VIRY.CZ

Zdravím, mám opět problém s dalším PC.
Po zapnutí je PC téměř nepoužitelné, neustále hrabe na disk. Zjištěno, že RAM (2GB) je využita stále na maximum, takže na disk stále ukládá stránkovací soubor (asi).
Problém je, že schvost.exe, který žere RAM (aktuálně 1,3 GB), je proces windows, takže se za ním může schovávat cokoli.

Třeba se vám podaří objevit něco, já zatím na nic nepřišel, co by to dělalo:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jana at 2015-05-14 09:01:19
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 16 GB (32%) free of 51 GB
Total RAM: 2047 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:01:32, on 14.5.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Jana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1431586072
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Hauppauge WinTV Extender - Hauppauge Computer Works, Inc - C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6611 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe"
"C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe" -Embedding
"C:\Program Files (x86)\WinTV\TVServer\CaptureDLNA.exe" -Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss e63c36eb-9be3-4f69-9682-97cab84a5ac3 1
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
\??\C:\Windows\system32\conhost.exe "67846070115270744341263554379-210719211976104840229500817551690842-422076988
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "203524602316467569671871550811614312802-1276388872-4496620572061804106-789600185
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1852 CREDAT:267521 /prefetch:2
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1852 CREDAT:1053994 /prefetch:2
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Users\Jana\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\c1ro9vda.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-09-12 5618456]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"=1431586072 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-03 1021128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2015-05-14 09:01:20 ----D---- C:\Program Files\trend micro
2015-05-14 09:01:18 ----D---- C:\rsit
2015-05-13 20:30:27 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:30:27 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:18:23 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-05-13 20:18:23 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-05-13 20:18:23 ----A---- C:\Windows\system32\schannel.dll
2015-05-13 20:18:23 ----A---- C:\Windows\system32\certcli.dll
2015-05-13 20:17:07 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-05-13 20:17:07 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-05-13 20:17:07 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-05-13 20:17:07 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-05-13 20:17:07 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-05-13 20:17:07 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-05-13 20:17:06 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-05-13 20:17:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-05-13 20:17:06 ----A---- C:\Windows\system32\iernonce.dll
2015-05-13 20:17:06 ----A---- C:\Windows\system32\ie4uinit.exe
2015-05-13 20:17:05 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-05-13 20:17:05 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-05-13 20:17:05 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-05-13 20:17:05 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-05-13 20:17:05 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-05-13 20:17:05 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 20:17:04 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-05-13 20:17:04 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-05-13 20:17:03 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-05-13 20:17:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-05-13 20:17:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-05-13 20:17:03 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-05-13 20:17:03 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-05-13 20:17:03 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-05-13 20:17:03 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-05-13 20:17:03 ----A---- C:\Windows\system32\urlmon.dll
2015-05-13 20:17:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 20:17:03 ----A---- C:\Windows\system32\msfeeds.dll
2015-05-13 20:17:03 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 20:17:03 ----A---- C:\Windows\system32\iedkcs32.dll
2015-05-13 20:17:03 ----A---- C:\Windows\system32\dxtrans.dll
2015-05-13 20:17:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-05-13 20:17:02 ----A---- C:\Windows\system32\iesetup.dll
2015-05-13 20:17:01 ----A---- C:\Windows\system32\iertutil.dll
2015-05-13 20:17:01 ----A---- C:\Windows\system32\ieapfltr.dll
2015-05-13 20:17:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-05-13 20:17:00 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-05-13 20:17:00 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-05-13 20:17:00 ----A---- C:\Windows\system32\vbscript.dll
2015-05-13 20:17:00 ----A---- C:\Windows\system32\jsproxy.dll
2015-05-13 20:17:00 ----A---- C:\Windows\system32\ieUnatt.exe
2015-05-13 20:16:59 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-05-13 20:16:59 ----A---- C:\Windows\system32\ieui.dll
2015-05-13 20:16:59 ----A---- C:\Windows\system32\ieframe.dll
2015-05-13 20:16:59 ----A---- C:\Windows\system32\dxtmsft.dll
2015-05-13 20:16:58 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-05-13 20:16:58 ----A---- C:\Windows\system32\mshtmled.dll
2015-05-13 20:16:58 ----A---- C:\Windows\system32\jscript9diag.dll
2015-05-13 20:16:58 ----A---- C:\Windows\system32\jscript9.dll
2015-05-13 20:16:58 ----A---- C:\Windows\system32\jscript.dll
2015-05-13 20:16:57 ----A---- C:\Windows\system32\wininet.dll
2015-05-13 20:16:57 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-05-13 20:16:56 ----A---- C:\Windows\system32\msrating.dll
2015-05-13 20:16:56 ----A---- C:\Windows\system32\mshtml.dll
2015-05-13 20:15:35 ----A---- C:\Windows\system32\win32k.sys
2015-05-13 20:15:35 ----A---- C:\Windows\system32\FntCache.dll
2015-05-13 20:15:35 ----A---- C:\Windows\system32\DWrite.dll
2015-05-13 20:15:34 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-05-13 20:15:30 ----A---- C:\Windows\system32\services.exe
2015-05-13 20:15:22 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-05-13 20:15:22 ----A---- C:\Windows\system32\InkEd.dll
2015-05-12 22:04:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-05-11 16:56:50 ----A---- C:\Windows\system32\UtcResources.dll
2015-05-11 16:56:50 ----A---- C:\Windows\system32\diagtrack.dll
