VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podezření na havěť, prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=144077

Stránka 1 z 1

Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 07:54
od xjamie
Dobrý den :)
moc prosím o kontrolu logu..

--------------------------------------------------------------------------------------------------------------


Logfile of random's system information tool 1.10 (written by random/random)
Run by K-9 at 2015-04-22 08:46:50
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 373 GB (39%) free of 954 GB
Total RAM: 4095 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:54, on 22.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\K-9.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: SalePlus - {8b085ae7-0656-47f5-94f8-5d8fd9eb3ef2} - C:\Program Files (x86)\SalePlus\gxol1ROaeHLRgL.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: bestadblocker - {afb79f6c-a6fe-47a4-be76-4d7bf40e89ae} - C:\Program Files (x86)\bestadblocker\mje9NzbbVLwb2Z.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\RunOnce: [20150107] C:\Program Files\Alwil Software\Avast5\setup\emupdate\55fecea7-0b0b-41cb-b2b7-f706eaea6697.exe /check
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - Avast Software s.r.o. - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9113 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Alwil Software\Avast5\afwServ.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 2092
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
ngservice.exe pipeserver
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3224.0.712713679\920470154" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,41,50 --gpu-vendor-id=0x10de --gpu-device-id=0x0640 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1106 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/None/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHUPDecayWithHQPRelevanceScoring_HUPDecayDisabled/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3224 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --channel="3224.2.1001169856\208842230" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/None/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHUPDecayWithHQPRelevanceScoring_HUPDecayDisabled/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3224 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --channel="3224.3.2116827915\1496387412" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/None/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHUPDecayWithHQPRelevanceScoring_HUPDecayDisabled/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3224 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --channel="3224.4.836164329\1661366996" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/None/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHUPDecayWithHQPRelevanceScoring_HUPDecayDisabled/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3224 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --channel="3224.7.560058558\1841276577" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/None/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHUPDecayWithHQPRelevanceScoring_HUPDecayDisabled/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3224 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --channel="3224.17.221108765\1995141188" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/None/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHUPDecayWithHQPRelevanceScoring_HUPDecayDisabled/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3224 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --channel="3224.22.1686812965\1708964124" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/None/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHUPDecayWithHQPRelevanceScoring_HUPDecayDisabled/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3224 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --channel="3224.23.1911779783\622095409" /prefetch:673131151
taskeng.exe {1867E1FC-4ABA-4DB4-A5EF-C4D597F31D98}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/None/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHUPDecayWithHQPRelevanceScoring_HUPDecayDisabled/*PasswordGeneration/Disabled/*PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3224 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --channel="3224.26.1472523232\119080784" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/None/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHUPDecayWithHQPRelevanceScoring_HUPDecayDisabled/*PasswordGeneration/Disabled/*PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3224 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --channel="3224.27.1108256266\878650096" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\K-9\Downloads\na viry\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\K-9\AppData\Roaming\Mozilla\Firefox\Profiles\67mutigk.default-1423493301421

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.google.com/?trackid=sp-006"
prefs.js - "keyword.URL" - "https://www.google.com/search/?trackid=sp-006"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4]
"Description"=Office Live Update v1.4
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll


C:\Users\K-9\AppData\Roaming\Mozilla\Firefox\Profiles\67mutigk.default-1423493301421\searchplugins\
google-avast.xml
mystartsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b085ae7-0656-47f5-94f8-5d8fd9eb3ef2}]
SalePlus - C:\Program Files (x86)\SalePlus\gxol1ROaeHLRgL.x64.dll [2015-04-20 909312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-04-20 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afb79f6c-a6fe-47a4-be76-4d7bf40e89ae}]
bestadblocker - C:\Program Files (x86)\bestadblocker\mje9NzbbVLwb2Z.x64.dll [2015-04-20 909312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-15 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b085ae7-0656-47f5-94f8-5d8fd9eb3ef2}]
SalePlus - C:\Program Files (x86)\SalePlus\gxol1ROaeHLRgL.dll [2015-04-20 838144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-20 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afb79f6c-a6fe-47a4-be76-4d7bf40e89ae}]
bestadblocker - C:\Program Files (x86)\bestadblocker\mje9NzbbVLwb2Z.dll [2015-04-20 838144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-15 172968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"=C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [2010-03-23 417280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
C:\Program Files\Alwil Software\Avast5\setup\emupdate\d203524f-2c25-4c4a-ac8c-2c11d8ef41b0.exe [2013-11-27 180184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-04-20 5512912]
"Nikon Message Center 2"=C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"=C:\Program Files\Alwil Software\Avast5\setup\emupdate\55fecea7-0b0b-41cb-b2b7-f706eaea6697.exe [2015-04-22 183232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-06-16 259072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-04-22 08:46:50 ----D---- C:\rsit
2015-04-20 14:38:53 ----A---- C:\Windows\system32\aswBoot.exe
2015-04-20 14:37:44 ----A---- C:\Windows\avastSS.scr
2015-04-20 14:36:53 ----A---- C:\Windows\system32\drivers\aswNdisFlt.sys
2015-04-20 14:33:33 ----D---- C:\Users\K-9\AppData\Roaming\EZDownloader
2015-04-20 14:30:40 ----D---- C:\Program Files (x86)\IndepthGeneration
2015-04-20 14:30:15 ----D---- C:\Program Files (x86)\Reddit Liquid Streams
2015-04-20 14:29:57 ----D---- C:\Program Files (x86)\bestadblocker
2015-04-20 14:29:35 ----D---- C:\Program Files (x86)\SalePlus
2015-04-20 14:29:20 ----D---- C:\ProgramData\2313918003772812753
2015-04-20 14:29:20 ----D---- C:\Program Files (x86)\SiaulePlusi
2015-04-20 14:29:06 ----D---- C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf
2015-04-20 14:28:23 ----D---- C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1}
2015-04-14 20:54:51 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-14 20:54:50 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-14 20:54:50 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-14 20:54:50 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-14 20:54:50 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-14 20:54:50 ----A---- C:\Windows\system32\wups2.dll
2015-04-14 20:54:50 ----A---- C:\Windows\system32\wups.dll
2015-04-14 20:54:50 ----A---- C:\Windows\system32\wudriver.dll
2015-04-14 20:54:50 ----A---- C:\Windows\system32\wucltux.dll
2015-04-14 20:54:50 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-14 20:54:50 ----A---- C:\Windows\system32\wuapp.exe
2015-04-14 20:54:50 ----A---- C:\Windows\system32\wuapi.dll
2015-04-14 20:54:50 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 20:54:50 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-14 20:54:49 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-14 20:54:49 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-14 20:54:46 ----A---- C:\Windows\system32\invagent.dll
2015-04-14 20:54:46 ----A---- C:\Windows\system32\generaltel.dll
2015-04-14 20:54:46 ----A---- C:\Windows\system32\devinv.dll
2015-04-14 20:54:46 ----A---- C:\Windows\system32\appraiser.dll
2015-04-14 20:54:46 ----A---- C:\Windows\system32\aeinv.dll
2015-04-14 20:54:46 ----A---- C:\Windows\system32\acmigration.dll
2015-04-14 20:54:45 ----A---- C:\Windows\system32\aepic.dll
2015-04-14 20:54:45 ----A---- C:\Windows\system32\aepdu.dll
2015-04-14 20:54:44 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-14 20:54:44 ----A---- C:\Windows\system32\gdi32.dll
2015-04-14 20:54:38 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-14 20:54:37 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-04-14 20:54:37 ----A---- C:\Windows\system32\ntdll.dll
2015-04-14 20:54:37 ----A---- C:\Windows\system32\KernelBase.dll
2015-04-14 20:54:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-04-14 20:54:36 ----A---- C:\Windows\system32\kernel32.dll
2015-04-14 20:54:35 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-04-14 20:54:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-04-14 20:54:34 ----A---- C:\Windows\system32\wow64win.dll
2015-04-14 20:54:34 ----A---- C:\Windows\system32\schannel.dll
2015-04-14 20:54:33 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-04-14 20:54:33 ----A---- C:\Windows\system32\wow64.dll
2015-04-14 20:54:33 ----A---- C:\Windows\system32\lsasrv.dll
2015-04-14 20:54:32 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-04-14 20:54:32 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-04-14 20:54:32 ----A---- C:\Windows\system32\winsrv.dll
2015-04-14 20:54:32 ----A---- C:\Windows\system32\srcore.dll
2015-04-14 20:54:32 ----A---- C:\Windows\system32\rstrui.exe
2015-04-14 20:54:32 ----A---- C:\Windows\system32\kerberos.dll
2015-04-14 20:54:32 ----A---- C:\Windows\system32\conhost.exe
2015-04-14 20:54:31 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-04-14 20:54:31 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-04-14 20:54:31 ----A---- C:\Windows\system32\wdigest.dll
2015-04-14 20:54:31 ----A---- C:\Windows\system32\TSpkg.dll
2015-04-14 20:54:31 ----A---- C:\Windows\system32\sspicli.dll
2015-04-14 20:54:31 ----A---- C:\Windows\system32\ncrypt.dll
2015-04-14 20:54:31 ----A---- C:\Windows\system32\msv1_0.dll
2015-04-14 20:54:31 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-04-14 20:54:31 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-04-14 20:54:30 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-04-14 20:54:30 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-04-14 20:54:30 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-04-14 20:54:30 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-04-14 20:54:30 ----A---- C:\Windows\system32\sspisrv.dll
2015-04-14 20:54:30 ----A---- C:\Windows\system32\srclient.dll
2015-04-14 20:54:30 ----A---- C:\Windows\system32\smss.exe
2015-04-14 20:54:30 ----A---- C:\Windows\system32\ntvdm64.dll
2015-04-14 20:54:30 ----A---- C:\Windows\system32\lsass.exe
2015-04-14 20:54:30 ----A---- C:\Windows\system32\csrsrv.dll
2015-04-14 20:54:30 ----A---- C:\Windows\system32\auditpol.exe
2015-04-14 20:54:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:54:29 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:54:29 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:54:29 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:54:29 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-04-14 20:54:29 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-04-14 20:54:29 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-04-14 20:54:29 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-04-14 20:54:29 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-04-14 20:54:29 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-04-14 20:54:29 ----A---- C:\Windows\system32\wow64cpu.dll
2015-04-14 20:54:29 ----A---- C:\Windows\system32\secur32.dll
2015-04-14 20:54:29 ----A---- C:\Windows\system32\credssp.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:54:28 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:54:27 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:54:26 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:54:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:54:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:54:25 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:54:25 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:54:25 ----A---- C:\Windows\SYSWOW64\user.exe
2015-04-14 20:54:25 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-04-14 20:54:25 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-04-14 20:54:25 ----A---- C:\Windows\system32\apisetschema.dll
2015-04-14 20:54:24 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-04-14 20:54:24 ----A---- C:\Windows\system32\adtschema.dll
2015-04-14 20:54:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-04-14 20:54:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-04-14 20:54:23 ----A---- C:\Windows\system32\msobjs.dll
2015-04-14 20:54:23 ----A---- C:\Windows\system32\msaudite.dll
2015-04-14 20:54:15 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-14 20:54:15 ----A---- C:\Windows\system32\msxml3.dll
2015-04-14 20:54:14 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-14 20:54:14 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-14 20:54:13 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-14 20:54:12 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-04-14 20:54:12 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-04-14 20:54:12 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-04-14 20:54:12 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-04-14 20:54:11 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-04-14 20:54:11 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-04-14 20:54:10 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-04-14 20:54:10 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-04-14 20:54:10 ----A---- C:\Windows\system32\iernonce.dll
2015-04-14 20:54:10 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-14 20:54:09 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-04-14 20:54:09 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-04-14 20:54:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-04-14 20:54:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 20:54:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-04-14 20:54:06 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-04-14 20:54:06 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-04-14 20:54:06 ----A---- C:\Windows\system32\urlmon.dll
2015-04-14 20:54:06 ----A---- C:\Windows\system32\iedkcs32.dll
2015-04-14 20:54:05 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-04-14 20:54:05 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-04-14 20:54:05 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-04-14 20:54:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-04-14 20:54:05 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 20:54:04 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-04-14 20:54:04 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-04-14 20:54:04 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 20:54:04 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-14 20:54:04 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-14 20:54:03 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-04-14 20:54:02 ----A---- C:\Windows\system32\iesetup.dll
2015-04-14 20:54:02 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-14 20:54:01 ----A---- C:\Windows\system32\iertutil.dll
2015-04-14 20:54:00 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-04-14 20:54:00 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-04-14 20:53:59 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-04-14 20:53:59 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-04-14 20:53:59 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-14 20:53:59 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-14 20:53:58 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-04-14 20:53:57 ----A---- C:\Windows\system32\ieui.dll
2015-04-14 20:53:57 ----A---- C:\Windows\system32\ieframe.dll
2015-04-14 20:53:57 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-14 20:53:56 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-04-14 20:53:56 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-14 20:53:55 ----A---- C:\Windows\system32\jscript9diag.dll
2015-04-14 20:53:55 ----A---- C:\Windows\system32\jscript9.dll
2015-04-14 20:53:54 ----A---- C:\Windows\system32\wininet.dll
2015-04-14 20:53:54 ----A---- C:\Windows\system32\vbscript.dll
2015-04-14 20:53:53 ----A---- C:\Windows\system32\msrating.dll
2015-04-14 20:53:53 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-04-14 20:53:52 ----A---- C:\Windows\system32\mshtml.dll
2015-04-14 20:53:10 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-14 20:53:10 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-14 20:53:10 ----A---- C:\Windows\system32\clfs.sys
2015-04-14 11:45:47 ----D---- C:\Users\K-9\AppData\Roaming\LeeGT-Games
2015-04-14 10:59:49 ----D---- C:\Program Files (x86)\CPU Thermometer
2015-04-11 11:01:23 ----D---- C:\Users\K-9\AppData\Roaming\aliasworlds
2015-04-11 11:01:23 ----D---- C:\ProgramData\aliasworlds
2015-04-10 18:27:35 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-04-04 22:49:36 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-04 22:49:35 ----SD---- C:\Windows\system32\GWX

