Dobry den, pozrite sa mi prosim na kamaratove PC, svoje problemy popisuje takto:
"-Nekonecny start pocitaca po spusteni
-Pomale reakcie po klikuti na ikony, pri pisani vo worde, pri prezerani slidov v powerpointe, vsetko neskutocne seka
-Pomale reakcie na prehliadaci pri hladani web. stranok
-Ked pohybujeme dialogovymi oknami na ploche, tiez sekanie, nejde to plynulo
-A sekanie vsetkych videi, ci na webe alebo z pocitaca
-To je vsetko, tak v kocke, cize vsetko prestrasne pomaôle"
tu je log z RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by XXX at 2015-04-17 17:37:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 22 GB (45%) free of 48 GB
Total RAM: 1790 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:58, on 17. 4. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\XXX.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7099 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-54474701-4033-4783-a2ff-bbd67d58689d -SystemEventPortName:HostProcess-b91bdc45-c45f-4261-a76e-815dbef1ff95 -IoCancelEventPortName:HostProcess-060a62a7-2f6d-42a0-b45d-10f5029ca4bf -NonStateChangingEventPortName:HostProcess-877a03f5-c9c3-4825-abd6-adec825fddc5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:53e17752-82dc-4a47-a8b1-e26c63f5089b -DeviceGroupId:WpdFsGroup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A2/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3340 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="3340.2.1105916371\824743688" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3340.4.1671226908\1223038903" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Users\XXX\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-06 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-06 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15 172968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2014-09-08 464608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EEDSpeedLauncher"=C:\Windows\system32\eed_ec.dll [2014-10-30 3141120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-03-30 5227648]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10 335232]
C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-04-17 17:37:49 ----D---- C:\Program Files\trend micro
2015-04-17 17:37:48 ----D---- C:\rsit
2015-04-15 22:34:53 ----SHD---- C:\Config.Msi
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wups.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 21:18:49 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 21:18:47 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 21:18:46 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-15 21:18:44 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 21:18:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-15 21:18:25 ----A---- C:\Windows\system32\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\KernelBase.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\kernel32.dll
2015-04-15 21:18:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-04-15 21:18:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-04-15 21:18:17 ----A---- C:\Windows\system32\wow64win.dll
2015-04-15 21:18:17 ----A---- C:\Windows\system32\schannel.dll
2015-04-15 21:18:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-04-15 21:18:16 ----A---- C:\Windows\system32\lsasrv.dll
2015-04-15 21:18:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\wow64.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\srcore.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\conhost.exe
2015-04-15 21:18:13 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\winsrv.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\rstrui.exe
2015-04-15 21:18:12 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\wdigest.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\kerberos.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-04-15 21:18:11 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\TSpkg.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\sspicli.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\smss.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\lsass.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\auditpol.exe
2015-04-15 21:18:09 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\ntvdm64.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\csrsrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\sspisrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\credssp.dll
2015-04-15 21:18:07 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-04-15 21:18:07 ----A---- C:\Windows\system32\wow64cpu.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\user.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-04-15 21:17:59 ----A---- C:\Windows\system32\apisetschema.dll
2015-04-15 21:17:58 ----A---- C:\Windows\system32\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\system32\msaudite.dll
2015-04-15 21:17:56 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-04-15 21:17:56 ----A---- C:\Windows\system32\msobjs.dll
2015-04-15 21:17:00 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\iernonce.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-15 21:16:49 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-04-15 21:16:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 21:16:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-04-15 21:16:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-04-15 21:16:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\urlmon.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\iedkcs32.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-04-15 21:16:38 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 21:16:36 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-15 21:16:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-04-15 21:16:34 ----A---- C:\Windows\system32\iesetup.dll
2015-04-15 21:16:33 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-15 21:16:32 ----A---- C:\Windows\system32\iertutil.dll
2015-04-15 21:16:31 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-04-15 21:16:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-15 21:16:28 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-04-15 21:16:26 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieui.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieframe.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9diag.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\wininet.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\vbscript.dll
2015-04-15 21:16:19 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-04-15 21:16:18 ----A---- C:\Windows\system32\msrating.dll
2015-04-15 21:16:12 ----A---- C:\Windows\system32\mshtml.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfs.sys
2015-04-15 21:14:37 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-04 14:58:10 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-04 14:58:09 ----SD---- C:\Windows\system32\GWX
2015-04-02 13:18:02 ----D---- C:\ProgramData\boost_interprocess
2015-04-02 12:31:09 ----D---- C:\Users\XXX\AppData\Roaming\Samsung
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files\Common Desktop Agent
2015-04-02 12:30:05 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2015-04-02 12:30:04 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-04-02 12:28:20 ----D---- C:\Program Files (x86)\Samsung
2015-04-02 12:01:26 ----RA---- C:\Windows\Wiainst64.exe
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaMinDrv.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaImgFlt.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaErHdlr.dll
2015-04-02 12:00:59 ----D---- C:\ProgramData\Samsung
2015-04-02 12:00:06 ----A---- C:\Windows\system32\ssm4mlm.dll
2015-04-02 12:00:06 ----A---- C:\Windows\system32\SBuySupplies.exe
2015-04-02 12:00:03 ----A---- C:\Windows\system32\eed_sl.exe
2015-04-02 12:00:02 ----A---- C:\Windows\system32\eed_ec.dll
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.exe
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.dll
2015-04-02 11:59:58 ----A---- C:\Windows\SYSWOW64\Ssusbpn.dll
2015-04-02 11:59:58 ----A---- C:\Windows\system32\Ssusbp64.dll
======List of files/folders modified in the last 1 month======
2015-04-17 17:37:58 ----D---- C:\Windows\Prefetch
2015-04-17 17:37:53 ----D---- C:\Windows\Temp
2015-04-17 17:37:49 ----RD---- C:\Program Files