2015-05-11 16:56:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-05-11 16:56:49 ----A---- C:\Windows\system32\ntdll.dll
2015-05-11 16:56:48 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-05-11 16:56:48 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-05-11 16:56:48 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-05-11 16:56:48 ----A---- C:\Windows\system32\tdh.dll
2015-05-11 16:56:48 ----A---- C:\Windows\system32\advapi32.dll
2015-05-11 16:56:46 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-05-11 16:56:46 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-05-11 16:56:46 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-05-11 16:56:46 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-05-11 16:56:46 ----A---- C:\Windows\system32\wow64.dll
2015-05-11 16:56:46 ----A---- C:\Windows\system32\tracerpt.exe
2015-05-11 16:56:46 ----A---- C:\Windows\system32\srcore.dll
2015-05-11 16:56:46 ----A---- C:\Windows\system32\sechost.dll
2015-05-11 16:56:46 ----A---- C:\Windows\system32\msv1_0.dll
2015-05-11 16:56:46 ----A---- C:\Windows\system32\lsasrv.dll
2015-05-11 16:56:46 ----A---- C:\Windows\system32\logman.exe
2015-05-11 16:56:46 ----A---- C:\Windows\system32\KernelBase.dll
2015-05-11 16:56:46 ----A---- C:\Windows\system32\kernel32.dll
2015-05-11 16:56:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-05-11 16:56:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-05-11 16:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-11 16:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-11 16:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-05-11 16:56:45 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-05-11 16:56:45 ----A---- C:\Windows\system32\wow64win.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\wow64cpu.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\winsrv.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\wdigest.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\typeperf.exe
2015-05-11 16:56:45 ----A---- C:\Windows\system32\TSpkg.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\sspisrv.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\sspicli.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\srclient.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\smss.exe
2015-05-11 16:56:45 ----A---- C:\Windows\system32\secur32.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\rstrui.exe
2015-05-11 16:56:45 ----A---- C:\Windows\system32\relog.exe
2015-05-11 16:56:45 ----A---- C:\Windows\system32\ntvdm64.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\ncrypt.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\lsass.exe
2015-05-11 16:56:45 ----A---- C:\Windows\system32\kerberos.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\diskperf.exe
2015-05-11 16:56:45 ----A---- C:\Windows\system32\csrsrv.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\credssp.dll
2015-05-11 16:56:45 ----A---- C:\Windows\system32\conhost.exe
2015-05-11 16:56:45 ----A---- C:\Windows\system32\auditpol.exe
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-11 16:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-11 16:56:44 ----A---- C:\Windows\SYSWOW64\user.exe
2015-05-11 16:56:44 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-05-11 16:56:44 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-05-11 16:56:44 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-05-11 16:56:44 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-05-11 16:56:44 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-05-11 16:56:44 ----A---- C:\Windows\system32\msobjs.dll
2015-05-11 16:56:44 ----A---- C:\Windows\system32\msaudite.dll
2015-05-11 16:56:44 ----A---- C:\Windows\system32\apisetschema.dll
2015-05-11 16:56:44 ----A---- C:\Windows\system32\adtschema.dll
2015-05-11 16:56:31 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-05-11 16:56:31 ----A---- C:\Windows\system32\poqexec.exe
2015-05-11 16:56:30 ----A---- C:\Windows\SYSWOW64\dwmcore.dll
2015-05-11 16:56:30 ----A---- C:\Windows\SYSWOW64\dwmapi.dll
2015-05-11 16:56:30 ----A---- C:\Windows\system32\dwmcore.dll
2015-05-11 16:56:30 ----A---- C:\Windows\system32\dwmapi.dll
2015-05-11 16:56:28 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-05-11 16:56:28 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-05-11 16:56:28 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-05-11 16:56:28 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-05-11 16:56:28 ----A---- C:\Windows\system32\wpdshext.dll
2015-05-11 16:56:28 ----A---- C:\Windows\system32\shimeng.dll
2015-05-11 16:56:28 ----A---- C:\Windows\system32\sdbinst.exe
2015-05-11 16:56:28 ----A---- C:\Windows\system32\apphelp.dll
2015-05-11 16:56:28 ----A---- C:\Windows\system32\aelupsvc.dll
2015-05-06 20:41:12 ----D---- C:\Program Files\ImageJ
2015-04-29 19:48:07 ----D---- C:\ImageJ
2015-04-15 14:16:27 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-15 14:16:27 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-15 14:16:27 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-15 14:16:27 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-15 14:16:27 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wups.dll
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 14:16:27 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 14:16:27 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 14:15:54 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-15 14:15:54 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 14:15:52 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 14:15:52 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 14:15:52 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 14:15:52 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 14:15:52 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 14:15:52 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 14:15:52 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 14:15:52 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 14:15:51 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-15 14:15:51 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-15 14:15:51 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 14:15:51 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 14:13:36 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 14:13:06 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 14:13:06 ----A---- C:\Windows\system32\clfs.sys
2015-04-15 14:13:05 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-14 03:38:52 ----A---- C:\Windows\SYSWOW64\FM20.DLL
2015-04-06 22:52:43 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-06 22:52:42 ----SD---- C:\Windows\system32\GWX

