CC-A01E-CCCEC4340BF5}
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {56BB0BAB-7C3C-40C1-8F70-1AAE6A5FE45F}
Security Update for Microsoft Office 2007 suites (KB2984939) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {655A1E6F-9591-485A-A29D-CB9BCFD38B82}
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6C1A25BE-E3D5-4A5A-B677-8833E5996C20}
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956107) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {8019D09F-F0F7-4117-B207-3563876C95AF}
Security Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A1AB4C88-5F23-43DF-B461-32E5CBA84F7B}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {732E7378-7132-4C0F-B30E-C00A0F8AC1EB}
Security Update for Microsoft Office Word 2007 (KB2956109) 32-Bit Edition -->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {ACD04559-C0BB-4EF7-95AA-F5DB49AFD583}
State of War-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Cypron Studios\State of War\Uninst.isu"
Steam-->C:\Program Files (x86)\Steam\uninstall.exe
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {BB006B39-9FD7-4DD5-942E-CDF1BBD718DB}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {A030537D-0034-46AD-A730-B1119786F607}
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {53DEC068-4690-4F6B-9946-7D21EF02236B}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956104) 32-Bit Edition-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A8AEAD3C-C39C-47DA-A9B3-7F8C895B9E6A}
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Visual Studio 2012 x64 Redistributables-->MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Sync-->MsiExec.exe /X{E570CB6B-1CBC-4ADD-969F-7B3338A6BDB6}
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Xvid Video Codec-->C:\Program Files (x86)\Xvid\uninstall.exe
Zaklínač-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0005 -removeonly
======System event log======
Computer Name: Petr-PC
Event Code: 10016
Message: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{B77C4C36-0154-4C52-AB49-FAA03837E47F}
a APPID
{EA022610-0748-4C24-B229-6C507EBDFDBB}
uživateli Petr-PC\Petr SID (S-1-5-21-1492778448-2556657456-2968204072-1002) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Record Number: 1135404
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20150329221213.000000-000
Event Type: Chyba
User: Petr-PC\Petr
Computer Name: Petr-PC
Event Code: 7036
Message: Stav služby Ochrana softwaru byl změněn na: Zastaveno
Record Number: 1135403
Source Name: Service Control Manager
Time Written: 20150329220622.675320-000
Event Type: Informace
User:
Computer Name: Petr-PC
Event Code: 206
Message: Služba Pomocník s kompatibilitou programů úspěšně provedla inicializaci druhé fáze.
Record Number: 1135402
Source Name: Microsoft-Windows-Application-Experience
Time Written: 20150329220614.906507-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Petr-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Windows PowerShell.
Record Number: 1135401
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150329220304.974746-000
Event Type: Informace
User: Petr-PC\Administrátor
Computer Name: Petr-PC
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 1135400
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150329220304.834346-000
Event Type: Informace
User: Petr-PC\Administrátor
=====Application event log=====
Computer Name: Petr-PC
Event Code: 2003
Message:
Record Number: 123693487
Source Name: NvStreamSvc
Time Written: 20150329221355.000000-000
Event Type: Informace
User:
Computer Name: Petr-PC
Event Code: 2003
Message:
Record Number: 123693486
Source Name: NvStreamSvc
Time Written: 20150329221354.000000-000
Event Type: Informace
User:
Computer Name: Petr-PC
Event Code: 903
Message: Služba Ochrana softwaru byla ukončena.
Record Number: 123693485
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20150329220622.000000-000
Event Type: Informace
User:
Computer Name: Petr-PC
Event Code: 1000
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně načteny. Data záznamu v datové části obsahují nové indexové hodnoty přiřazené této službě.
Record Number: 123693484
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20150329220433.636105-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Petr-PC
Event Code: 1001
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně odstraněny. Data záznamu obsahují nové hodnoty položek Last Counter a Last Help systémového registru.
Record Number: 123693483
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20150329220433.558104-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: Petr-PC
Event Code: 4608
Message: Spouští se systém Windows.
Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 113894
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150330044039.890451-000
Event Type: Úspěšný audit
User:
Computer Name: Petr-PC
Event Code: 1100
Message: Služba protokolování událostí byla ukončena.
Record Number: 113893
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150329221358.241830-000
Event Type: Úspěšný audit
User:
Computer Name: Petr-PC
Event Code: 4634
Message: Účet byl odhlášen.
Předmět:
ID zabezpečení: S-1-5-21-1492778448-2556657456-2968204072-1011
Název účtu: Administrátor
Doména účtu: Petr-PC
ID přihlášení: 0x1ecaec
Typ přihlášení: 2
Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 113892
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150329221357.305829-000
Event Type: Úspěšný audit
User:
Computer Name: Petr-PC
Event Code: 4647
Message: Odhlášení spuštěné uživatelem:
Předmět:
ID zabezpečení: S-1-5-21-1492778448-2556657456-2968204072-1002
Název účtu: Petr
Doména účtu: Petr-PC
ID přihlášení: 0x962ba
Tato událost je generována, pokud je spuštěno odhlášení. Není povolena žádná další uživatelem spuštěná akce. Tuto událost lze interpretovat jako událost odhlášení.
Record Number: 113891
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150329221356.962628-000
Event Type: Úspěšný audit
User:
Computer Name: Petr-PC
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-1492778448-2556657456-2968204072-1011
Název účtu: Administrátor
Název domény: Petr-PC
ID přihlášení: 0x1ecaec
Record Number: 113890
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150329220304.693945-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"configsetroot"=%SystemRoot%\ConfigSetRoot
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=8
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\PHYSX\COMMON;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=2a07
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"ESET_OPTIONS"=
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Možné zašifrování dat
Jen od Nortona a ten se toleruje. Ty zpomalovací tam už nejsou.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Možné zašifrování dat
V tom případě děkuji za pomoc. Můžete lock.
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Možné zašifrování dat
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?