2015-04-17 17:36:50 ----D---- C:\Windows\system32\config
2015-04-17 17:29:18 ----D---- C:\Windows\Microsoft.NET
2015-04-17 17:25:14 ----RSD---- C:\Windows\assembly
2015-04-16 21:12:53 ----D---- C:\Windows\System32
2015-04-16 21:12:53 ----D---- C:\Windows\inf
2015-04-16 21:12:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-16 21:05:59 ----D---- C:\Windows\winsxs
2015-04-16 21:03:48 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\SysWOW64
2015-04-16 21:03:48 ----D---- C:\Windows\system32\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\PolicyDefinitions
2015-04-16 21:03:47 ----SD---- C:\Windows\system32\CompatTel
2015-04-16 21:03:47 ----D---- C:\Windows\system32\wbem
2015-04-16 21:03:47 ----D---- C:\Windows\system32\appraiser
2015-04-16 21:03:47 ----D---- C:\Windows\AppPatch
2015-04-16 21:03:44 ----D---- C:\Windows\SYSWOW64\en-US
2015-04-16 21:03:43 ----D---- C:\Windows\system32\en-US
2015-04-16 21:03:42 ----D---- C:\Windows\system32\drivers
2015-04-16 21:03:40 ----D---- C:\Program Files\Internet Explorer
2015-04-16 21:03:36 ----D---- C:\Program Files (x86)\Internet Explorer
2015-04-15 22:36:54 ----SHD---- C:\Windows\Installer
2015-04-15 22:35:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-15 22:32:45 ----D---- C:\Windows\system32\MRT
2015-04-15 22:27:36 ----A---- C:\Windows\system32\MRT.exe
2015-04-15 22:23:28 ----SHD---- C:\System Volume Information
2015-04-15 21:45:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-15 21:13:42 ----D---- C:\Windows\system32\catroot2
2015-04-07 20:38:21 ----D---- C:\Windows\system32\NDF
2015-04-05 18:48:02 ----D---- C:\Windows
2015-04-04 14:58:15 ----D---- C:\Windows\Logs
2015-04-02 15:50:36 ----D---- C:\Windows\system32\catroot
2015-04-02 13:18:02 ----HD---- C:\ProgramData
2015-04-02 12:32:13 ----D---- C:\Program Files (x86)\Common Files
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files
2015-04-02 12:30:27 ----D---- C:\Windows\system32\DriverStore
2015-04-02 12:30:16 ----D---- C:\Windows\twain_32
2015-04-02 12:30:05 ----RD---- C:\Program Files (x86)
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-06 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-06 267632]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-06 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-06 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-06 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-06 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-06 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-06 116728]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2014-05-07 11576]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC64.SYS [2008-09-16 3479712]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-06 50344]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-13 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-08-19 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Rudy - pomale pc
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Rudy - pomale pc
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rudy - pomale pc
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rudy - pomale pc
# AdwCleaner v4.201 - Log vytvorený 18/04/2015 at 17:47:30
# Aktualizované 08/04/2015 by Xplode
# Databáza : 2015-04-18.3 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (x64)
# Uživateľské meno : XXX - XXX-PC
# Spustené z : C:\Users\XXX\Downloads\adwcleaner_4.201.exe
# Nastavenia : Čistenie
***** [ Služby ] *****
***** [ Súbory / Priečinky ] *****
Priečinok Zmazané : C:\Program Files (x86)\DriverTuner
Priečinok Zmazané : C:\Program Files\DriverTuner
Súbor Zmazané : C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Súbor Zmazané : C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
***** [ Naplánované úlohy ] *****
***** [ Zástupcovia ] *****
***** [ Registre ] *****
Kľúč registra Zmazané : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Kľúč registra Zmazané : HKCU\Software\DriverTuner_Init
Kľúč registra Zmazané : HKCU\Software\DriverTuner
***** [ Webové prehliadače ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v
-\\ Google Chrome v42.0.2311.90
[C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Zmazané [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
*************************
AdwCleaner[R0].txt - [1631 bajtov] - [18/04/2015 17:45:03]
AdwCleaner[S0].txt - [1432 bajtov] - [18/04/2015 17:47:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1492 bajtov] ##########
# Aktualizované 08/04/2015 by Xplode
# Databáza : 2015-04-18.3 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (x64)
# Uživateľské meno : XXX - XXX-PC
# Spustené z : C:\Users\XXX\Downloads\adwcleaner_4.201.exe
# Nastavenia : Čistenie
***** [ Služby ] *****
***** [ Súbory / Priečinky ] *****
Priečinok Zmazané : C:\Program Files (x86)\DriverTuner
Priečinok Zmazané : C:\Program Files\DriverTuner
Súbor Zmazané : C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Súbor Zmazané : C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
***** [ Naplánované úlohy ] *****
***** [ Zástupcovia ] *****
***** [ Registre ] *****
Kľúč registra Zmazané : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Kľúč registra Zmazané : HKCU\Software\DriverTuner_Init
Kľúč registra Zmazané : HKCU\Software\DriverTuner
***** [ Webové prehliadače ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v
-\\ Google Chrome v42.0.2311.90
[C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Zmazané [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
*************************
AdwCleaner[R0].txt - [1631 bajtov] - [18/04/2015 17:45:03]
AdwCleaner[S0].txt - [1432 bajtov] - [18/04/2015 17:47:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1492 bajtov] ##########
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rudy - pomale pc
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rudy - pomale pc
Logfile of random's system information tool 1.10 (written by random/random)
Run by XXX at 2015-04-18 18:10:25
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 23 GB (48%) free of 48 GB
Total RAM: 1790 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:31, on 18. 4. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\XXX.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7287 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3ad1aaf1-c4f9-4661-9b46-d817e30503c2 -SystemEventPortName:HostProcess-15d12937-1813-4e79-b2b7-0bdc6882860b -IoCancelEventPortName:HostProcess-96593257-7e4d-4211-956a-dd99101354ad -NonStateChangingEventPortName:HostProcess-7ba97201-8cb5-44dc-8c76-c455ba485750 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f16a74a2-47bd-40bb-82b0-f32db54bcb26 -DeviceGroupId:WpdFsGroup
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3220.4.578156771\1967514269" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A2/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UwSInterstitialStatus/On/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/*Win32kLockdown/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3220 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --enable-gpu-rasterization --enable-threaded-gpu-rasterization --disable-gpu-compositing --channel="3220.6.1797104632\153321619" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3220.9.1659155593\949431900" --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\XXX\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159" --gpu-driver-bug-workarounds=1,18,41 --gpu-vendor-id=0x1106 --gpu-device-id=0x3230 --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A2/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UwSInterstitialStatus/On/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/*Win32kLockdown/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3220 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --enable-gpu-rasterization --enable-threaded-gpu-rasterization --disable-gpu-compositing --channel="3220.10.389053255\1833391230" /prefetch:673131151
"C:\Users\XXX\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-06 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-06 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15 172968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2014-09-08 464608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EEDSpeedLauncher"=C:\Windows\system32\eed_ec.dll [2014-10-30 3141120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-03-30 5227648]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10 335232]