======List of files/folders modified in the last 2 months======

2015-05-14 09:01:32 ----D---- C:\Windows\Prefetch
2015-05-14 09:01:25 ----D---- C:\Windows\Temp
2015-05-14 09:01:20 ----RD---- C:\Program Files
2015-05-14 08:51:14 ----D---- C:\Windows\system32\config
2015-05-14 08:48:32 ----D---- C:\Windows\Tasks
2015-05-14 08:47:28 ----D---- C:\ProgramData\NVIDIA
2015-05-13 22:15:23 ----D---- C:\Windows\Microsoft.NET
2015-05-13 22:13:13 ----RSD---- C:\Windows\assembly
2015-05-13 21:26:53 ----D---- C:\Windows\winsxs
2015-05-13 21:25:40 ----D---- C:\Program Files\Microsoft Silverlight
2015-05-13 21:25:39 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 21:24:28 ----D---- C:\Windows\SYSWOW64\en-US
2015-05-13 21:24:28 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-05-13 21:24:28 ----D---- C:\Windows\SysWOW64
2015-05-13 21:24:28 ----D---- C:\Windows\system32\cs-CZ
2015-05-13 21:24:28 ----D---- C:\Windows\System32
2015-05-13 21:24:28 ----D---- C:\Program Files\Internet Explorer
2015-05-13 21:24:27 ----D---- C:\Windows\system32\en-US
2015-05-13 21:24:27 ----D---- C:\Program Files (x86)\Internet Explorer
2015-05-13 20:45:51 ----SHD---- C:\Windows\Installer
2015-05-13 20:45:49 ----D---- C:\ProgramData\Microsoft Help
2015-05-13 20:44:18 ----D---- C:\Windows\system32\MRT
2015-05-13 20:39:25 ----A---- C:\Windows\system32\MRT.exe
2015-05-13 20:27:09 ----SHD---- C:\System Volume Information
2015-05-13 20:07:38 ----D---- C:\Windows\system32\catroot2
2015-05-13 19:24:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-12 22:04:40 ----RD---- C:\Program Files (x86)
2015-05-11 22:47:49 ----D---- C:\Users\Jana\AppData\Roaming\Skype
2015-05-11 18:47:07 ----D---- C:\Windows\inf
2015-05-11 18:47:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-05-11 18:45:27 ----D---- C:\Windows\rescache
2015-05-11 17:02:48 ----D---- C:\Windows\AppPatch
2015-05-11 17:02:47 ----D---- C:\Windows\system32\drivers
2015-05-11 17:02:47 ----D---- C:\Windows\system32\AdvancedInstallers
2015-05-11 17:02:42 ----D---- C:\Windows\system32\DriverStore
2015-05-11 16:27:02 ----D---- C:\Windows
2015-04-15 22:56:52 ----D---- C:\Windows\AppCompat
2015-04-15 14:35:21 ----SD---- C:\Windows\system32\CompatTel
2015-04-15 14:35:21 ----D---- C:\Windows\system32\appraiser
2015-04-15 14:35:21 ----D---- C:\Windows\PolicyDefinitions
2015-04-15 14:31:39 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-06 22:52:51 ----D---- C:\Windows\Logs
2015-03-26 08:51:52 ----D---- C:\Windows\system32\wbem
2015-03-15 10:52:29 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-29 283064]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture; C:\Windows\system32\drivers\hcw88aud.sys [2012-11-20 16128]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 157432]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod; C:\Windows\system32\drivers\hcw88bda.sys [2012-11-20 259456]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder; C:\Windows\System32\Drivers\hcw88rc5.sys [2012-11-20 15872]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture; C:\Windows\system32\drivers\hcw88tse.sys [2012-11-20 339968]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner; C:\Windows\system32\drivers\hcw88tun.sys [2012-11-20 111232]
R3 hcw88vid;Hauppauge WinTV 88x Video; C:\Windows\system32\drivers\hcw88vid.sys [2012-11-20 440576]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar; C:\Windows\system32\drivers\HCW88BAR.sys [2012-11-20 21632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
S1 Uim_IM;Universal Image Mounter Plugin; C:\Windows\System32\Drivers\Uim_IMx64.sys [2012-11-22 633680]
S1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\uimx64.sys [2012-11-22 90960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-09-12 1337752]
R2 Hauppauge WinTV Extender;Hauppauge WinTV Extender; C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe [2013-08-07 59392]
R2 HauppaugeTVServer;HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [2013-08-31 582144]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-07-02 935368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 411936]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-04-21 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-05-12 148080]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-29 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Zdravim