======List of files/folders modified in the last 1 month======

2015-04-22 08:46:54 ----D---- C:\Windows\Prefetch
2015-04-22 08:46:53 ----D---- C:\Program Files\trend micro
2015-04-22 07:56:07 ----D---- C:\Windows\temp
2015-04-22 07:38:59 ----D---- C:\Windows\system32\config
2015-04-22 07:24:48 ----D---- C:\ProgramData\NVIDIA
2015-04-21 09:14:21 ----D---- C:\Windows\Tasks
2015-04-21 09:14:21 ----D---- C:\Windows\system32\Tasks
2015-04-20 21:33:12 ----D---- C:\Users\K-9\AppData\Roaming\vlc
2015-04-20 20:13:51 ----SHD---- C:\System Volume Information
2015-04-20 14:49:25 ----D---- C:\Windows\system32\drivers
2015-04-20 14:49:24 ----D---- C:\Windows
2015-04-20 14:44:55 ----D---- C:\Windows\inf
2015-04-20 14:44:41 ----D---- C:\Windows\system32\DriverStore
2015-04-20 14:38:53 ----D---- C:\Windows\System32
2015-04-20 14:33:57 ----RD---- C:\Program Files (x86)
2015-04-20 14:33:56 ----D---- C:\Windows\SysWOW64
2015-04-20 14:29:20 ----D---- C:\ProgramData
2015-04-19 03:11:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-17 14:08:20 ----D---- C:\Windows\system32\wdi
2015-04-15 18:34:03 ----D---- C:\Windows\AppCompat
2015-04-15 18:27:41 ----D---- C:\Windows\rescache
2015-04-15 18:09:15 ----D---- C:\Windows\Microsoft.NET
2015-04-15 17:44:00 ----RSD---- C:\Windows\assembly
2015-04-15 08:15:08 ----D---- C:\Windows\winsxs
2015-04-15 08:14:41 ----D---- C:\Windows\system32\catroot2
2015-04-15 08:09:59 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-04-15 08:09:59 ----D---- C:\Windows\PolicyDefinitions
2015-04-15 08:09:58 ----SD---- C:\Windows\system32\CompatTel
2015-04-15 08:09:58 ----D---- C:\Windows\system32\cs-CZ
2015-04-15 08:09:58 ----D---- C:\Windows\system32\appraiser
2015-04-15 08:09:58 ----D---- C:\Windows\AppPatch
2015-04-15 08:09:54 ----D---- C:\Windows\SYSWOW64\en-US
2015-04-15 08:09:54 ----D---- C:\Program Files\Internet Explorer
2015-04-15 08:09:53 ----D---- C:\Windows\system32\en-US
2015-04-15 08:09:53 ----D---- C:\Program Files (x86)\Internet Explorer
2015-04-15 08:09:48 ----D---- C:\Config.Msi
2015-04-14 22:01:15 ----SHD---- C:\Windows\Installer
2015-04-14 22:01:15 ----D---- C:\ProgramData\Microsoft Help
2015-04-14 22:00:05 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-14 21:57:34 ----RD---- C:\Program Files (x86)\Skype
2015-04-14 21:57:30 ----D---- C:\ProgramData\Skype
2015-04-14 21:56:44 ----D---- C:\Windows\system32\MRT
2015-04-14 21:51:32 ----D---- C:\Windows\debug
2015-04-14 21:51:28 ----A---- C:\Windows\system32\MRT.exe
2015-04-14 21:42:15 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-14 21:31:31 ----D---- C:\Windows\system32\wfp
2015-04-14 21:31:29 ----D---- C:\Windows\system32\wbem
2015-04-14 21:31:29 ----D---- C:\Windows\registration
2015-04-14 11:41:37 ----RD---- C:\Hry
2015-04-14 10:55:55 ----D---- C:\Users\K-9\AppData\Roaming\Media Player Classic
2015-04-14 10:55:14 ----D---- C:\Windows\Logs
2015-04-14 10:52:11 ----RD---- C:\Filmy Verunka
2015-04-14 10:51:55 ----RD---- C:\music
2015-04-14 10:51:06 ----D---- C:\Mareček
2015-04-14 10:50:23 ----D---- C:\Verunčino
2015-04-12 18:15:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-11 22:33:47 ----D---- C:\ProgramData\tmp
2015-04-11 22:27:13 ----D---- C:\Program Files (x86)\HF Designer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2015-04-20 449896]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-04-20 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-04-20 271200]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-19 530488]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2015-04-20 28144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-04-20 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-04-20 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-04-20 442264]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 85424]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-04-20 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-04-20 88408]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-04-20 136752]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [2015-04-20 273824]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-26 279616]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 au478bfk;au478bfk; C:\Windows\system32\drivers\au478bfk.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-16 6112672]
S3 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-06-26 105312]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 nvrd64;nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [2009-08-04 175648]
S3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704]
S3 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-08-04 241696]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2014-01-22 206080]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\K-9\AppData\Local\Temp\tmpF4BA.tmp []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2015-04-20 343336]
R2 avast! Firewall;Avast Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [2015-04-20 107448]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [2015-04-20 4030800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14 268464]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-13 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-10 148080]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-03 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 08:03
od altrok
Zdravim :bye:


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Cleaning
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 08:25
od xjamie
Měla jsem trošku problém.... během čištění přestal PC reagovat a po ručním restartu se log neobjevil, nebyl ani v adresáři na C:\Adw..., koš nebyl vysypaný a vyhodilo mi to hlášku o neplatném nastavení Chrome.
Spustila jsem AdwCleaner znovu.
Tady je log:

# AdwCleaner v4.201 - Log vytvořen 22/04/2015 v 09:19:58
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Local]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : K-9 - K-9-PC
# Spuštěno z : C:\Users\K-9\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Data Smazáno : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.1 (x86 cs)


-\\ Google Chrome v42.0.2311.90


-\\ Chromium v


*************************

AdwCleaner[R3].txt - [14053 bytů] - [22/04/2015 09:08:46]
AdwCleaner[R4].txt - [1053 bytů] - [22/04/2015 09:18:05]
AdwCleaner[S2].txt - [13059 bytů] - [22/04/2015 09:10:54]
AdwCleaner[S3].txt - [979 bytů] - [22/04/2015 09:19:58]