C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-04-18 17:44:40 ----D---- C:\AdwCleaner
2015-04-17 17:37:49 ----D---- C:\Program Files\trend micro
2015-04-17 17:37:48 ----D---- C:\rsit
2015-04-15 22:34:53 ----SHD---- C:\Config.Msi
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wups.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 21:18:49 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 21:18:47 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 21:18:46 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-15 21:18:44 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 21:18:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-15 21:18:25 ----A---- C:\Windows\system32\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\KernelBase.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\kernel32.dll
2015-04-15 21:18:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-04-15 21:18:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-04-15 21:18:17 ----A---- C:\Windows\system32\wow64win.dll
2015-04-15 21:18:17 ----A---- C:\Windows\system32\schannel.dll
2015-04-15 21:18:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-04-15 21:18:16 ----A---- C:\Windows\system32\lsasrv.dll
2015-04-15 21:18:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\wow64.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\srcore.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\conhost.exe
2015-04-15 21:18:13 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\winsrv.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\rstrui.exe
2015-04-15 21:18:12 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\wdigest.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\kerberos.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-04-15 21:18:11 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\TSpkg.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\sspicli.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\smss.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\lsass.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\auditpol.exe
2015-04-15 21:18:09 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\ntvdm64.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\csrsrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\sspisrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\credssp.dll
2015-04-15 21:18:07 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-04-15 21:18:07 ----A---- C:\Windows\system32\wow64cpu.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\user.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-04-15 21:17:59 ----A---- C:\Windows\system32\apisetschema.dll
2015-04-15 21:17:58 ----A---- C:\Windows\system32\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\system32\msaudite.dll
2015-04-15 21:17:56 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-04-15 21:17:56 ----A---- C:\Windows\system32\msobjs.dll
2015-04-15 21:17:00 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\iernonce.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-15 21:16:49 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-04-15 21:16:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 21:16:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-04-15 21:16:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-04-15 21:16:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\urlmon.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\iedkcs32.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-04-15 21:16:38 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 21:16:36 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-15 21:16:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-04-15 21:16:34 ----A---- C:\Windows\system32\iesetup.dll
2015-04-15 21:16:33 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-15 21:16:32 ----A---- C:\Windows\system32\iertutil.dll
2015-04-15 21:16:31 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-04-15 21:16:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-15 21:16:28 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-04-15 21:16:26 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieui.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieframe.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9diag.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\wininet.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\vbscript.dll
2015-04-15 21:16:19 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-04-15 21:16:18 ----A---- C:\Windows\system32\msrating.dll
2015-04-15 21:16:12 ----A---- C:\Windows\system32\mshtml.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfs.sys
2015-04-15 21:14:37 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-04 14:58:10 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-04 14:58:09 ----SD---- C:\Windows\system32\GWX
2015-04-02 13:18:02 ----D---- C:\ProgramData\boost_interprocess
2015-04-02 12:31:09 ----D---- C:\Users\XXX\AppData\Roaming\Samsung
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files\Common Desktop Agent
2015-04-02 12:30:05 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2015-04-02 12:30:04 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-04-02 12:28:20 ----D---- C:\Program Files (x86)\Samsung
2015-04-02 12:01:26 ----RA---- C:\Windows\Wiainst64.exe
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaMinDrv.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaImgFlt.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaErHdlr.dll
2015-04-02 12:00:59 ----D---- C:\ProgramData\Samsung
2015-04-02 12:00:06 ----A---- C:\Windows\system32\ssm4mlm.dll
2015-04-02 12:00:06 ----A---- C:\Windows\system32\SBuySupplies.exe
2015-04-02 12:00:03 ----A---- C:\Windows\system32\eed_sl.exe
2015-04-02 12:00:02 ----A---- C:\Windows\system32\eed_ec.dll
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.exe
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.dll
2015-04-02 11:59:58 ----A---- C:\Windows\SYSWOW64\Ssusbpn.dll
2015-04-02 11:59:58 ----A---- C:\Windows\system32\Ssusbp64.dll
======List of files/folders modified in the last 1 month======
2015-04-18 18:10:32 ----D---- C:\Windows\Prefetch
2015-04-18 18:10:27 ----D---- C:\Windows\Temp
2015-04-18 18:05:25 ----D---- C:\Windows\system32\config
2015-04-18 17:47:30 ----RD---- C:\Program Files (x86)
2015-04-18 17:47:30 ----RD---- C:\Program Files
2015-04-18 17:39:21 ----SHD---- C:\System Volume Information
2015-04-18 15:56:41 ----D---- C:\Windows\AppCompat
2015-04-18 12:14:00 ----D---- C:\Windows\System32
2015-04-18 12:14:00 ----D---- C:\Windows\inf
2015-04-18 12:14:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-18 12:07:37 ----D---- C:\Windows\system32\drivers
2015-04-17 19:03:04 ----D---- C:\Windows\Microsoft.NET
2015-04-17 18:51:06 ----RSD---- C:\Windows\assembly
2015-04-16 21:05:59 ----D---- C:\Windows\winsxs
2015-04-16 21:03:48 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\SysWOW64
2015-04-16 21:03:48 ----D---- C:\Windows\system32\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\PolicyDefinitions
2015-04-16 21:03:47 ----SD---- C:\Windows\system32\CompatTel
2015-04-16 21:03:47 ----D---- C:\Windows\system32\wbem
2015-04-16 21:03:47 ----D---- C:\Windows\system32\appraiser
2015-04-16 21:03:47 ----D---- C:\Windows\AppPatch
2015-04-16 21:03:44 ----D---- C:\Windows\SYSWOW64\en-US
2015-04-16 21:03:43 ----D---- C:\Windows\system32\en-US
2015-04-16 21:03:40 ----D---- C:\Program Files\Internet Explorer
2015-04-16 21:03:36 ----D---- C:\Program Files (x86)\Internet Explorer
2015-04-15 22:36:54 ----SHD---- C:\Windows\Installer
2015-04-15 22:35:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-15 22:32:45 ----D---- C:\Windows\system32\MRT
2015-04-15 22:27:36 ----A---- C:\Windows\system32\MRT.exe
2015-04-15 21:45:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-15 21:13:42 ----D---- C:\Windows\system32\catroot2
2015-04-07 20:38:21 ----D---- C:\Windows\system32\NDF
2015-04-05 18:48:02 ----D---- C:\Windows
2015-04-04 14:58:15 ----D---- C:\Windows\Logs
2015-04-02 15:50:36 ----D---- C:\Windows\system32\catroot
2015-04-02 13:18:02 ----HD---- C:\ProgramData
2015-04-02 12:32:13 ----D---- C:\Program Files (x86)\Common Files