polaanek píše:mám opět problém s dalším PC

Kolik jich jeste mate?


Schvost.exe rozhodne systemovy proces neni. Takze bud je to smejd, nebo vas preklep


Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)


Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Márty84 píše: Kolik jich jeste mate?

Záleží, kde se nacházím, PC různě po rodině...

Márty84 píše: Schvost.exe rozhodne systemovy proces neni. Takze bud je to smejd, nebo vas preklep

Samozřejmě, že neumím psát, jedná se o svchost.exe
Dělá to jen cca +- půl hodiny po zapnutí, nyní už žere pouze 100 MB RAM.

Márty84 píše: Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x64)
Date : 2015/05/14 11:30:04

-- Controller Map ----------------------------------------------------------
- ATA Channel 1 (1) [ATA]
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ ATA Channel 0 (0)
- TSSTcorp CDDVDW SH-S223F ATA Device
- ST3250620AS ATA Device
- ATA Channel 1 (1)

-- Disk List ---------------------------------------------------------------
(1) ST3250620AS : 250,0 GB [0/2/0, pd1] - st

----------------------------------------------------------------------------
(1) ST3250620AS
----------------------------------------------------------------------------
Model : ST3250620AS
Firmware : 3.AAD
Serial Number : 3QE078W1 Queue Depth : 32
Disk Size : 250,0 GB (8,4/137,4/250,0)
Buffer Size : 16384 KB

# of Sectors : 488388911
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 10912 hod.
Power On Count : 3883 krát
Temparature : 34 C (93 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 114 _89 __6 000003C5D6ED Počet chyb čtení
03 _90 _90 __0 000000000000 Čas na roztočení ploten
04 _97 _97 _20 000000000C0E Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _75 _60 _30 0008116D5F07 Počet chybných hledání
09 _88 _88 __0 000000002AA0 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _97 _97 _20 000000000F2B Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _66 _48 _45 000022220022 Teplota toku vzduchu
C2 _34 _52 __0 001000000022 Teplota
C3 _72 _55 __0 000000820936 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 3351 3351 4530 3738 5731
020: 0000 8000 0004 332E 4141 2020 2020 5354 3332 3530
030: 3632 3041 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0506 0506 0000 0048 0040
080: 00FE 0000 346B 7D01 4023 3C01 3C01 4023 407F 0000
090: 0000 FEFE FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 392F 1D1C 0000 0000 0000 4000 4000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0100 0000 0002
120: 0000 0000 0000 0000 0000 0000 0000 0000 0009 5970
130: 1D1C 5970 1D1C 2020 0002 0002 0002 008A 3C06 3C0A
140: 0000 07C6 0100 0800 1314 0002 0002 0080 0000 0000
150: 00A2 0202 0000 0404 0000 0000 0000 0000 1200 000B
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 70A5

Márty84 píše: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

# AdwCleaner v4.204 - Log vytvořen 14/05/2015 v 11:34:45
# Aktualizováno 12/05/2015 by Xplode
# Databáze : 2015-05-12.2 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Jana - JANA-PC
# Spuštěno z : C:\Users\Jana\Desktop\adwcleaner_4.204.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0 (x86 cs)


*************************

AdwCleaner[R0].txt - [759 bytů] - [14/05/2015 11:32:46]
AdwCleaner[R1].txt - [816 bytů] - [14/05/2015 11:33:58]
AdwCleaner[S0].txt - [742 bytů] - [14/05/2015 11:34:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [799 bytů] ##########

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Márty84 píše: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 14.5.2015
Čas skenování: 12:46:46
Protokol: log.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.05.14.02
Databáze rootkitů: v2015.04.21.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Jana