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 08:31
od altrok
:arrow: Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 08:54
od xjamie
FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by K-9 (administrator) on K-9-PC on 22-04-2015 09:44:46
Running from C:\Users\K-9\Desktop
Loaded Profiles: K-9 (Available profiles: K-9 & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\ng\ngservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5512912 2015-04-20] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\...\Run: [CursorFX] => C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [417280 2010-03-23] (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-04-20] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K-9\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K-9\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K-9\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\K-9\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3141540243-243388506-3865213098-1000 -> {399a1442-7377-49e7-8d77-6dc9ed5968c1} URL = http://www.zbozi.cz/?q={searchTerms}&so ... earch_6826
SearchScopes: HKU\S-1-5-21-3141540243-243388506-3865213098-1000 -> {5cf5d387-d87c-4408-9a6b-301b0713d62a} URL = http://www.mapy.cz/?query={searchTerms} ... earch_6826
SearchScopes: HKU\S-1-5-21-3141540243-243388506-3865213098-1000 -> {B5D5405D-F232-4509-B1E7-9DFAF480F350} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\S-1-5-21-3141540243-243388506-3865213098-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\S-1-5-21-3141540243-243388506-3865213098-1000 -> {eb97f7df-1773-4916-aae6-5af74da8c69d} URL = http://www.firmy.cz/phr/{searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-04-20] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-20] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-15] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\K-9\AppData\Roaming\Mozilla\Firefox\Profiles\67mutigk.default-1423493301421
FF DefaultSearchEngine: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\K-9\AppData\Roaming\Mozilla\Firefox\Profiles\67mutigk.default-1423493301421\searchplugins\google-avast.xml [2015-04-20]
FF Extension: Adblock Plus - C:\Users\K-9\AppData\Roaming\Mozilla\Firefox\Profiles\67mutigk.default-1423493301421\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: No Name - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-01-09]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\K-9\AppData\Roaming\Mozilla\Firefox\Profiles\67mutigk.default-1423493301421\extensions\sweetsearch@gmail.com