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files
2015-04-02 12:30:27 ----D---- C:\Windows\system32\DriverStore
2015-04-02 12:30:16 ----D---- C:\Windows\twain_32
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-06 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-06 267632]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-06 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-06 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-06 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-06 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-06 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-06 116728]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2014-05-07 11576]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC64.SYS [2008-09-16 3479712]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-06 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-13 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-08-19 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Run by XXX at 2015-04-18 18:10:25
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 23 GB (48%) free of 48 GB
Total RAM: 1790 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:31, on 18. 4. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\XXX.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7287 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3ad1aaf1-c4f9-4661-9b46-d817e30503c2 -SystemEventPortName:HostProcess-15d12937-1813-4e79-b2b7-0bdc6882860b -IoCancelEventPortName:HostProcess-96593257-7e4d-4211-956a-dd99101354ad -NonStateChangingEventPortName:HostProcess-7ba97201-8cb5-44dc-8c76-c455ba485750 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f16a74a2-47bd-40bb-82b0-f32db54bcb26 -DeviceGroupId:WpdFsGroup
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3220.4.578156771\1967514269" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A2/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UwSInterstitialStatus/On/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/*Win32kLockdown/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3220 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --enable-gpu-rasterization --enable-threaded-gpu-rasterization --disable-gpu-compositing --channel="3220.6.1797104632\153321619" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3220.9.1659155593\949431900" --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\XXX\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159" --gpu-driver-bug-workarounds=1,18,41 --gpu-vendor-id=0x1106 --gpu-device-id=0x3230 --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A2/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UwSInterstitialStatus/On/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/*Win32kLockdown/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3220 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --enable-gpu-rasterization --enable-threaded-gpu-rasterization --disable-gpu-compositing --channel="3220.10.389053255\1833391230" /prefetch:673131151
"C:\Users\XXX\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-06 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-06 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15 172968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2014-09-08 464608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EEDSpeedLauncher"=C:\Windows\system32\eed_ec.dll [2014-10-30 3141120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-03-30 5227648]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10 335232]
C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-04-18 17:44:40 ----D---- C:\AdwCleaner
2015-04-17 17:37:49 ----D---- C:\Program Files\trend micro
2015-04-17 17:37:48 ----D---- C:\rsit
2015-04-15 22:34:53 ----SHD---- C:\Config.Msi
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wups.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 21:18:49 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 21:18:47 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 21:18:46 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-15 21:18:44 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 21:18:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-15 21:18:25 ----A---- C:\Windows\system32\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\KernelBase.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\kernel32.dll
2015-04-15 21:18:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-04-15 21:18:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-04-15 21:18:17 ----A---- C:\Windows\system32\wow64win.dll
2015-04-15 21:18:17 ----A---- C:\Windows\system32\schannel.dll
2015-04-15 21:18:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-04-15 21:18:16 ----A---- C:\Windows\system32\lsasrv.dll
2015-04-15 21:18:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\wow64.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\srcore.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\conhost.exe
2015-04-15 21:18:13 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\winsrv.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\rstrui.exe
2015-04-15 21:18:12 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\wdigest.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\kerberos.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-04-15 21:18:11 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\TSpkg.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\sspicli.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\smss.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\lsass.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\auditpol.exe
2015-04-15 21:18:09 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\ntvdm64.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\csrsrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\sspisrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\credssp.dll
2015-04-15 21:18:07 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-04-15 21:18:07 ----A---- C:\Windows\system32\wow64cpu.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\user.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-04-15 21:17:59 ----A---- C:\Windows\system32\apisetschema.dll
2015-04-15 21:17:58 ----A---- C:\Windows\system32\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\system32\msaudite.dll
2015-04-15 21:17:56 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-04-15 21:17:56 ----A---- C:\Windows\system32\msobjs.dll
2015-04-15 21:17:00 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\iernonce.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-15 21:16:49 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-04-15 21:16:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 21:16:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-04-15 21:16:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-04-15 21:16:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\urlmon.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\iedkcs32.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-04-15 21:16:38 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 21:16:36 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-15 21:16:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-04-15 21:16:34 ----A---- C:\Windows\system32\iesetup.dll
2015-04-15 21:16:33 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-15 21:16:32 ----A---- C:\Windows\system32\iertutil.dll
2015-04-15 21:16:31 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-04-15 21:16:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-15 21:16:28 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-04-15 21:16:26 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieui.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieframe.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9diag.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\wininet.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\vbscript.dll
2015-04-15 21:16:19 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-04-15 21:16:18 ----A---- C:\Windows\system32\msrating.dll
2015-04-15 21:16:12 ----A---- C:\Windows\system32\mshtml.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfs.sys
2015-04-15 21:14:37 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-04 14:58:10 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-04 14:58:09 ----SD---- C:\Windows\system32\GWX