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 500465
Uplynulý čas: 1 hod, 27 min, 8 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 15-05-19.01 - Jana 20.05.2015 22:01:33.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.989 [GMT 2:00]
Spuštěný z: c:\users\Jana\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-20 do 2015-05-20 )))))))))))))))))))))))))))))))
.
.
2015-05-20 20:08 . 2015-05-20 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-20 17:54 . 2015-05-20 17:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F58C88E4-EA9D-4A05-96E6-D804E0EEA8BE}\offreg.3368.dll
2015-05-20 14:56 . 2015-05-20 14:56 -------- d-----w- c:\program files\ESET
2015-05-20 08:52 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-05-20 08:45 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F58C88E4-EA9D-4A05-96E6-D804E0EEA8BE}\mpengine.dll
2015-05-14 15:20 . 2015-02-04 00:00 608072 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-05-14 10:45 . 2015-05-14 10:45 -------- d-----w- c:\programdata\Malwarebytes
2015-05-14 07:01 . 2015-05-14 07:01 -------- d-----w- c:\program files\trend micro
2015-05-13 18:30 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:30 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:18 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-13 18:18 . 2015-05-05 01:12 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-13 18:18 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-05-13 18:18 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-05-13 18:16 . 2015-04-22 01:48 235208 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2015-05-13 18:15 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-05-11 14:56 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-06 18:41 . 2015-05-06 18:41 -------- d-----w- c:\program files\ImageJ
2015-04-29 17:48 . 2015-04-29 17:53 -------- d-----w- C:\ImageJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-20 08:46 . 2015-04-13 18:44 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-05-13 18:39 . 2013-11-29 17:24 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 18:18 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 18:18 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-27 19:23 . 2015-05-11 14:56 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-11 14:56 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-11 14:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-14 01:38 . 2015-04-14 01:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-03-25 03:24 . 2015-04-15 12:16 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 12:16 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 12:16 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 12:16 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 12:16 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 12:16 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 12:16 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 12:16 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 12:16 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 12:16 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 12:16 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 12:16 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 12:16 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 12:16 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 12:16 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 12:16 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 12:15 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 12:15 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 12:15 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 12:15 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 12:15 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 12:15 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 12:15 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 12:15 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 15:24 . 2015-03-10 15:24 246000 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-03-10 15:24 . 2015-03-10 15:24 241880 ----a-w- c:\windows\system32\drivers\edevmon.sys
2015-03-10 15:24 . 2015-03-10 15:24 169792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-03-10 15:24 . 2015-03-10 15:24 159480 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2015-03-10 03:25 . 2015-04-15 12:15 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 12:15 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 12:15 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 12:15 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 12:15 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 12:15 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 12:13 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 12:13 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-11 14:56 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-11 14:56 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 12:13 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-11 14:56 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-11 14:56 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-11 14:56 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:18 . 2015-04-15 12:13 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-02-24 02:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-10 20:43 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-10 20:43 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-10 20:43 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-10 20:43 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-10 20:43 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-10 20:43 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-10 20:43 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-10 20:43 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-10 20:43 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-10 20:43 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys;c:\windows\SYSNATIVE\drivers\hcw88aud.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hauppauge WinTV Extender;Hauppauge WinTV Extender;c:\program files (x86)\WinTV\Extend\WinTVExtender.exe;c:\program files (x86)\WinTV\Extend\WinTVExtender.exe [x]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys;c:\windows\SYSNATIVE\drivers\hcw88bda.sys [x]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys;c:\windows\SYSNATIVE\Drivers\hcw88rc5.sys [x]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys;c:\windows\SYSNATIVE\drivers\hcw88tse.sys [x]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys;c:\windows\SYSNATIVE\drivers\hcw88tun.sys [x]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys;c:\windows\SYSNATIVE\drivers\hcw88vid.sys [x]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys;c:\windows\SYSNATIVE\drivers\HCW88BAR.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\c1ro9vda.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-05-20 22:11:19
ComboFix-quarantined-files.txt 2015-05-20 20:11
.
Před spuštěním: Volných bajtů: 16 571 146 240
Po spuštění: Volných bajtů: 16 416 788 480
.
- - End Of File - - D15552501A1917A4B6ADBAC500A1ED1A
A36C5E4F47E84449FF07ED3517B43A31

--------------------------------------------------------------------------------------------------------------
nicméně, začínám tušit, že to bude jinde... trochu jsem googlil a nalezl podobné problémy. Zřejmě to děla proces / agent pro windows update. Dle všeho se to nejvíce dotýká windows s 2 GB RAM, u větší RAM není vytížení tak markantní. Dělá to jen po zapnutí, a proto to taky samo časem odezní, když jsou již ověřenÿ aktualizace.

Zkuste na zkousku vypnout automaticke aktualizace.


Vypnete trvale Windows Defender.


Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Windows defender vypnut, automatické aktualizace vypnuty

ComboFix 15-05-19.01 - Jana 24.05.2015 10:14:43.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.1040 [GMT 2:00]
Spuštěný z: c:\users\Jana\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jana\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-24 do 2015-05-24 )))))))))))))))))))))))))))))))
.
.
2015-05-24 08:21 . 2015-05-24 08:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-22 07:02 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C52AB7C4-7D1F-4163-9D81-7EBDDCC4D799}\mpengine.dll
2015-05-20 14:56 . 2015-05-20 14:56 -------- d-----w- c:\program files\ESET
2015-05-20 08:52 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-05-14 15:20 . 2015-02-04 00:00 608072 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-05-14 10:45 . 2015-05-14 10:45 -------- d-----w- c:\programdata\Malwarebytes
2015-05-14 07:01 . 2015-05-14 07:01 -------- d-----w- c:\program files\trend micro
2015-05-13 18:30 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:30 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:18 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-13 18:18 . 2015-05-05 01:12 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-13 18:18 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-05-13 18:18 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-05-13 18:16 . 2015-04-22 01:48 235208 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2015-05-13 18:15 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-05-11 14:56 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-06 18:41 . 2015-05-06 18:41 -------- d-----w- c:\program files\ImageJ
2015-04-29 17:48 . 2015-04-29 17:53 -------- d-----w- C:\ImageJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-24 07:47 . 2015-04-13 18:44 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-05-13 18:39 . 2013-11-29 17:24 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 18:18 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 18:18 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-27 19:23 . 2015-05-11 14:56 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-11 14:56 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-11 14:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-14 01:38 . 2015-04-14 01:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-03-25 03:24 . 2015-04-15 12:16 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 12:16 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 12:16 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 12:16 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 12:16 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 12:16 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 12:16 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 12:16 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 12:16 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 12:16 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 12:16 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 12:16 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 12:16 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 12:16 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 12:16 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 12:16 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 12:15 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 12:15 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 12:15 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 12:15 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 12:15 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 12:15 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 12:15 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 12:15 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 15:24 . 2015-03-10 15:24 246000 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-03-10 15:24 . 2015-03-10 15:24 241880 ----a-w- c:\windows\system32\drivers\edevmon.sys
2015-03-10 15:24 . 2015-03-10 15:24 169792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-03-10 15:24 . 2015-03-10 15:24 159480 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2015-03-10 03:25 . 2015-04-15 12:15 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 12:15 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 12:15 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 12:15 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 12:15 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 12:15 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 12:13 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 12:13 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-11 14:56 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-11 14:56 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 12:13 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-11 14:56 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-11 14:56 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-11 14:56 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:18 . 2015-04-15 12:13 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-02-24 02:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys;c:\windows\SYSNATIVE\drivers\hcw88aud.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hauppauge WinTV Extender;Hauppauge WinTV Extender;c:\program files (x86)\WinTV\Extend\WinTVExtender.exe;c:\program files (x86)\WinTV\Extend\WinTVExtender.exe [x]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys;c:\windows\SYSNATIVE\drivers\hcw88bda.sys [x]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys;c:\windows\SYSNATIVE\Drivers\hcw88rc5.sys [x]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys;c:\windows\SYSNATIVE\drivers\hcw88tse.sys [x]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys;c:\windows\SYSNATIVE\drivers\hcw88tun.sys [x]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys;c:\windows\SYSNATIVE\drivers\hcw88vid.sys [x]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys;c:\windows\SYSNATIVE\drivers\HCW88BAR.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\c1ro9vda.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\WinTV\TVServer\CaptureGenPCI.exe
c:\program files (x86)\WinTV\TVServer\CaptureDLNA.exe
c:\program files (x86)\WinTV\TVServer\CaptureDLNA.exe
c:\program files (x86)\WinTV\TVServer\CaptureDLNA.exe
.
**************************************************************************
.
Celkový čas: 2015-05-24 10:27:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-24 08:27
ComboFix2.txt 2015-05-20 20:17
.
Před spuštěním: Volných bajtů: 16 290 377 728
Po spuštění: Volných bajtů: 16 041 054 208
.
- - End Of File - - 5E0CF66991B80433CD7C0E007A64987C
A36C5E4F47E84449FF07ED3517B43A31

polaanek píše:Windows defender vypnut, automatické aktualizace vypnuty

A co svchost? Porad zlobi?


Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Márty84 píše: A co svchost? Porad zlobi?

Po vypnutí automatických aktualizací Windows update to teď po restartu již nic nevytěžovalo, zřejmě to tedy bude tím Windows update.

Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by Jana (administrator) on JANA-PC on 24-05-2015 13:19:15
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana (Available Profiles: Jana)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hauppauge Computer Works, Inc) C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureDLNA.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureDLNA.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureDLNA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2148468087-2337131160-2898493071-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2148468087-2337131160-2898493071-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2148468087-2337131160-2898493071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2148468087-2337131160-2898493071-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\c1ro9vda.default
FF Homepage: hxxp://www.seznam.cz
FF NetworkProxy: "backup.ftp", "proxy.vscht.cz"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.gopher", "proxy.vscht.cz"
FF NetworkProxy: "backup.gopher_port", 3128
FF NetworkProxy: "backup.socks", "proxy.vscht.cz"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "proxy.vscht.cz"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "proxy.vscht.cz"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "proxy.vscht.cz"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "proxy.vscht.cz"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, .vscht.cz, 147.33.0.0/16"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.vscht.cz"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxy.vscht.cz"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 Hauppauge WinTV Extender; C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe [63608 2015-02-13] (Hauppauge Computer Works, Inc)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [583288 2015-02-13] (Hauppauge Computer Works)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-29] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [159480 2015-03-10] (ESET)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2012-11-20] (Hauppauge Computer Works, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-22] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-22] (Paragon)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 13:19 - 2015-05-24 13:20 - 00011083 _____ () C:\Users\Jana\Desktop\FRST.txt
2015-05-24 13:18 - 2015-05-24 13:19 - 00000000 ____D () C:\FRST
2015-05-24 13:18 - 2015-05-24 13:18 - 00112640 _____ (forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe
2015-05-24 13:17 - 2015-05-24 13:17 - 02108416 _____ (Farbar) C:\Users\Jana\Desktop\FRST64.exe
2015-05-24 10:27 - 2015-05-24 10:27 - 00014613 _____ () C:\ComboFix.txt
2015-05-24 10:10 - 2015-05-24 10:10 - 05627500 ____R (Swearware) C:\Users\Jana\Desktop\ComboFix.exe
2015-05-20 21:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-20 21:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-20 21:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-20 21:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-20 21:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-20 21:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-20 21:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-20 21:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-20 21:17 - 2015-05-24 10:27 - 00000000 ____D () C:\Qoobox
2015-05-20 21:16 - 2015-05-24 10:21 - 00000000 ____D () C:\Windows\erdnt
2015-05-20 16:56 - 2015-05-20 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-05-20 16:56 - 2015-05-20 16:56 - 00000000 ____D () C:\ProgramData\ESET
2015-05-20 16:56 - 2015-05-20 16:56 - 00000000 ____D () C:\Program Files\ESET
2015-05-20 10:52 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-16 12:55 - 2015-05-17 08:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 17:20 - 2015-02-04 02:00 - 00608072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-14 17:15 - 2015-02-04 05:56 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-14 17:15 - 2015-02-04 05:56 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-14 17:15 - 2015-02-04 05:56 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-14 17:15 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-14 17:15 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-05-14 12:45 - 2015-05-14 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 09:01 - 2015-05-14 09:01 - 00000000 ____D () C:\Program Files\trend micro
2015-05-13 20:30 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:30 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:18 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 20:18 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 20:18 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 20:18 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 20:17 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 20:17 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 20:17 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 20:17 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 20:17 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 20:17 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 20:17 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 20:17 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 20:17 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 20:17 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 20:17 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 20:17 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 20:17 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 20:17 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 20:17 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 20:17 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 20:17 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 20:17 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 20:17 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 20:17 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 20:17 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 20:17 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 20:17 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 20:17 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 20:17 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 20:17 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 20:17 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 20:17 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 20:17 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 20:17 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 20:17 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 20:17 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 20:17 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 20:17 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 20:17 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 20:17 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 20:17 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 20:17 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 20:17 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 20:17 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 20:17 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 20:17 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 20:17 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 20:17 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 20:17 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 20:16 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 20:16 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 20:16 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 20:16 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 20:16 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 20:16 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 20:16 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 20:16 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 20:16 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 20:16 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 20:16 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 20:16 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 20:16 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 20:16 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 20:16 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 20:15 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 20:15 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 20:15 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 20:15 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 20:15 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 20:15 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 20:15 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-11 16:56 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-11 16:56 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-11 16:56 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-11 16:56 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-11 16:56 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-11 16:56 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-11 16:56 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-11 16:56 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-11 16:56 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-11 16:56 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-11 16:56 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-11 16:56 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-11 16:56 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-11 16:56 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-11 16:56 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-11 16:56 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-11 16:56 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-11 16:56 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-11 16:56 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-11 16:56 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-11 16:56 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-11 16:56 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-11 16:56 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-11 16:56 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-11 16:56 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-11 16:56 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-11 16:56 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-11 16:56 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-11 16:56 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-11 16:56 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-11 16:56 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-11 16:56 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-11 16:56 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-11 16:56 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-11 16:56 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-11 16:56 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-11 16:56 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-11 16:56 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-11 16:56 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-11 16:56 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-11 16:56 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-11 16:56 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-11 16:56 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-11 16:56 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-11 16:56 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-11 16:56 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-11 16:56 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-11 16:56 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-11 16:56 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-11 16:56 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-11 16:56 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-11 16:56 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-11 16:56 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-11 16:56 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-11 16:56 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-11 16:56 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-11 16:56 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-11 16:56 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-11 16:56 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-11 16:56 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-11 16:56 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-11 16:56 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-11 16:56 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-11 16:27 - 2015-05-24 10:42 - 00005982 _____ () C:\Windows\setupact.log
2015-05-11 16:27 - 2015-05-11 16:27 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-06 20:41 - 2015-05-06 20:41 - 00000784 _____ () C:\Users\Jana\Desktop\ImageJ.lnk
2015-05-06 20:41 - 2015-05-06 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageJ
2015-05-06 20:41 - 2015-05-06 20:41 - 00000000 ____D () C:\Program Files\ImageJ
2015-04-29 19:48 - 2015-04-29 19:53 - 00000000 ____D () C:\ImageJ

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 11:07 - 2013-11-29 13:34 - 01165390 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 10:50 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 10:50 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 10:42 - 2013-11-29 15:03 - 00000000 ____D () C:\ProgramData\Hauppauge
2015-05-24 10:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 10:41 - 2013-11-29 14:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 10:23 - 2015-01-28 12:55 - 00003110 _____ () C:\Windows\PFRO.log
2015-05-24 10:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-24 10:22 - 2009-07-14 04:34 - 70254592 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-05-24 10:22 - 2009-07-14 04:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-05-24 10:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-05-24 10:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-05-24 10:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-05-22 22:56 - 2013-11-30 18:46 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Skype
2015-05-21 14:41 - 2010-11-21 11:27 - 00668866 _____ () C:\Windows\system32\perfh005.dat
2015-05-21 14:41 - 2010-11-21 11:27 - 00141526 _____ () C:\Windows\system32\perfc005.dat
2015-05-21 14:41 - 2009-07-14 07:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 10:53 - 2015-04-06 22:52 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 10:53 - 2015-04-06 22:52 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-17 08:20 - 2013-11-30 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-14 17:45 - 2013-11-30 13:13 - 00001091 _____ () C:\Users\Public\Desktop\WinTV 7.lnk
2015-05-14 17:45 - 2013-11-30 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-05-14 17:45 - 2013-11-29 15:05 - 00000401 _____ () C:\Windows\ODBCINST.INI
2015-05-14 17:45 - 2013-11-29 15:05 - 00000135 _____ () C:\Windows\ODBC.INI
2015-05-14 17:44 - 2013-11-29 15:04 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-14 17:44 - 2013-11-29 15:03 - 00000000 ____D () C:\Users\Public\WinTV
2015-05-14 17:43 - 2013-11-29 15:04 - 00038540 _____ () C:\Windows\Irremote.ini
2015-05-14 17:43 - 2013-11-29 15:03 - 00000000 ____D () C:\Program Files (x86)\WinTV
2015-05-14 17:42 - 2013-11-29 15:03 - 00002479 _____ () C:\Windows\HCWPNP.INI
2015-05-14 17:42 - 2013-11-29 14:50 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\DAEMON Tools Lite
2015-05-14 17:22 - 2013-11-29 14:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-14 17:21 - 2014-04-14 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-14 10:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 21:26 - 2015-01-28 12:55 - 00338600 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 21:25 - 2013-11-29 17:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 21:25 - 2013-11-29 17:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 20:45 - 2013-11-30 12:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 20:44 - 2013-11-29 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 20:39 - 2013-11-29 19:24 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 20:30 - 2013-11-29 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 19:47 - 2009-07-14 07:08 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-11 17:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2013-12-10 16:05 - 2013-12-10 16:05 - 1947136 _____ (Toshiba Samsung Storage Technology Corporation) C:\Users\Jana\AppData\Roaming\tsdnwin.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 10:06




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:50 GB) (Free:15.85 GB) NTFS
Drive d: () (Fixed) (Total:182.78 GB) (Free:79.1 GB) NTFS

Available physical RAM: 1062.27 MB
Total physical RAM: 2046.55 MB
Percentage of memory in use: 48%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3A7E4E83)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=182.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jana\Desktop" je 7 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zrejme ano. Mate vsechny aktualizace nainstalovane? Nezustala nejaka nekde viset?



Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Provedeno

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Jana at 2015-05-24 19:45:06 Run:1
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana (Available Profiles: Jana)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2148468087-2337131160-2898493071-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2148468087-2337131160-2898493071-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-2148468087-2337131160-2898493071-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value Removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value Removed successfully
HKU\S-1-5-21-2148468087-2337131160-2898493071-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
catchme => Service Removed successfully
AdobeARMservice => Service Removed successfully
SkypeUpdate => Service not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.
EmptyTemp: => Removed 443.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:46:59 ====

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

Vypadá ta dobře, po zapnutí je PC v klidu, ihned použitelné. Zkusmo ještě znovu zapnuto Windows update na automaticky, a chovalo se obdobně jak na začátku. Tedy v mém případě na 99% procent za to může Windows update. Zřejmě nebudu jediný...

Ještě něco je třeba, nebo mohu považovat za hotové?

Velmi moc děkuji za vaše rady.