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\K-9\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\K-9\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-04-20] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [107448 2015-04-20] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-20] (Avast Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-20] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-20] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-20] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-20] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-20] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-05-26] (DT Soft Ltd)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6112672 2009-06-16] (Intel Corporation) [File not signed]
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-19] () [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-04-20] (Avast Software)
U3 a7gzf02j; C:\Windows\System32\Drivers\a7gzf02j.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\K-9\AppData\Local\Temp\tmpF4BA.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 09:44 - 2015-04-22 09:45 - 00016171 _____ () C:\Users\K-9\Desktop\FRST.txt
2015-04-22 09:44 - 2015-04-22 09:44 - 00000000 ____D () C:\FRST
2015-04-22 09:42 - 2015-04-22 09:42 - 02099712 _____ (Farbar) C:\Users\K-9\Desktop\FRST64.exe
2015-04-22 09:08 - 2015-04-22 09:20 - 00000000 ____D () C:\AdwCleaner
2015-04-22 09:08 - 2015-04-22 09:07 - 02217984 _____ () C:\Users\K-9\Desktop\adwcleaner_4.201.exe
2015-04-22 08:46 - 2015-04-22 09:07 - 00000000 ____D () C:\Users\K-9\Downloads\na viry
2015-04-22 08:46 - 2015-04-22 08:46 - 00000000 ____D () C:\rsit
2015-04-20 14:49 - 2015-04-20 14:49 - 00002034 _____ () C:\Windows\PFRO.log
2015-04-20 14:38 - 2015-04-20 14:37 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-20 14:37 - 2015-04-20 14:37 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-20 14:36 - 2015-04-20 14:36 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-04-20 14:30 - 2015-04-20 16:08 - 00000000 ____D () C:\Program Files (x86)\Reddit Liquid Streams
2015-04-20 14:29 - 2015-04-20 14:29 - 00000000 ____D () C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf
2015-04-20 14:29 - 2015-04-20 14:29 - 00000000 ____D () C:\ProgramData\2313918003772812753
2015-04-20 14:28 - 2015-04-21 09:14 - 00000000 ____D () C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1}
2015-04-20 13:38 - 2015-04-20 13:50 - 00000000 ____D () C:\Users\K-9\Desktop\na face Hodonín
2015-04-20 07:47 - 2015-04-20 08:12 - 00000000 ____D () C:\Users\K-9\Desktop\ZOO Hodonín 19.04.2015
2015-04-20 07:34 - 2015-04-20 07:35 - 00000199 _____ () C:\Windows\system32\2015-04-20-05-34-39.064-AvastVBoxSVC.exe-3924.log
2015-04-18 20:17 - 2015-04-18 20:17 - 00000199 _____ () C:\Windows\system32\2015-04-18-18-17-30.084-AvastVBoxSVC.exe-3944.log
2015-04-17 14:08 - 2015-04-17 14:09 - 00000199 _____ () C:\Windows\system32\2015-04-17-12-08-45.027-AvastVBoxSVC.exe-3096.log
2015-04-16 10:04 - 2015-04-16 10:26 - 00000000 ____D () C:\Users\K-9\Downloads\Přibice - PD pro stavební řízení
2015-04-16 10:04 - 2015-04-16 10:04 - 04024851 _____ () C:\Users\K-9\Downloads\Přibice - PD pro stavební řízení.zip
2015-04-16 09:45 - 2015-04-16 09:45 - 00000199 _____ () C:\Windows\system32\2015-04-16-07-45-04.083-AvastVBoxSVC.exe-3932.log
2015-04-15 15:48 - 2015-04-15 15:49 - 00000199 _____ () C:\Windows\system32\2015-04-15-13-48-52.067-AvastVBoxSVC.exe-3928.log
2015-04-15 08:17 - 2015-04-15 08:17 - 00000199 _____ () C:\Windows\system32\2015-04-15-06-17-05.044-AvastVBoxSVC.exe-2636.log
2015-04-14 21:57 - 2015-04-14 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-14 21:05 - 2015-04-14 21:05 - 00000249 _____ () C:\Windows\system32\2015-04-14-19-05-54.052-aswFe.exe-4468.log
2015-04-14 21:01 - 2015-04-14 21:05 - 00000249 _____ () C:\Windows\system32\2015-04-14-19-01-15.054-aswFe.exe-1916.log
2015-04-14 21:01 - 2015-04-14 21:01 - 00000199 _____ () C:\Windows\system32\2015-04-14-19-01-10.097-AvastVBoxSVC.exe-3956.log
2015-04-14 20:54 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 20:54 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 20:54 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 20:54 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 20:54 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 20:54 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 20:54 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 20:54 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 20:54 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 20:54 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 20:54 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 20:54 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 20:54 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 20:54 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 20:54 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 20:54 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 20:54 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 20:54 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 20:54 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 20:54 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 20:54 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 20:54 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 20:54 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 20:54 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 20:54 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 20:54 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 20:54 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 20:54 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 20:54 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 20:54 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 20:54 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 20:54 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 20:54 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 20:54 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 20:54 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 20:54 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 20:54 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 20:54 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 20:54 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 20:54 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 20:54 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 20:54 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 20:54 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 20:54 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 20:54 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 20:54 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 20:54 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 20:54 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 20:54 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 20:54 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 20:54 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 20:54 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 20:54 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 20:54 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 20:54 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 20:54 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 20:54 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 20:54 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 20:54 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 20:54 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 20:54 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 20:54 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 20:54 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:54 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:54 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 20:54 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 20:54 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 20:54 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 20:54 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 20:54 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 20:54 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 20:54 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 20:54 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 20:54 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 20:54 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 20:54 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 20:54 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 20:54 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 20:54 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 20:54 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 20:54 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 20:54 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 20:54 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 20:54 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 20:54 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 20:54 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 20:54 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 20:54 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 20:54 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 20:54 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 20:54 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 20:54 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 20:54 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 20:54 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 20:54 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 20:54 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 20:54 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 20:54 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 20:54 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 20:54 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 20:54 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 20:54 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 20:54 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 20:54 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 20:54 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 20:54 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 20:54 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 20:54 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 20:53 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 20:53 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 20:53 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 20:53 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 20:53 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 20:53 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 20:53 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 20:53 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 20:53 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 20:53 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 20:53 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 20:53 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 20:53 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 20:53 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 20:53 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 20:53 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 20:53 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 20:53 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 20:53 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 20:53 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 20:53 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 20:53 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 20:38 - 2015-04-14 20:38 - 00000199 _____ () C:\Windows\system32\2015-04-14-18-38-52.052-AvastVBoxSVC.exe-3524.log
2015-04-14 20:35 - 2015-04-22 09:21 - 00000728 _____ () C:\Windows\setupact.log
2015-04-14 20:35 - 2015-04-14 20:35 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-14 11:45 - 2015-04-14 21:31 - 00000000 ____D () C:\Users\K-9\AppData\Roaming\LeeGT-Games
2015-04-14 10:59 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\CPU Thermometer
2015-04-14 10:59 - 2015-04-14 10:59 - 00669046 _____ (cputhermometer.com ) C:\Users\K-9\Downloads\cputhermometer_setup.exe
2015-04-14 10:59 - 2015-04-14 10:59 - 00001086 _____ () C:\Users\Public\Desktop\CPU Thermometer.lnk
2015-04-14 10:59 - 2015-04-14 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU Thermometer
2015-04-11 11:48 - 2015-04-11 11:48 - 00001226 _____ () C:\Users\K-9\Desktop\MyFarmLife.lnk
2015-04-11 11:01 - 2015-04-11 11:01 - 00000000 ____D () C:\Users\K-9\AppData\Roaming\aliasworlds
2015-04-11 11:01 - 2015-04-11 11:01 - 00000000 ____D () C:\ProgramData\aliasworlds
2015-04-10 18:27 - 2015-04-10 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 22:49 - 2015-04-04 22:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 22:49 - 2015-04-04 22:49 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 09:42 - 2014-12-19 22:32 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-22 09:29 - 2009-07-14 06:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 09:29 - 2009-07-14 06:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 09:25 - 2010-09-02 17:35 - 01864890 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 09:21 - 2014-05-09 23:21 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 09:21 - 2011-11-15 18:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-22 09:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-22 09:14 - 2012-08-09 09:30 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-22 09:10 - 2010-09-02 17:42 - 00000000 ____D () C:\Users\K-9
2015-04-22 08:48 - 2014-05-09 23:21 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 08:46 - 2013-12-25 11:58 - 00000000 ____D () C:\Program Files\trend micro
2015-04-20 21:33 - 2012-05-20 13:19 - 00000000 ____D () C:\Users\K-9\AppData\Roaming\vlc
2015-04-20 20:14 - 2015-03-02 15:57 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-20 20:14 - 2015-03-02 15:57 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-20 20:14 - 2013-12-13 13:57 - 00000000 ____D () C:\Users\K-9\Downloads\JEŠTĚ JSME NEVIDĚLI
2015-04-20 14:37 - 2014-05-04 20:22 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-20 14:37 - 2013-12-27 12:24 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-20 14:37 - 2013-03-16 00:05 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-20 14:37 - 2013-03-16 00:05 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-20 14:37 - 2012-11-13 21:20 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-20 14:37 - 2012-04-05 18:04 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-20 14:37 - 2012-01-09 17:36 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-20 14:37 - 2010-09-03 11:34 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-20 14:37 - 2010-09-03 11:34 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-20 08:06 - 2014-09-07 19:28 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-04-19 03:11 - 2009-07-14 17:18 - 00684468 _____ () C:\Windows\system32\perfh005.dat
2015-04-19 03:11 - 2009-07-14 17:18 - 00148080 _____ () C:\Windows\system32\perfc005.dat
2015-04-19 03:11 - 2009-07-14 07:13 - 01620862 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 20:20 - 2014-02-04 18:01 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 18:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 18:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 08:09 - 2014-12-11 20:14 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:09 - 2014-04-30 22:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 08:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-14 22:01 - 2009-10-06 15:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 22:00 - 2012-01-19 18:09 - 01595576 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 21:57 - 2014-03-05 22:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-14 21:57 - 2010-09-26 16:26 - 00000000 ____D () C:\ProgramData\Skype
2015-04-14 21:56 - 2013-08-08 23:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 21:51 - 2009-10-06 16:11 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 21:42 - 2012-04-01 09:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 21:42 - 2012-04-01 09:17 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 21:42 - 2011-11-10 19:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 21:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-14 11:41 - 2010-09-03 12:38 - 00000000 ___RD () C:\Hry
2015-04-14 10:55 - 2014-06-20 08:40 - 00000000 ____D () C:\Users\K-9\AppData\Local\CrashDumps
2015-04-14 10:55 - 2010-11-17 21:54 - 00000000 ____D () C:\Users\K-9\AppData\Roaming\Media Player Classic
2015-04-14 10:52 - 2010-09-02 20:22 - 00000000 ___RD () C:\Filmy Verunka
2015-04-14 10:51 - 2014-02-13 19:06 - 00000000 ____D () C:\Mareček
2015-04-14 10:50 - 2010-10-30 18:27 - 00000000 ____D () C:\Verunčino
2015-04-14 10:43 - 2015-03-11 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Virtual Decorator Free Version
2015-04-12 18:19 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-12 18:15 - 2015-03-02 15:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-11 22:33 - 2015-03-08 20:19 - 00000000 ____D () C:\ProgramData\tmp
2015-04-11 22:27 - 2014-07-11 19:11 - 00000000 ____D () C:\Program Files (x86)\HF Designer
2015-04-02 20:14 - 2009-07-14 07:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-30 20:21 - 2010-09-05 18:43 - 08023040 ___SH () C:\Users\K-9\Desktop\Thumbs.db
2015-03-29 15:36 - 2014-02-13 19:07 - 00000000 ____D () C:\Users\K-9\Desktop\Programy na fotky