2015-04-02 13:18:02 ----D---- C:\ProgramData\boost_interprocess
2015-04-02 12:31:09 ----D---- C:\Users\XXX\AppData\Roaming\Samsung
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files\Common Desktop Agent
2015-04-02 12:30:05 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2015-04-02 12:30:04 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-04-02 12:28:20 ----D---- C:\Program Files (x86)\Samsung
2015-04-02 12:01:26 ----RA---- C:\Windows\Wiainst64.exe
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaMinDrv.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaImgFlt.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaErHdlr.dll
2015-04-02 12:00:59 ----D---- C:\ProgramData\Samsung
2015-04-02 12:00:06 ----A---- C:\Windows\system32\ssm4mlm.dll
2015-04-02 12:00:06 ----A---- C:\Windows\system32\SBuySupplies.exe
2015-04-02 12:00:03 ----A---- C:\Windows\system32\eed_sl.exe
2015-04-02 12:00:02 ----A---- C:\Windows\system32\eed_ec.dll
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.exe
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.dll
2015-04-02 11:59:58 ----A---- C:\Windows\SYSWOW64\Ssusbpn.dll
2015-04-02 11:59:58 ----A---- C:\Windows\system32\Ssusbp64.dll
======List of files/folders modified in the last 1 month======
2015-04-18 18:10:32 ----D---- C:\Windows\Prefetch
2015-04-18 18:10:27 ----D---- C:\Windows\Temp
2015-04-18 18:05:25 ----D---- C:\Windows\system32\config
2015-04-18 17:47:30 ----RD---- C:\Program Files (x86)
2015-04-18 17:47:30 ----RD---- C:\Program Files
2015-04-18 17:39:21 ----SHD---- C:\System Volume Information
2015-04-18 15:56:41 ----D---- C:\Windows\AppCompat
2015-04-18 12:14:00 ----D---- C:\Windows\System32
2015-04-18 12:14:00 ----D---- C:\Windows\inf
2015-04-18 12:14:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-18 12:07:37 ----D---- C:\Windows\system32\drivers
2015-04-17 19:03:04 ----D---- C:\Windows\Microsoft.NET
2015-04-17 18:51:06 ----RSD---- C:\Windows\assembly
2015-04-16 21:05:59 ----D---- C:\Windows\winsxs
2015-04-16 21:03:48 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\SysWOW64
2015-04-16 21:03:48 ----D---- C:\Windows\system32\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\PolicyDefinitions
2015-04-16 21:03:47 ----SD---- C:\Windows\system32\CompatTel
2015-04-16 21:03:47 ----D---- C:\Windows\system32\wbem
2015-04-16 21:03:47 ----D---- C:\Windows\system32\appraiser
2015-04-16 21:03:47 ----D---- C:\Windows\AppPatch
2015-04-16 21:03:44 ----D---- C:\Windows\SYSWOW64\en-US
2015-04-16 21:03:43 ----D---- C:\Windows\system32\en-US
2015-04-16 21:03:40 ----D---- C:\Program Files\Internet Explorer
2015-04-16 21:03:36 ----D---- C:\Program Files (x86)\Internet Explorer
2015-04-15 22:36:54 ----SHD---- C:\Windows\Installer
2015-04-15 22:35:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-15 22:32:45 ----D---- C:\Windows\system32\MRT
2015-04-15 22:27:36 ----A---- C:\Windows\system32\MRT.exe
2015-04-15 21:45:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-15 21:13:42 ----D---- C:\Windows\system32\catroot2
2015-04-07 20:38:21 ----D---- C:\Windows\system32\NDF
2015-04-05 18:48:02 ----D---- C:\Windows
2015-04-04 14:58:15 ----D---- C:\Windows\Logs
2015-04-02 15:50:36 ----D---- C:\Windows\system32\catroot
2015-04-02 13:18:02 ----HD---- C:\ProgramData
2015-04-02 12:32:13 ----D---- C:\Program Files (x86)\Common Files
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files
2015-04-02 12:30:27 ----D---- C:\Windows\system32\DriverStore
2015-04-02 12:30:16 ----D---- C:\Windows\twain_32
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-06 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-06 267632]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-06 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-06 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-06 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-06 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-06 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-06 116728]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2014-05-07 11576]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC64.SYS [2008-09-16 3479712]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-06 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-13 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-08-19 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rudy - pomale pc
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rudy - pomale pc
Logfile of random's system information tool 1.10 (written by random/random)
Run by XXX at 2015-04-18 20:49:46
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 24 GB (49%) free of 48 GB
Total RAM: 1790 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:52, on 18. 4. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\XXX.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6989 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe"
taskeng.exe {B23FBE6F-813E-4F4F-B340-D6C9989C09B5}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-55008d71-66cf-4f18-aadc-7e62744189d0 -SystemEventPortName:HostProcess-7d39f78a-b943-4744-ad54-411115f25058 -IoCancelEventPortName:HostProcess-5264a496-3fba-453d-bc0f-28a2856d9cfc -NonStateChangingEventPortName:HostProcess-ba007e6e-9186-4803-acc7-4e4dcf2e191c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b7e20390-835f-4228-b8b7-bc4aa1e190ac -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\PrintIsolationHost.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BackgroundRendererProcesses/Disallow/BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A2/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UwSInterstitialStatus/On/V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/*Win32kLockdown/Disabled/" --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=2784 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2784.0.752686468\1881081219" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A2/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UwSInterstitialStatus/On/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/*Win32kLockdown/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=2784 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2784.1.354429057\1566546804" /prefetch:673131151
"C:\Users\XXX\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-06 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-06 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15 172968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2014-09-08 464608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EEDSpeedLauncher"=C:\Windows\system32\eed_ec.dll [2014-10-30 3141120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-03-30 5227648]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-04-18 20:41:06 ----D---- C:\_OTM
2015-04-18 17:44:40 ----D---- C:\AdwCleaner
2015-04-17 17:37:49 ----D---- C:\Program Files\trend micro
2015-04-17 17:37:48 ----D---- C:\rsit
2015-04-15 22:34:53 ----SHD---- C:\Config.Msi
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wups.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 21:18:49 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 21:18:47 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 21:18:46 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-15 21:18:44 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 21:18:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-15 21:18:25 ----A---- C:\Windows\system32\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\KernelBase.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\kernel32.dll
2015-04-15 21:18:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-04-15 21:18:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-04-15 21:18:17 ----A---- C:\Windows\system32\wow64win.dll
2015-04-15 21:18:17 ----A---- C:\Windows\system32\schannel.dll
2015-04-15 21:18:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-04-15 21:18:16 ----A---- C:\Windows\system32\lsasrv.dll
2015-04-15 21:18:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\wow64.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\srcore.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\conhost.exe
2015-04-15 21:18:13 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\winsrv.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\rstrui.exe
2015-04-15 21:18:12 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\wdigest.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\kerberos.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-04-15 21:18:11 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\TSpkg.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\sspicli.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\smss.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\lsass.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\auditpol.exe
2015-04-15 21:18:09 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\ntvdm64.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\csrsrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\sspisrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\credssp.dll
2015-04-15 21:18:07 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-04-15 21:18:07 ----A---- C:\Windows\system32\wow64cpu.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\user.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-04-15 21:17:59 ----A---- C:\Windows\system32\apisetschema.dll
2015-04-15 21:17:58 ----A---- C:\Windows\system32\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\system32\msaudite.dll
2015-04-15 21:17:56 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-04-15 21:17:56 ----A---- C:\Windows\system32\msobjs.dll
2015-04-15 21:17:00 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\iernonce.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-15 21:16:49 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-04-15 21:16:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 21:16:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-04-15 21:16:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-04-15 21:16:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\urlmon.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\iedkcs32.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-04-15 21:16:38 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 21:16:36 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-15 21:16:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-04-15 21:16:34 ----A---- C:\Windows\system32\iesetup.dll
2015-04-15 21:16:33 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-15 21:16:32 ----A---- C:\Windows\system32\iertutil.dll
2015-04-15 21:16:31 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-04-15 21:16:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-15 21:16:28 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-04-15 21:16:26 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieui.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieframe.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9diag.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\wininet.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\vbscript.dll
2015-04-15 21:16:19 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-04-15 21:16:18 ----A---- C:\Windows\system32\msrating.dll
2015-04-15 21:16:12 ----A---- C:\Windows\system32\mshtml.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfs.sys
2015-04-15 21:14:37 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-04 14:58:10 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-04 14:58:09 ----SD---- C:\Windows\system32\GWX
2015-04-02 13:18:02 ----D---- C:\ProgramData\boost_interprocess
2015-04-02 12:31:09 ----D---- C:\Users\XXX\AppData\Roaming\Samsung
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files\Common Desktop Agent
2015-04-02 12:30:05 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2015-04-02 12:30:04 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-04-02 12:28:20 ----D---- C:\Program Files (x86)\Samsung
2015-04-02 12:01:26 ----RA---- C:\Windows\Wiainst64.exe
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaMinDrv.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaImgFlt.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaErHdlr.dll
2015-04-02 12:00:59 ----D---- C:\ProgramData\Samsung
2015-04-02 12:00:06 ----A---- C:\Windows\system32\ssm4mlm.dll
2015-04-02 12:00:06 ----A---- C:\Windows\system32\SBuySupplies.exe
2015-04-02 12:00:03 ----A---- C:\Windows\system32\eed_sl.exe
2015-04-02 12:00:02 ----A---- C:\Windows\system32\eed_ec.dll
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.exe
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.dll
2015-04-02 11:59:58 ----A---- C:\Windows\SYSWOW64\Ssusbpn.dll
2015-04-02 11:59:58 ----A---- C:\Windows\system32\Ssusbp64.dll
======List of files/folders modified in the last 1 month======
2015-04-18 20:47:45 ----D---- C:\Windows\system32\config
2015-04-18 20:47:43 ----D---- C:\Windows\Temp
2015-04-18 20:45:25 ----D---- C:\Windows\Prefetch
2015-04-18 20:41:06 ----D---- C:\Windows\Tasks
2015-04-18 18:53:06 ----SHD---- C:\System Volume Information
2015-04-18 18:53:03 ----D---- C:\Windows\rescache
2015-04-18 17:47:30 ----RD---- C:\Program Files (x86)
2015-04-18 17:47:30 ----RD---- C:\Program Files
2015-04-18 15:56:41 ----D---- C:\Windows\AppCompat
2015-04-18 12:14:00 ----D---- C:\Windows\System32
2015-04-18 12:14:00 ----D---- C:\Windows\inf
2015-04-18 12:14:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-18 12:07:37 ----D---- C:\Windows\system32\drivers
2015-04-17 19:03:04 ----D---- C:\Windows\Microsoft.NET
2015-04-17 18:51:06 ----RSD---- C:\Windows\assembly
2015-04-16 21:05:59 ----D---- C:\Windows\winsxs
2015-04-16 21:03:48 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\SysWOW64
2015-04-16 21:03:48 ----D---- C:\Windows\system32\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\PolicyDefinitions
2015-04-16 21:03:47 ----SD---- C:\Windows\system32\CompatTel
2015-04-16 21:03:47 ----D---- C:\Windows\system32\wbem
2015-04-16 21:03:47 ----D---- C:\Windows\system32\appraiser
2015-04-16 21:03:47 ----D---- C:\Windows\AppPatch
2015-04-16 21:03:44 ----D---- C:\Windows\SYSWOW64\en-US
2015-04-16 21:03:43 ----D---- C:\Windows\system32\en-US
2015-04-16 21:03:40 ----D---- C:\Program Files\Internet Explorer
2015-04-16 21:03:36 ----D---- C:\Program Files (x86)\Internet Explorer
2015-04-15 22:36:54 ----SHD---- C:\Windows\Installer
2015-04-15 22:35:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-15 22:32:45 ----D---- C:\Windows\system32\MRT
2015-04-15 22:27:36 ----A---- C:\Windows\system32\MRT.exe
2015-04-15 21:45:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-15 21:13:42 ----D---- C:\Windows\system32\catroot2
2015-04-07 20:38:21 ----D---- C:\Windows\system32\NDF
2015-04-05 18:48:02 ----D---- C:\Windows
2015-04-04 14:58:15 ----D---- C:\Windows\Logs
2015-04-02 15:50:36 ----D---- C:\Windows\system32\catroot
2015-04-02 13:18:02 ----HD---- C:\ProgramData
2015-04-02 12:32:13 ----D---- C:\Program Files (x86)\Common Files
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files
2015-04-02 12:30:27 ----D---- C:\Windows\system32\DriverStore
2015-04-02 12:30:16 ----D---- C:\Windows\twain_32
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-06 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-06 267632]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-06 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-06 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-06 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-06 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-06 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-06 116728]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2014-05-07 11576]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC64.SYS [2008-09-16 3479712]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-06 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-13 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-08-19 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Run by XXX at 2015-04-18 20:49:46
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 24 GB (49%) free of 48 GB
Total RAM: 1790 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:52, on 18. 4. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\XXX.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6989 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe"
taskeng.exe {B23FBE6F-813E-4F4F-B340-D6C9989C09B5}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-55008d71-66cf-4f18-aadc-7e62744189d0 -SystemEventPortName:HostProcess-7d39f78a-b943-4744-ad54-411115f25058 -IoCancelEventPortName:HostProcess-5264a496-3fba-453d-bc0f-28a2856d9cfc -NonStateChangingEventPortName:HostProcess-ba007e6e-9186-4803-acc7-4e4dcf2e191c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b7e20390-835f-4228-b8b7-bc4aa1e190ac -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\PrintIsolationHost.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BackgroundRendererProcesses/Disallow/BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A2/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UwSInterstitialStatus/On/V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/*Win32kLockdown/Disabled/" --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=2784 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2784.0.752686468\1881081219" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A2/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UwSInterstitialStatus/On/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/*Win32kLockdown/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=2784 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2784.1.354429057\1566546804" /prefetch:673131151
"C:\Users\XXX\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-06 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-06 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15 172968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2014-09-08 464608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EEDSpeedLauncher"=C:\Windows\system32\eed_ec.dll [2014-10-30 3141120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-03-30 5227648]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\XXX\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-04-18 20:41:06 ----D---- C:\_OTM
2015-04-18 17:44:40 ----D---- C:\AdwCleaner
2015-04-17 17:37:49 ----D---- C:\Program Files\trend micro
2015-04-17 17:37:48 ----D---- C:\rsit
2015-04-15 22:34:53 ----SHD---- C:\Config.Msi
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-15 21:19:15 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 21:19:14 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wups.dll
2015-04-15 21:19:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 21:18:51 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 21:18:50 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 21:18:49 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 21:18:47 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 21:18:46 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-15 21:18:44 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-15 21:18:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-15 21:18:43 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 21:18:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-15 21:18:25 ----A---- C:\Windows\system32\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\KernelBase.dll
2015-04-15 21:18:24 ----A---- C:\Windows\system32\kernel32.dll
2015-04-15 21:18:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-04-15 21:18:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-04-15 21:18:17 ----A---- C:\Windows\system32\wow64win.dll
2015-04-15 21:18:17 ----A---- C:\Windows\system32\schannel.dll
2015-04-15 21:18:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-04-15 21:18:16 ----A---- C:\Windows\system32\lsasrv.dll
2015-04-15 21:18:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\wow64.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\srcore.dll
2015-04-15 21:18:14 ----A---- C:\Windows\system32\conhost.exe
2015-04-15 21:18:13 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\winsrv.dll
2015-04-15 21:18:13 ----A---- C:\Windows\system32\rstrui.exe
2015-04-15 21:18:12 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\wdigest.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\msv1_0.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\kerberos.dll
2015-04-15 21:18:12 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-04-15 21:18:11 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\TSpkg.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\sspicli.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\ncrypt.dll
2015-04-15 21:18:11 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-04-15 21:18:10 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\smss.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\lsass.exe
2015-04-15 21:18:10 ----A---- C:\Windows\system32\auditpol.exe
2015-04-15 21:18:09 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\srclient.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\ntvdm64.dll
2015-04-15 21:18:09 ----A---- C:\Windows\system32\csrsrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-04-15 21:18:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\sspisrv.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\secur32.dll
2015-04-15 21:18:08 ----A---- C:\Windows\system32\credssp.dll
2015-04-15 21:18:07 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-04-15 21:18:07 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-04-15 21:18:07 ----A---- C:\Windows\system32\wow64cpu.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 21:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 21:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 21:18:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 21:18:03 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 21:18:02 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 21:18:01 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 21:18:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\user.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-04-15 21:17:59 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-04-15 21:17:59 ----A---- C:\Windows\system32\apisetschema.dll
2015-04-15 21:17:58 ----A---- C:\Windows\system32\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-04-15 21:17:57 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-04-15 21:17:57 ----A---- C:\Windows\system32\msaudite.dll
2015-04-15 21:17:56 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-04-15 21:17:56 ----A---- C:\Windows\system32\msobjs.dll
2015-04-15 21:17:00 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-04-15 21:16:55 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-04-15 21:16:54 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-04-15 21:16:54 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-04-15 21:16:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\iernonce.dll
2015-04-15 21:16:51 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-15 21:16:49 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-04-15 21:16:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 21:16:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-04-15 21:16:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-04-15 21:16:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-04-15 21:16:40 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\urlmon.dll
2015-04-15 21:16:39 ----A---- C:\Windows\system32\iedkcs32.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-04-15 21:16:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-04-15 21:16:38 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-04-15 21:16:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-04-15 21:16:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 21:16:36 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-15 21:16:36 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-15 21:16:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-04-15 21:16:34 ----A---- C:\Windows\system32\iesetup.dll
2015-04-15 21:16:33 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-15 21:16:32 ----A---- C:\Windows\system32\iertutil.dll
2015-04-15 21:16:31 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-04-15 21:16:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-04-15 21:16:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-15 21:16:29 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-15 21:16:28 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-04-15 21:16:26 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieui.dll
2015-04-15 21:16:25 ----A---- C:\Windows\system32\ieframe.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-04-15 21:16:24 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9diag.dll
2015-04-15 21:16:23 ----A---- C:\Windows\system32\jscript9.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\wininet.dll
2015-04-15 21:16:22 ----A---- C:\Windows\system32\vbscript.dll
2015-04-15 21:16:19 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-04-15 21:16:18 ----A---- C:\Windows\system32\msrating.dll
2015-04-15 21:16:12 ----A---- C:\Windows\system32\mshtml.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 21:14:38 ----A---- C:\Windows\system32\clfs.sys
2015-04-15 21:14:37 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-04 14:58:10 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-04 14:58:09 ----SD---- C:\Windows\system32\GWX
2015-04-02 13:18:02 ----D---- C:\ProgramData\boost_interprocess
2015-04-02 12:31:09 ----D---- C:\Users\XXX\AppData\Roaming\Samsung
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files\Common Desktop Agent
2015-04-02 12:30:05 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2015-04-02 12:30:04 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-04-02 12:28:20 ----D---- C:\Program Files (x86)\Samsung
2015-04-02 12:01:26 ----RA---- C:\Windows\Wiainst64.exe
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaMinDrv.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaImgFlt.dll
2015-04-02 12:01:13 ----A---- C:\Windows\system32\SaErHdlr.dll
2015-04-02 12:00:59 ----D---- C:\ProgramData\Samsung
2015-04-02 12:00:06 ----A---- C:\Windows\system32\ssm4mlm.dll
2015-04-02 12:00:06 ----A---- C:\Windows\system32\SBuySupplies.exe
2015-04-02 12:00:03 ----A---- C:\Windows\system32\eed_sl.exe
2015-04-02 12:00:02 ----A---- C:\Windows\system32\eed_ec.dll
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.exe
2015-04-02 12:00:01 ----A---- C:\Windows\system32\ssm4mci.dll
2015-04-02 11:59:58 ----A---- C:\Windows\SYSWOW64\Ssusbpn.dll
2015-04-02 11:59:58 ----A---- C:\Windows\system32\Ssusbp64.dll
======List of files/folders modified in the last 1 month======
2015-04-18 20:47:45 ----D---- C:\Windows\system32\config
2015-04-18 20:47:43 ----D---- C:\Windows\Temp
2015-04-18 20:45:25 ----D---- C:\Windows\Prefetch
2015-04-18 20:41:06 ----D---- C:\Windows\Tasks
2015-04-18 18:53:06 ----SHD---- C:\System Volume Information
2015-04-18 18:53:03 ----D---- C:\Windows\rescache
2015-04-18 17:47:30 ----RD---- C:\Program Files (x86)
2015-04-18 17:47:30 ----RD---- C:\Program Files
2015-04-18 15:56:41 ----D---- C:\Windows\AppCompat
2015-04-18 12:14:00 ----D---- C:\Windows\System32
2015-04-18 12:14:00 ----D---- C:\Windows\inf
2015-04-18 12:14:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-18 12:07:37 ----D---- C:\Windows\system32\drivers
2015-04-17 19:03:04 ----D---- C:\Windows\Microsoft.NET
2015-04-17 18:51:06 ----RSD---- C:\Windows\assembly
2015-04-16 21:05:59 ----D---- C:\Windows\winsxs
2015-04-16 21:03:48 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\SysWOW64
2015-04-16 21:03:48 ----D---- C:\Windows\system32\sk-SK
2015-04-16 21:03:48 ----D---- C:\Windows\PolicyDefinitions
2015-04-16 21:03:47 ----SD---- C:\Windows\system32\CompatTel
2015-04-16 21:03:47 ----D---- C:\Windows\system32\wbem
2015-04-16 21:03:47 ----D---- C:\Windows\system32\appraiser
2015-04-16 21:03:47 ----D---- C:\Windows\AppPatch
2015-04-16 21:03:44 ----D---- C:\Windows\SYSWOW64\en-US
2015-04-16 21:03:43 ----D---- C:\Windows\system32\en-US
2015-04-16 21:03:40 ----D---- C:\Program Files\Internet Explorer
2015-04-16 21:03:36 ----D---- C:\Program Files (x86)\Internet Explorer
2015-04-15 22:36:54 ----SHD---- C:\Windows\Installer
2015-04-15 22:35:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-15 22:32:45 ----D---- C:\Windows\system32\MRT
2015-04-15 22:27:36 ----A---- C:\Windows\system32\MRT.exe
2015-04-15 21:45:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-15 21:13:42 ----D---- C:\Windows\system32\catroot2
2015-04-07 20:38:21 ----D---- C:\Windows\system32\NDF
2015-04-05 18:48:02 ----D---- C:\Windows
2015-04-04 14:58:15 ----D---- C:\Windows\Logs
2015-04-02 15:50:36 ----D---- C:\Windows\system32\catroot
2015-04-02 13:18:02 ----HD---- C:\ProgramData
2015-04-02 12:32:13 ----D---- C:\Program Files (x86)\Common Files
2015-04-02 12:31:04 ----D---- C:\Program Files\Common Files
2015-04-02 12:30:27 ----D---- C:\Windows\system32\DriverStore
2015-04-02 12:30:16 ----D---- C:\Windows\twain_32
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-06 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-06 267632]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [2010-02-11 15000]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver; C:\Windows\system32\DRIVERS\xfiltx64.sys [2010-02-11 26776]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-06 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-06 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-06 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-06 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-06 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-06 116728]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2014-05-07 11576]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC64.SYS [2008-09-16 3479712]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-06 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-13 114688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-08-19 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rudy - pomale pc
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rudy - pomale pc
Vraj nastala velmi mala zmena:
"-Tie okna ked s nimi taham uz tolko nesekaju, aj pri prezerani fotiek alebo slidov je to sviezejsie
-Videa na youtube stale sekaju
-Este skusim rozbeh po restarte
-A restart neprebehol o moc rychlejsie
-Takze celkovo len nepatrna zmena"
"-Tie okna ked s nimi taham uz tolko nesekaju, aj pri prezerani fotiek alebo slidov je to sviezejsie
-Videa na youtube stale sekaju
-Este skusim rozbeh po restarte
-A restart neprebehol o moc rychlejsie
-Takze celkovo len nepatrna zmena"
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rudy - pomale pc
Na YT klikněte pravým myšítkem do obrazu videa>nastavení a vypněte hardwarovou akceleraci.
Dále Startmenu>přík. řádek>(napsat) msconfig>Enter. Na záložkách "Po spuštění" a "Služby" odstraňte zatržítka u všech položek, které nemusí automaticky startovat. Tj. u takových, které lze v případě potřeby spustit ručně.
Dále Startmenu>přík. řádek>(napsat) msconfig>Enter. Na záložkách "Po spuštění" a "Služby" odstraňte zatržítka u všech položek, které nemusí automaticky startovat. Tj. u takových, které lze v případě potřeby spustit ručně.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rudy - pomale pc
1. v tom videu bola ta akceleracia vypnuta, ale videa stale rovnako sekaju
2. v tom msconfig, odskrtol vsetko okrem toho co patrilo pod microsoft a avast, pc sa zrychlil:
"- Tak ten start je ovela lepsi, len uz nepamatam ako to islo, ked to bolo ok, neviem to porovnat
- Ine veci, ako napr. praca v Office programoch ako PowerPoint alebo Word - tam je to omnoho lepsie
- Aj internet mi pride rychlejsi, mensie casove intervaly pri nacitavani
- To video ma asi stve najviac"
2. v tom msconfig, odskrtol vsetko okrem toho co patrilo pod microsoft a avast, pc sa zrychlil:
"- Tak ten start je ovela lepsi, len uz nepamatam ako to islo, ked to bolo ok, neviem to porovnat
- Ine veci, ako napr. praca v Office programoch ako PowerPoint alebo Word - tam je to omnoho lepsie
- Aj internet mi pride rychlejsi, mensie casove intervaly pri nacitavani
- To video ma asi stve najviac"
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rudy - pomale pc
V kterém prohlížeči se to děje?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rudy - pomale pc
skusal to v internet explorer a v google chrome, len tieto dva ma nainstalovane, v oboch sa deje to iste
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rudy - pomale pc
Chrome zazálohujte pomocí ChromeBackup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . Pak Chrome odinstalujte vč. jeho profilu. Znovu nainstalujte a zpět ze zálohy nakopírujte pouze záložky a hesla.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rudy - pomale pc
chrome bol odinstalovany, vymazany, nainstalovany a tie videa na youtube stale sekaju 
sekaju len ked su na celej obrazovke, inak nie; kamarat sa o tom zabudol zmienit
sekaju len ked su na celej obrazovke, inak nie; kamarat sa o tom zabudol zmienit
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
Přispějete na provoz fóra?