==================== Files in the root of some directories =======

2012-06-25 18:25 - 2012-06-25 18:25 - 0000268 ___RH () C:\Users\K-9\AppData\Roaming\Guitars
2012-06-25 18:28 - 2012-06-25 18:28 - 0000268 ___RH () C:\Users\K-9\AppData\Roaming\Halftone
2014-09-07 19:28 - 2014-09-07 19:28 - 0000268 ___RH () C:\Users\K-9\AppData\Roaming\HomePageService
2014-09-07 19:28 - 2014-09-07 19:28 - 0000268 ___RH () C:\Users\K-9\AppData\Roaming\Horn Section
2014-09-07 19:28 - 2014-09-07 19:28 - 0000268 ___RH () C:\Users\K-9\AppData\Roaming\Horns
2012-01-19 18:11 - 2012-01-19 18:11 - 0000091 _____ () C:\Users\K-9\AppData\Local\fusioncache.dat
2013-12-23 21:35 - 2013-12-23 21:35 - 0000017 _____ () C:\Users\K-9\AppData\Local\resmon.resmoncfg
2010-09-26 16:29 - 2010-09-26 16:29 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-06-25 18:25 - 2012-06-25 18:25 - 0000268 ___RH () C:\ProgramData\Helper Scripts
2012-06-25 18:28 - 2012-06-25 18:28 - 0000268 ___RH () C:\ProgramData\Home
2014-09-07 19:28 - 2014-09-07 19:28 - 0000268 ___RH () C:\ProgramData\Hybrid Chords
2014-09-07 19:28 - 2014-09-07 19:28 - 0000268 ___RH () C:\ProgramData\Hybrid Morph
2014-09-07 19:28 - 2014-09-07 19:28 - 0000268 ___RH () C:\ProgramData\Hybrid Synthesizers
2012-06-25 18:28 - 2012-06-25 18:28 - 0000012 ___RH () C:\ProgramData\Icons
2014-09-07 19:28 - 2014-09-07 19:28 - 0000012 ___RH () C:\ProgramData\Internet Services
2014-09-07 19:28 - 2014-09-07 19:28 - 0000012 ___RH () C:\ProgramData\Jazz
2014-09-07 19:28 - 2014-09-07 19:28 - 0000012 ___RH () C:\ProgramData\Jingles
2012-06-25 18:37 - 2012-06-25 18:37 - 0000000 _____ () C:\ProgramData\PKP_DLbx.DAT
2012-06-25 18:25 - 2014-12-27 02:08 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2012-06-25 18:28 - 2015-02-15 17:04 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2012-06-25 18:40 - 2012-06-25 19:43 - 0000000 ____H () C:\ProgramData\PKP_DLeq.DAT
2014-09-07 19:28 - 2014-09-07 19:28 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-09-07 19:28 - 2015-04-20 08:06 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-09-07 19:28 - 2015-02-15 03:19 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Files to move or delete:
====================
C:\Users\K-9\Firefox Setup 36.0.exe


Some content of TEMP:
====================
C:\Users\K-9\AppData\Local\Temp\4C70.exe
C:\Users\K-9\AppData\Local\Temp\Quarantine.exe
C:\Users\K-9\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 08:38

==================== End Of Log ============================

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 08:55
od xjamie
ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by K-9 at 2015-04-22 09:45:38
Running from C:\Users\K-9\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4 64-bit (HKLM\...\{669A82E0-43E2-4645-8A2E-1A3DE78F8312}) (Version: 4.0.1 - Adobe)
Adobe Reader X (10.1.9) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Aktualizace NVIDIA 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Ashampoo Burning Studio 6 FREE (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.7.7 - ashampoo GmbH & Co. KG)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.4272 - DsNET Corp)
aTube Catcher 1.0 (HKLM-x32\...\{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1) (Version: - DsNET Corp)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.2.2215 - AVAST Software)
BitLord v2.0 (HKLM\...\BitLord_is1) (Version: v2.0 - BitLord)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.56.1043 - Webteh, d.o.o.)
C:\Program Files\Adobe\Adobe Photoshop Lightroom 4\LRcestina_uninstall.exe (HKLM-x32\...\CZ Lokalizace pro Lightroom 4.x_is1) (Version: 1.0 - )
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ConvertXtoDVD 4.1.2.336 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.2.336 - )
CPU Thermometer (HKLM-x32\...\{06EA836D-C7AD-42A0-9C17-47BCDE7E015B}_is1) (Version: - cputhermometer.com)
CursorFX (HKLM-x32\...\CursorFX) (Version: - Stardock Corporation)
CursorFX (x32 Version: 2.00 - Stardock Corporation) Hidden
CursorXP (HKLM-x32\...\CursorXP) (Version: - )
CZShare Manager (HKU\S-1-5-21-3141540243-243388506-3865213098-1000\...\7f4182272b52fd8f) (Version: 0.0.1.35 - CZShare)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dfx (HKLM-x32\...\Dfx) (Version: - Tiffen)
Dfx (x32 Version: 2.0.2 - Tiffen) Hidden
Dropbox (HKU\S-1-5-21-3141540243-243388506-3865213098-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ffdshow [rev 2844] [2009-03-30] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.1 - Nikon)
FM Screen Capture Codec (Remove Only) (HKLM-x32\...\FMCODEC) (Version: - )
Fotolab Fotosvet (HKLM-x32\...\Fotolab Fotosvet) (Version: 5.1.8 - CEWE Stiftung u Co. KGaA)
FotoMagica (HKLM-x32\...\FotoMagica_FotoMagica) (Version: - )
Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Harry Potter a Fénixův řád™ (HKLM-x32\...\{B69F28DF-CBB1-41B7-008A-210E4D0518FC}) (Version: - )
Harry Potter and the Deathly Hallows™ - Part 1 (HKLM-x32\...\{C9AAF970-4E7E-4C98-AD67-09C74379D345}) (Version: 1.0.0.0 - Electronic Arts)
HF Designer 5.2 (HKLM-x32\...\HappyFoto-Designer_is1) (Version: - )
Homefront (HKLM-x32\...\Homefront_is1) (Version: RePack - Ultra)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 6.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.3.0 - )
Labtec Desktop V5.1 (HKLM-x32\...\Labtec Desktop V5.1) (Version: - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.4 (HKLM-x32\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 cs)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nástroj pro odesílání služby Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Nikon File Uploader 2 (HKLM-x32\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.00.0001 - Nikon)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nikon RAW Codec (HKLM-x32\...\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}) (Version: 1.00.0000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.0 - Nikon)
NVIDIA Ovladač 3D Vision 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Effects Studio 2.81 (HKLM-x32\...\{A97C9A80-DD35-48DF-8D57-308B2DE116E2}_is1) (Version: - AMS Software)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
PowerISO (HKLM-x32\...\PowerISO) (Version: - )
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Theme Designer (HKLM-x32\...\{09B979CA-0C01-4C00-8146-98C8D6FD6820}) (Version: 2.0.0.3571 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StahovaniZaSms.cz verze 1.2.2 (HKLM-x32\...\StahovaniZaSms.cz_is1) (Version: 1.2.2 - )
Sweet Home 3D version 3.2 (HKLM-x32\...\Sweet Home 3D_is1) (Version: - eTeks)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
Unlocker 1.9.0-x64 (HKLM\...\Unlocker) (Version: 1.9.0-x64 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.4.0 - Nikon)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.1 - Nikon)
ViewNX 2 (HKLM-x32\...\ViewNX 2) (Version: - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{068B46A0-8858-4CEB-80BC-A4AE787A05FC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WRC3 verze 1.0 (HKLM-x32\...\{B4BF2667-112C-45EF-B8CB-1168E4EB5BA8}_is1) (Version: 1.0 - Milestone Srl)
Zoner Photo Studio 14 (HKLM\...\ZonerPhotoStudio14_CZ_is1) (Version: 14.0.1.2 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3141540243-243388506-3865213098-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K-9\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3141540243-243388506-3865213098-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K-9\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3141540243-243388506-3865213098-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K-9\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3141540243-243388506-3865213098-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K-9\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-04-2015 20:13:26 Naplánovaný kontrolní bod

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-04-12 16:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01DB4CE8-4F4F-4879-BE9D-B681E1CBB293} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {06566C42-17DB-4927-A0F6-DA33846D5BC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {38FF7079-8EEE-4224-B2EF-5DB864FC6177} - System32\Tasks\{1A13BB9B-3994-4521-976C-51157C0A1997} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 3\uninstall\helper.exe"
Task: {401E3A02-1940-416B-87DF-08BD7E80545D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23] (Google Inc.)
Task: {50273A36-FE21-4ABF-8D25-D7F2D614FDAC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {5A3C6F80-124E-4FF4-A3B1-A62DF3164C37} - System32\Tasks\{E2839357-3FFA-4114-BC97-6CAF1762A230} => pcalua.exe -a C:\Users\K-9\Downloads\DTLite4356-0091.exe -d C:\Users\K-9\Downloads
Task: {6C005FE0-8E37-45DB-A7FE-E15FAF0643B3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6C769EB5-3015-4971-BE85-604FE05EC604} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141540243-243388506-3865213098-1000Core => C:\Users\K-9\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {83DB3AE9-F114-42FE-BA36-8D393CB6CE9A} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-04-20] (Avast Software s.r.o.)
Task: {A9D784A3-BBEC-4BFA-B573-92047DD258F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {BAD6815F-7EAB-4D7B-9BB2-7ABB94131A6D} - System32\Tasks\{0F5D3290-1898-4AF9-84B2-537359608622} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {D515204D-9EFA-464E-91A7-600603580D99} - System32\Tasks\AdobeAAMUpdater-1.0-K-9-PC-K-9 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {E32878E7-714B-4B4E-8181-4CDBDAB97F28} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {EFD11D6C-BBA8-4262-BB94-D08306E1D5E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3141540243-243388506-3865213098-1000UA => C:\Users\K-9\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {F53E83F9-A3CC-42C9-9661-5E21FC0E3808} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-18 21:23 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-04-30 01:40 - 2010-04-30 01:40 - 00013312 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-09-03 13:04 - 2010-02-10 18:10 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-04-20 14:37 - 2015-04-20 14:37 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-04-20 14:37 - 2015-04-20 14:37 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-04-22 09:14 - 2015-04-22 09:14 - 02926080 _____ () C:\Program Files\Alwil Software\Avast5\defs\15042200\algo.dll
2010-03-23 16:17 - 2010-03-23 16:17 - 00059904 _____ () C:\Program Files (x86)\Stardock\CursorFX\zlib1.dll
2015-04-20 14:37 - 2015-04-20 14:37 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2015-04-17 20:20 - 2015-04-13 23:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 20:20 - 2015-04-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\K-9\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: 20131121 => C:\Program Files\Alwil Software\Avast5\setup\emupdate\d203524f-2c25-4c4a-ac8c-2c11d8ef41b0.exe /check

==================== Accounts: =============================

Administrator (S-1-5-21-3141540243-243388506-3865213098-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3141540243-243388506-3865213098-1005 - Limited - Enabled)
Guest (S-1-5-21-3141540243-243388506-3865213098-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3141540243-243388506-3865213098-1002 - Limited - Enabled)
K-9 (S-1-5-21-3141540243-243388506-3865213098-1000 - Administrator - Enabled) => C:\Users\K-9
UpdatusUser (S-1-5-21-3141540243-243388506-3865213098-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2015 07:55:12 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1 se nezdařilo. Chyba v souboru manifestu nebo zásady WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 na řádku WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definice je WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/21/2015 10:28:18 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1 se nezdařilo. Chyba v souboru manifestu nebo zásady WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 na řádku WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definice je WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/20/2015 08:13:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.


Details:
AddWin32ServiceFiles: Unable to back up image of service IndepthGeneration since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/20/2015 11:09:50 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1 se nezdařilo. Chyba v souboru manifestu nebo zásady WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 na řádku WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definice je WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/17/2015 07:48:39 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1 se nezdařilo. Chyba v souboru manifestu nebo zásady WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 na řádku WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definice je WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/17/2015 04:24:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1 se nezdařilo. Chyba v souboru manifestu nebo zásady WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 na řádku WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definice je WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/17/2015 03:12:59 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1 se nezdařilo. Chyba v souboru manifestu nebo zásady WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 na řádku WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definice je WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/16/2015 08:28:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wmpnetwk.exe, verze: 12.0.7601.17514, časové razítko: 0x4ce7ae7f
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.18798, časové razítko: 0x5507b87a
Kód výjimky: 0x0000046b
Posun chyby: 0x000000000001aaad
ID chybujícího procesu: 0xc8c
Čas spuštění chybující aplikace: 0xwmpnetwk.exe0
Cesta k chybující aplikaci: wmpnetwk.exe1
Cesta k chybujícímu modulu: wmpnetwk.exe2
ID zprávy: wmpnetwk.exe3

Error: (04/16/2015 05:57:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1 se nezdařilo. Chyba v souboru manifestu nebo zásady WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 na řádku WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definice je WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/16/2015 04:54:38 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1 se nezdařilo. Chyba v souboru manifestu nebo zásady WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 na řádku WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definice je WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.


System errors:
=============
Error: (04/22/2015 09:23:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (04/22/2015 09:23:52 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (04/22/2015 09:19:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (04/22/2015 09:19:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (04/22/2015 09:19:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (04/22/2015 09:19:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Live ID Sign-in Assistant byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (04/22/2015 09:19:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (04/22/2015 09:19:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Stereoscopic 3D Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/22/2015 09:19:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/22/2015 09:16:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-04-12 16:00:16.796
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-12 16:00:16.451
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-12 16:00:16.107
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-12 16:00:15.765
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-12 15:47:26.641
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-12 15:47:26.284
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-12 15:47:25.927
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-12 15:47:25.582
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-12 12:29:11.775
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-12 12:29:11.446
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 38%
Total physical RAM: 4095.24 MB
Available physical RAM: 2524.28 MB
Total Pagefile: 8188.68 MB
Available Pagefile: 6420.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.32 GB) (Free:369.46 GB) NTFS
Drive e: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:73.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 45A6B70F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 09:29
od altrok
:arrow: Odinstalujte stare a zranitelne verze javy Java 7 Update 60 a Java 8 Update 25. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit. Aktualne je minuly tyden vydana verze 8 Update 45 zaplatujici nekolik kritickych zranitelnosti.

:arrow: Rozsireni FireFoxu sweetsearch mate vedome a schvalne?


  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
Folder: C:\Program Files (x86)\Reddit Liquid Streams
Folder: C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf
Folder: C:\ProgramData\2313918003772812753
Folder: C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Homepage: https://www.google.com/?trackid=sp-006
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\K-9\AppData\Local\Temp\tmpF4BA.tmp [X]

2015-04-22 09:08 - 2015-04-22 09:20 - 00000000 ____D () C:\AdwCleaner
2015-04-22 09:08 - 2015-04-22 09:07 - 02217984 _____ () C:\Users\K-9\Desktop\adwcleaner_4.201.exe
2015-04-22 08:46 - 2015-04-22 08:46 - 00000000 ____D () C:\rsit
2015-04-20 14:30 - 2015-04-20 16:08 - 00000000 ____D () C:\Program Files (x86)\Reddit Liquid Streams
2015-04-20 14:29 - 2015-04-20 14:29 - 00000000 ____D () C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf
2015-04-20 14:29 - 2015-04-20 14:29 - 00000000 ____D () C:\ProgramData\2313918003772812753
2015-04-20 14:28 - 2015-04-21 09:14 - 00000000 ____D () C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1}
2015-04-22 08:46 - 2013-12-25 11:58 - 00000000 ____D () C:\Program Files\trend micro

Task: {5A3C6F80-124E-4FF4-A3B1-A62DF3164C37} - System32\Tasks\{E2839357-3FFA-4114-BC97-6CAF1762A230} => pcalua.exe -a C:\Users\K-9\Downloads\DTLite4356-0091.exe -d C:\Users\K-9\Downloads
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 09:37
od xjamie
:arrow: Rozsireni FireFoxu sweetsearch mate vedome a schvalne?
určitě ne.... :( jak se ho mám zbavit? :D

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 09:50
od xjamie
fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by K-9 at 2015-04-22 10:39:22 Run:1
Running from C:\Users\K-9\Desktop
Loaded Profiles: K-9 (Available profiles: K-9 & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Folder: C:\Program Files (x86)\Reddit Liquid Streams
Folder: C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf
Folder: C:\ProgramData\2313918003772812753
Folder: C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Homepage: https://www.google.com/?trackid=sp-006
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\K-9\AppData\Local\Temp\tmpF4BA.tmp [X]

2015-04-22 09:08 - 2015-04-22 09:20 - 00000000 ____D () C:\AdwCleaner
2015-04-22 09:08 - 2015-04-22 09:07 - 02217984 _____ () C:\Users\K-9\Desktop\adwcleaner_4.201.exe
2015-04-22 08:46 - 2015-04-22 08:46 - 00000000 ____D () C:\rsit
2015-04-20 14:30 - 2015-04-20 16:08 - 00000000 ____D () C:\Program Files (x86)\Reddit Liquid Streams
2015-04-20 14:29 - 2015-04-20 14:29 - 00000000 ____D () C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf
2015-04-20 14:29 - 2015-04-20 14:29 - 00000000 ____D () C:\ProgramData\2313918003772812753
2015-04-20 14:28 - 2015-04-21 09:14 - 00000000 ____D () C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1}
2015-04-22 08:46 - 2013-12-25 11:58 - 00000000 ____D () C:\Program Files\trend micro

Task: {5A3C6F80-124E-4FF4-A3B1-A62DF3164C37} - System32\Tasks\{E2839357-3FFA-4114-BC97-6CAF1762A230} => pcalua.exe -a C:\Users\K-9\Downloads\DTLite4356-0091.exe -d C:\Users\K-9\Downloads
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.

========================= Folder: C:\Program Files (x86)\Reddit Liquid Streams ========================

2015-04-20 14:30 - 2015-04-20 14:30 - 0002222 _____ () C:\Program Files (x86)\Reddit Liquid Streams\Reddit Liquid Streams.dat

====== End of Folder: ======


========================= Folder: C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf ========================

2015-04-20 14:29 - 2015-04-20 14:29 - 0000138 _____ () C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf\background.html
2015-04-20 14:29 - 2015-04-20 14:29 - 0000794 _____ () C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf\content.js
2015-04-20 14:29 - 2015-04-20 14:29 - 0001909 _____ () C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf\lsdb.js
2015-04-20 14:29 - 2015-04-20 14:29 - 0000476 _____ () C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf\manifest.json
2015-04-20 14:29 - 2015-04-20 14:29 - 0018276 _____ () C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf\q.js

====== End of Folder: ======


========================= Folder: C:\ProgramData\2313918003772812753 ========================

2015-04-20 14:29 - 2015-04-20 14:30 - 0000506 _____ () C:\ProgramData\2313918003772812753\cd5b15e575e1c3d0debc5bf0192b616c.ini

====== End of Folder: ======


========================= Folder: C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1} ========================

2015-04-20 14:53 - 2015-04-20 14:53 - 0000000 _____ () C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1}\242d5f6b9c0bca49
2015-04-20 14:53 - 2015-04-20 14:53 - 0000000 _____ () C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1}\e9d0f93ebbdf2d9d
2015-04-20 14:28 - 2015-04-20 14:28 - 0000890 _____ () C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1}\Goodgame Empire Hack v1.2.dat

====== End of Folder: ======

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3141540243-243388506-3865213098-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3141540243-243388506-3865213098-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox Keyword.URL deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
MBAMSwissArmy => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\K-9\Desktop\adwcleaner_4.201.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files (x86)\Reddit Liquid Streams => Moved successfully.
C:\ProgramData\gicafnakjgieeljeeklhhpfpmplnadnf => Moved successfully.
C:\ProgramData\2313918003772812753 => Moved successfully.
C:\ProgramData\{5fb2132c-61a6-8aef-5fb2-2132c61a4cb1} => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A3C6F80-124E-4FF4-A3B1-A62DF3164C37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A3C6F80-124E-4FF4-A3B1-A62DF3164C37}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E2839357-3FFA-4114-BC97-6CAF1762A230} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2839357-3FFA-4114-BC97-6CAF1762A230}" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 823.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:39:42 ====

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 11:10
od altrok
Pomoci nasledujiciho fixlistu (postup stejny jako v minulem kroku, jen neprobehne restart).

Kód: Vybrat vše

Start
CloseProcesses:
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\K-9\AppData\Roaming\Mozilla\Firefox\Profiles\67mutigk.default-1423493301421\extensions\sweetsearch@gmail.com
End


:arrow: Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Spuste dvojklikem a extrahujte na plochu
  • kliknete na Next
  • Aktualizujte virovou databazi klikem na Update a pokracujte na Next
  • Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
  • zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
  • kliknete na Cleanup a souhlaste s restartem - Yes
  • obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 12:47
od xjamie
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by K-9 at 2015-04-22 13:43:38 Run:2
Running from C:\Users\K-9\Desktop
Loaded Profiles: K-9 (Available profiles: K-9 & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\K-9\AppData\Roaming\Mozilla\Firefox\Profiles\67mutigk.default-1423493301421\extensions\sweetsearch@gmail.com
End
*****************

Processes closed successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sweetsearch@gmail.com => value deleted successfully.


The system needed a reboot.

==== End of Fixlog 13:43:39 ====

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 13:12
od xjamie
Po skenu mi to napsalo, že nenašel žádný malware :D

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 13:22
od altrok
OK, v poradku. Takze jeste uklidime.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 13:29
od xjamie
Moc moc děkuji za pomoc :) :) :wub:

:closed:

Re: Podezření na havěť, prosím o kontrolu logu

Napsal: 22 dub 2015 13:37
od altrok
Nemate zac, rad jsem pomohl :worship:


Mejte se krasne a treba zase nekdy :bye:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz