Prosím o kontrolu - zpomalený ntb

Zpráva

Dubák · #1 Příspěvek od **Dubák** » 15 srp 2015 07:08

Prosím o kontrolu logu. Ntb je zpomalený.

#2 Příspěvek od **Márty84** » 15 srp 2015 07:39

Zdravim

Logy davejte primo zde, lepe se pak s nimi pracuje.

Vypnete trvale Windows Defender.

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Dubák · #3 Příspěvek od **Dubák** » 15 srp 2015 08:31

Omlouvám se, ale někde v návodu jsem četl o možnosti zasílání logu v archivu jako příloha.

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x64)
Date : 2015/08/15 9:16:21

-- Controller Map ----------------------------------------------------------
+ AMD SATA Controller [ATA]
- ST925031 5AS SATA Disk Device
- TSSTcorp CDDVDW TS-L633C SATA CdRom Device

-- Disk List ---------------------------------------------------------------
(1) ST9250315AS : 250,0 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST9250315AS
----------------------------------------------------------------------------
Model : ST9250315AS
Firmware : 0001SDM1
Serial Number : 5VCB9P82
Disk Size : 250,0 GB (8,4/137,4/250,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 488397168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/300
Power On Hours : 9599 hod.
Power On Count : 2629 krát
Temparature : 42 C (107 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 120 _99 __6 00000E46E85A Počet chyb čtení
03 100 _99 __0 000000000000 Čas na roztočení ploten
04 _96 _96 _20 0000000011D1 Počet spuštění/zastavení
05 100 100 _36 00000000000E Počet přemapovaných sektorů
07 _81 _60 _30 000008B1F207 Počet chybných hledání
09 _90 _90 __0 00000000257F Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _98 _37 _20 000000000A45 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB __1 __1 __0 0000000000B7 Ohlášeno neopravitelných chyb
BC 100 _98 __0 000000000095 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _58 _43 _45 001F301A002A Teplota toku vzduchu
BF 100 100 __0 000000000056 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000001 Počet vypnutí disku
C1 __1 __1 __0 0000000643F1 Počet cyklů načítání/vymazání
C2 _42 _57 __0 00100000002A Teplota
C3 _51 _38 __0 00000E46E85A Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 3556 3556 4342 3950 3832
020: 0000 4000 0004 3030 3031 4D31 4D31 5354 3932 3530
030: 3331 3541 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0506 0506 0000 0048 0048
080: 01F0 0029 346B 7D09 6123 BC09 BC09 6123 407F 0022
090: 0022 8080 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 5970 1D1C 0000 0000 0000 0000 0000 0000 5000 C500
110: 1E3A 25B2 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 5970
130: 1D1C 5970 1D1C 2020 0002 0100 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 001F 001F 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 3C00 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 103B 103B 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 1010 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 B8A5

---

# AdwCleaner v5.000 - Logfile created 15/08/2015 at 09:23:06
# Updated 14/08/2015 by Xplode
# Database : 2015-08-14.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Krhánková J - NB-KRHANKOVA
# Running from : C:\Users\Krhánková J\Downloads\adwcleaner_5.000.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar

***** [ Web browsers ] *****

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C3].txt - [1080 octets] - [15/08/2015 09:23:06]
C:\AdwCleaner[S3].txt - [1096 octets] - [15/08/2015 09:19:19]

########## EOF - C:\AdwCleaner[C3].txt - [1206 octets] ##########

---
log z mbam dodám ihned po dokončení skenu

#4 Příspěvek od **Márty84** » 15 srp 2015 08:56

Dubák píše:Omlouvám se, ale někde v návodu jsem četl o možnosti zasílání logu v archivu jako příloha.

Jako priloha se posila ten mene dulezity log z FRST. Aby se to pri zalozeni tematu pokud mozno veslo do jednoho prispevku. Kdyz si totiz uzivatel pri zalozeni tematu hned sam odpovi, vypada to, ze uz to nekdo resi a trva dele, nez ho objevime. Casu neni moc, tak hledame prednostne temata bez odpovedi. Jinak ale pro nas je mnohem lepsi, kdyz je log primo zde. Je to prehlednejsi a prace je pak rychlejsi. A kdyz uz se vas nekdo ujme, klidne muzou byt logy rozdeleny do vice prispevku, to uz neni zadny problem.

Disk na tom bohuzel neni moc dobre. Muze to byt pricina problemu. Uvidime po docisteni. Pockam tedy na log z MBAM a podle vysledku se zaridime dale.

Dubák · #5 Příspěvek od **Dubák** » 15 srp 2015 12:23

tak konečně je to tady...

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15.8.2015
Čas skenování: 9:37
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.15.02
Databáze rootkitů: v2015.08.06.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Krhánková J

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 595954
Uplynulý čas: 3 hod, 44 min, 14 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#6 Příspěvek od **Márty84** » 15 srp 2015 16:10

MBAM muzete odinstalovat.

Udelejte kontrolu programem HD Tune
Stahnete http://www.slunecnice.cz/sw/hd-tune/ , nainstalujte a spustte jako spravce (pokud vam pri instalaci nabidne nejaky doplnek, odmitnete ho!)
V tom okne kliknete na posledni zalozku - Error Scan (pokud bude zatrzeny quick scan, tak zatrzitko zruste) a kliknete na Start.
Kontrola bude nejakou dobu trvat. Dejte vedet, jestli tam bylo nejake cervene policko.
Taky se podivejte na zalozku Health a opiste mi (vyfotte), co se tam pise. Melo by tam byt OK http://www.google.cz/imgres?um=1&hl=cs& ... s:20,i:143

Dubák · #7 Příspěvek od **Dubák** » 15 srp 2015 17:48

tak vše zelené a prázdná záložka

#8 Příspěvek od **Márty84** » 15 srp 2015 19:55

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Dubák · #9 Příspěvek od **Dubák** » 16 srp 2015 01:59

ComboFix 15-08-14.01 - Krhánková J 16.08.2015 2:44.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2814.1245 [GMT 2:00]
Spuštěný z: c:\users\Krhßnkovß J\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-16 do 2015-08-16 )))))))))))))))))))))))))))))))
.
.
2015-08-16 00:53 . 2015-08-16 00:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-16 00:53 . 2015-08-16 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-15 15:24 . 2015-08-15 15:24 -------- d-----w- c:\program files (x86)\HD Tune
2015-08-15 07:19 . 2015-08-15 07:19 -------- d-----w- C:\AdwCleaner
2015-08-15 05:44 . 2015-08-15 05:53 -------- d-----w- C:\FRST
2015-08-15 05:39 . 2015-08-15 05:39 -------- d-----w- c:\users\Krhánková J\AppData\Local\TeamViewer
2015-08-15 05:36 . 2015-08-15 06:12 -------- d-----w- c:\program files (x86)\TeamViewer
2015-08-14 20:44 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 20:44 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 19:55 . 2015-08-14 20:19 -------- d-----w- c:\windows\$regcmp$
2015-08-14 17:28 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-14 17:06 . 2015-07-21 05:25 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8321CB6-1685-46F4-8A39-18C84AE33B71}\mpengine.dll
2015-08-14 14:48 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-14 14:48 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-14 14:48 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-14 14:48 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-14 14:48 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-14 14:48 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-14 14:48 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-14 14:48 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-14 14:46 . 2015-07-15 18:15 5568960 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-14 14:44 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-14 14:32 . 2015-07-16 20:35 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-08-14 14:31 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-22 11:04 . 2015-07-22 11:04 17318592 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-07-21 18:57 . 2015-07-21 18:57 1917080 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2015-07-21 18:57 . 2015-07-21 18:57 1375896 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2015-07-21 13:37 . 2015-07-21 13:37 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-07-21 13:36 . 2015-07-21 13:36 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-14 17:53 . 2012-08-29 05:15 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-14 17:53 . 2011-07-26 16:36 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-14 14:13 . 2010-04-18 07:53 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-21 13:37 . 2014-05-14 16:30 150160 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-21 13:37 . 2014-05-14 16:30 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-21 13:37 . 2014-05-14 16:30 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-21 13:37 . 2014-05-14 16:30 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-07-21 13:37 . 2014-05-14 16:30 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-21 13:37 . 2014-05-14 16:30 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-21 13:37 . 2014-05-14 16:30 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-21 13:36 . 2014-05-14 16:30 1048856 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-15 18:10 . 2015-08-14 14:46 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-14 14:46 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-14 14:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-15 12:02 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 12:02 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 11:30 . 2010-04-04 16:11 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:47 . 2015-07-15 12:05 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 12:05 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-15 21:50 . 2015-07-15 12:02 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 12:02 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 12:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 12:02 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 12:02 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 12:02 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 12:02 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 12:02 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 12:02 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 12:02 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 12:02 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 12:02 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-02 00:07 . 2015-07-15 12:05 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 12:05 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-05-25 18:19 . 2015-06-10 13:34 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 13:34 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 13:34 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:18 . 2015-06-10 13:34 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 13:34 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 13:34 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 13:34 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 13:34 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 13:34 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:01 . 2015-06-10 13:34 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 13:34 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 13:34 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:00 . 2015-06-10 13:34 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 13:34 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 13:34 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 13:34 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 13:34 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:00 . 2015-06-10 13:34 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-05-21 13:19 . 2015-06-08 14:13 193536 ----a-w- c:\windows\system32\aepic.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-05-14 28919424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-21 6109776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-15 05:05 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 17:53]
.
2015-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 13:20]
.
2015-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 13:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-21 13:37 777544 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.254.254.254 10.254.254.253
FF - ProfilePath - c:\users\Krhánková J\AppData\Roaming\Mozilla\Firefox\Profiles\ik1xbd8b.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-16 02:58:03
ComboFix-quarantined-files.txt 2015-08-16 00:58
.
Před spuštěním: Volných bajtů: 34 700 525 568
Po spuštění: Volných bajtů: 34 637 578 240
.
- - End Of File - - AF1CA0D54294BC23D417F5E348983C46

#10 Příspěvek od **Márty84** » 16 srp 2015 09:13

Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Dubák · #11 Příspěvek od **Dubák** » 16 srp 2015 10:25

ComboFix 15-08-14.01 - Krhánková J 16.08.2015 10:47:37.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2814.1211 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-16 do 2015-08-16 )))))))))))))))))))))))))))))))
.
.
2015-08-16 08:57 . 2015-08-16 08:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-16 08:57 . 2015-08-16 08:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-15 15:24 . 2015-08-15 15:24 -------- d-----w- c:\program files (x86)\HD Tune
2015-08-15 07:19 . 2015-08-15 07:19 -------- d-----w- C:\AdwCleaner
2015-08-15 05:44 . 2015-08-15 05:53 -------- d-----w- C:\FRST
2015-08-15 05:39 . 2015-08-15 05:39 -------- d-----w- c:\users\Krhánková J\AppData\Local\TeamViewer
2015-08-15 05:36 . 2015-08-15 06:12 -------- d-----w- c:\program files (x86)\TeamViewer
2015-08-14 20:44 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 20:44 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 19:55 . 2015-08-14 20:19 -------- d-----w- c:\windows\$regcmp$
2015-08-14 17:28 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-14 17:06 . 2015-07-21 05:25 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8321CB6-1685-46F4-8A39-18C84AE33B71}\mpengine.dll
2015-08-14 14:48 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-14 14:48 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-14 14:48 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-14 14:48 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-14 14:48 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-14 14:48 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-14 14:48 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-14 14:48 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-14 14:46 . 2015-07-15 18:15 5568960 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-14 14:44 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-14 14:32 . 2015-07-16 20:35 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-08-14 14:31 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-22 11:04 . 2015-07-22 11:04 17318592 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-07-21 18:57 . 2015-07-21 18:57 1917080 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2015-07-21 18:57 . 2015-07-21 18:57 1375896 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2015-07-21 13:37 . 2015-07-21 13:37 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-07-21 13:36 . 2015-07-21 13:36 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-14 17:53 . 2012-08-29 05:15 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-14 17:53 . 2011-07-26 16:36 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-14 14:13 . 2010-04-18 07:53 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-21 13:37 . 2014-05-14 16:30 150160 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-21 13:37 . 2014-05-14 16:30 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-21 13:37 . 2014-05-14 16:30 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-21 13:37 . 2014-05-14 16:30 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-07-21 13:37 . 2014-05-14 16:30 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-21 13:37 . 2014-05-14 16:30 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-21 13:37 . 2014-05-14 16:30 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-21 13:36 . 2014-05-14 16:30 1048856 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-15 18:10 . 2015-08-14 14:46 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-14 14:46 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-14 14:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-15 12:02 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 12:02 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 11:30 . 2010-04-04 16:11 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:47 . 2015-07-15 12:05 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 12:05 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-15 21:50 . 2015-07-15 12:02 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 12:02 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 12:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 12:02 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 12:02 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 12:02 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 12:02 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 12:02 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 12:02 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 12:02 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 12:02 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 12:02 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-02 00:07 . 2015-07-15 12:05 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 12:05 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-05-25 18:19 . 2015-06-10 13:34 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 13:34 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 13:34 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:18 . 2015-06-10 13:34 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 13:34 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 13:34 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 13:34 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 13:34 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 13:34 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:01 . 2015-06-10 13:34 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 13:34 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 13:34 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:00 . 2015-06-10 13:34 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 13:34 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 13:34 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 13:34 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 13:34 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:00 . 2015-06-10 13:34 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-05-21 13:19 . 2015-06-08 14:13 193536 ----a-w- c:\windows\system32\aepic.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-21 6109776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-15 05:05 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 17:53]
.
2015-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 13:20]
.
2015-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 13:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-21 13:37 777544 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.254.254.254 10.254.254.253
FF - ProfilePath - c:\users\Krhánková J\AppData\Roaming\Mozilla\Firefox\Profiles\ik1xbd8b.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2015-08-16 11:15:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-16 09:15
ComboFix2.txt 2015-08-16 00:58
.
Před spuštěním: Volných bajtů: 34 044 698 624
Po spuštění: Volných bajtů: 33 526 923 264
.
- - End Of File - - 9AC71D0EF2067950CD24EE3BBC501526

#12 Příspěvek od **Márty84** » 16 srp 2015 10:38

Dejte log z RSITx64 http://images.malwareremoval.com/random/RSITx64.exe , navod zde http://forum.viry.cz/viewtopic.php?f=30&t=130787

a k tomu

Dejte nove logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Dubák · #13 Příspěvek od **Dubák** » 16 srp 2015 11:13

Logfile of random's system information tool 1.10 (written by random/random)
Run by Krhánková J at 2015-08-16 11:45:43
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 32 GB (28%) free of 114 GB
Total RAM: 2814 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:44, on 16.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\trend micro\Krhánková J.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10825 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe" -s
C:\Windows\system32\svchost.exe -k HsfXAudioService
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe"
WLIDSvcM.exe 2740
"C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe" -s
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\explorer.exe
"c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe" --IPCport 5939
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

"C:\Users\Krhánková J\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Krhánková J\AppData\Roaming\Mozilla\Firefox\Profiles\ik1xbd8b.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, wrc@avast.com:7.0.1426, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.6.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.6.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-29 537576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-21 655480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-29 193512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-29 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-21 559624]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-29 157672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-08-06 8060960]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-09-18 1842472]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-10-01 823840]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2010-11-03 1580368]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-09-25 261888]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-30 98304]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2009-11-02 1094736]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-04-23 43848]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-07-21 6109776]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-05-26 152392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux2"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-08-16 11:42:24 ----D---- C:\rsit
2015-08-16 11:15:43 ----A---- C:\ComboFix.txt
2015-08-16 11:08:19 ----SHD---- C:\$RECYCLE.BIN
2015-08-16 10:32:45 ----R---- C:\ComboFix.exe
2015-08-16 10:23:36 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-08-16 02:42:11 ----D---- C:\Qoobox
2015-08-15 17:24:27 ----D---- C:\Program Files (x86)\HD Tune
2015-08-15 09:23:06 ----A---- C:\AdwCleaner[C3].txt
2015-08-15 09:19:19 ----A---- C:\AdwCleaner[S3].txt
2015-08-15 09:19:14 ----D---- C:\AdwCleaner
2015-08-15 07:44:14 ----D---- C:\FRST
2015-08-15 07:36:20 ----D---- C:\Program Files (x86)\TeamViewer
2015-08-14 22:44:44 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 22:44:43 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 21:55:57 ----D---- C:\Windows\$regcmp$
2015-08-14 19:28:40 ----A---- C:\Windows\system32\basesrv.dll
2015-08-14 16:48:05 ----A---- C:\Windows\system32\invagent.dll
2015-08-14 16:48:05 ----A---- C:\Windows\system32\generaltel.dll
2015-08-14 16:48:05 ----A---- C:\Windows\system32\devinv.dll
2015-08-14 16:48:05 ----A---- C:\Windows\system32\appraiser.dll
2015-08-14 16:48:05 ----A---- C:\Windows\system32\aeinv.dll
2015-08-14 16:48:05 ----A---- C:\Windows\system32\acmigration.dll
2015-08-14 16:48:04 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-08-14 16:48:04 ----A---- C:\Windows\system32\aepdu.dll
2015-08-14 16:47:46 ----A---- C:\Windows\system32\mstscax.dll
2015-08-14 16:47:45 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2015-08-14 16:47:44 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2015-08-14 16:47:44 ----A---- C:\Windows\system32\tsgqec.dll
2015-08-14 16:47:44 ----A---- C:\Windows\system32\aaclient.dll
2015-08-14 16:47:43 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2015-08-14 16:47:18 ----A---- C:\Windows\system32\FntCache.dll
2015-08-14 16:47:18 ----A---- C:\Windows\system32\DWrite.dll
2015-08-14 16:47:17 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-08-14 16:47:16 ----A---- C:\Windows\system32\win32k.sys
2015-08-14 16:47:16 ----A---- C:\Windows\system32\atmfd.dll
2015-08-14 16:47:15 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-08-14 16:47:12 ----A---- C:\Windows\system32\lpk.dll
2015-08-14 16:47:12 ----A---- C:\Windows\system32\d3d10warp.dll
2015-08-14 16:47:11 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2015-08-14 16:47:11 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-08-14 16:47:11 ----A---- C:\Windows\system32\atmlib.dll
2015-08-14 16:47:10 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-08-14 16:47:10 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-08-14 16:47:10 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-08-14 16:47:10 ----A---- C:\Windows\system32\fontsub.dll
2015-08-14 16:47:10 ----A---- C:\Windows\system32\dciman32.dll
2015-08-14 16:46:40 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-08-14 16:46:39 ----A---- C:\Windows\system32\ntdll.dll
2015-08-14 16:46:38 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-08-14 16:46:38 ----A---- C:\Windows\system32\sysmain.dll
2015-08-14 16:46:38 ----A---- C:\Windows\system32\kernel32.dll
2015-08-14 16:46:37 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-08-14 16:46:34 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-08-14 16:46:33 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-08-14 16:46:32 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-08-14 16:46:32 ----A---- C:\Windows\system32\lsasrv.dll
2015-08-14 16:46:31 ----A---- C:\Windows\system32\KernelBase.dll
2015-08-14 16:46:30 ----A---- C:\Windows\system32\wow64.dll
2015-08-14 16:46:30 ----A---- C:\Windows\system32\rstrui.exe
2015-08-14 16:46:27 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-08-14 16:46:27 ----A---- C:\Windows\system32\winsrv.dll
2015-08-14 16:46:27 ----A---- C:\Windows\system32\srcore.dll
2015-08-14 16:46:27 ----A---- C:\Windows\system32\rpcrt4.dll
2015-08-14 16:46:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-08-14 16:46:26 ----A---- C:\Windows\system32\schannel.dll
2015-08-14 16:46:26 ----A---- C:\Windows\system32\msv1_0.dll
2015-08-14 16:46:26 ----A---- C:\Windows\system32\kerberos.dll
2015-08-14 16:46:26 ----A---- C:\Windows\system32\csrsrv.dll
2015-08-14 16:46:26 ----A---- C:\Windows\system32\conhost.exe
2015-08-14 16:46:25 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-08-14 16:46:25 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-08-14 16:46:25 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-08-14 16:46:25 ----A---- C:\Windows\system32\wdigest.dll
2015-08-14 16:46:25 ----A---- C:\Windows\system32\smss.exe
2015-08-14 16:46:25 ----A---- C:\Windows\system32\ncrypt.dll
2015-08-14 16:46:25 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-08-14 16:46:25 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-08-14 16:46:24 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-08-14 16:46:24 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-08-14 16:46:24 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-08-14 16:46:24 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-08-14 16:46:24 ----A---- C:\Windows\system32\TSpkg.dll
2015-08-14 16:46:24 ----A---- C:\Windows\system32\sspicli.dll
2015-08-14 16:46:24 ----A---- C:\Windows\system32\lsass.exe
2015-08-14 16:46:24 ----A---- C:\Windows\system32\auditpol.exe
2015-08-14 16:46:23 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-08-14 16:46:23 ----A---- C:\Windows\system32\srclient.dll
2015-08-14 16:46:23 ----A---- C:\Windows\system32\ntvdm64.dll
2015-08-14 16:46:23 ----A---- C:\Windows\system32\cryptbase.dll
2015-08-14 16:46:22 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-08-14 16:46:22 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-08-14 16:46:22 ----A---- C:\Windows\system32\secur32.dll
2015-08-14 16:46:22 ----A---- C:\Windows\system32\msmmsp.dll
2015-08-14 16:46:21 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-08-14 16:46:21 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-08-14 16:46:21 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-08-14 16:46:21 ----A---- C:\Windows\system32\wow64win.dll
2015-08-14 16:46:21 ----A---- C:\Windows\system32\wow64cpu.dll
2015-08-14 16:46:21 ----A---- C:\Windows\system32\sspisrv.dll
2015-08-14 16:46:21 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-08-14 16:46:21 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-08-14 16:46:21 ----A---- C:\Windows\system32\credssp.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 16:46:20 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 16:46:20 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-08-14 16:46:20 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-08-14 16:46:20 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-08-14 16:46:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 16:46:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-14 16:46:19 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-14 16:46:19 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 16:46:19 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 16:46:19 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-14 16:46:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 16:46:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 16:46:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 16:46:18 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 16:46:18 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-14 16:46:18 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-14 16:46:18 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 16:46:18 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 16:46:18 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 16:46:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 16:46:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 16:46:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 16:46:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 16:46:14 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 16:46:13 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 16:46:13 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-08-14 16:46:13 ----A---- C:\Windows\system32\apisetschema.dll
2015-08-14 16:46:12 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-08-14 16:46:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 16:46:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-14 16:46:11 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 16:46:11 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-14 16:46:10 ----A---- C:\Windows\SYSWOW64\user.exe
2015-08-14 16:46:10 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-08-14 16:46:10 ----A---- C:\Windows\system32\adtschema.dll
2015-08-14 16:46:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-08-14 16:46:06 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-08-14 16:46:06 ----A---- C:\Windows\system32\msobjs.dll
2015-08-14 16:46:06 ----A---- C:\Windows\system32\msaudite.dll
2015-08-14 16:44:11 ----A---- C:\Windows\system32\shell32.dll
2015-08-14 16:44:08 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-08-14 16:43:51 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-08-14 16:43:51 ----A---- C:\Windows\system32\wucltux.dll
2015-08-14 16:43:51 ----A---- C:\Windows\system32\wuaueng.dll
2015-08-14 16:43:51 ----A---- C:\Windows\system32\wuauclt.exe
2015-08-14 16:43:50 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-08-14 16:43:50 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-08-14 16:43:50 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-08-14 16:43:50 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-08-14 16:43:50 ----A---- C:\Windows\system32\wuwebv.dll
2015-08-14 16:43:50 ----A---- C:\Windows\system32\wups2.dll
2015-08-14 16:43:50 ----A---- C:\Windows\system32\wups.dll
2015-08-14 16:43:50 ----A---- C:\Windows\system32\wudriver.dll
2015-08-14 16:43:50 ----A---- C:\Windows\system32\wuapp.exe
2015-08-14 16:43:50 ----A---- C:\Windows\system32\wuapi.dll
2015-08-14 16:43:50 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-08-14 16:43:50 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-08-14 16:43:24 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-14 16:32:56 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-08-14 16:32:56 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-08-14 16:32:56 ----A---- C:\Windows\system32\iertutil.dll
2015-08-14 16:32:55 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-08-14 16:32:55 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-08-14 16:32:55 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-08-14 16:32:54 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-08-14 16:32:53 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-08-14 16:32:53 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-08-14 16:32:53 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-08-14 16:32:53 ----A---- C:\Windows\system32\iernonce.dll
2015-08-14 16:32:53 ----A---- C:\Windows\system32\ie4uinit.exe
2015-08-14 16:32:52 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-08-14 16:32:52 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-08-14 16:32:52 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-08-14 16:32:52 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-14 16:32:51 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-08-14 16:32:50 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-08-14 16:32:50 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-08-14 16:32:49 ----A---- C:\Windows\system32\urlmon.dll
2015-08-14 16:32:49 ----A---- C:\Windows\system32\iedkcs32.dll
2015-08-14 16:32:48 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-08-14 16:32:47 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-08-14 16:32:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-08-14 16:32:45 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-08-14 16:32:45 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-08-14 16:32:45 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-14 16:32:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-08-14 16:32:44 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-08-14 16:32:44 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-08-14 16:32:44 ----A---- C:\Windows\system32\msfeeds.dll
2015-08-14 16:32:44 ----A---- C:\Windows\system32\dxtrans.dll
2015-08-14 16:32:43 ----A---- C:\Windows\system32\iesetup.dll
2015-08-14 16:32:43 ----A---- C:\Windows\system32\ieapfltr.dll
2015-08-14 16:32:41 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-08-14 16:32:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-08-14 16:32:40 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-08-14 16:32:40 ----A---- C:\Windows\system32\vbscript.dll
2015-08-14 16:32:39 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-08-14 16:32:39 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-08-14 16:32:39 ----A---- C:\Windows\system32\jsproxy.dll
2015-08-14 16:32:39 ----A---- C:\Windows\system32\ieUnatt.exe
2015-08-14 16:32:39 ----A---- C:\Windows\system32\dxtmsft.dll
2015-08-14 16:32:38 ----A---- C:\Windows\system32\ieui.dll
2015-08-14 16:32:38 ----A---- C:\Windows\system32\ieframe.dll
2015-08-14 16:32:37 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-08-14 16:32:37 ----A---- C:\Windows\system32\mshtmled.dll
2015-08-14 16:32:37 ----A---- C:\Windows\system32\jscript9diag.dll
2015-08-14 16:32:37 ----A---- C:\Windows\system32\jscript9.dll
2015-08-14 16:32:37 ----A---- C:\Windows\system32\jscript.dll
2015-08-14 16:32:36 ----A---- C:\Windows\system32\wininet.dll
2015-08-14 16:32:35 ----A---- C:\Windows\system32\msrating.dll
2015-08-14 16:32:35 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-08-14 16:32:34 ----A---- C:\Windows\system32\mshtml.dll
2015-08-14 16:31:58 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2015-08-14 16:31:58 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2015-08-14 16:31:58 ----A---- C:\Windows\system32\WebClnt.dll
2015-08-14 16:31:58 ----A---- C:\Windows\system32\davclnt.dll
2015-08-14 16:31:49 ----A---- C:\Windows\system32\msxml6.dll
2015-08-14 16:31:49 ----A---- C:\Windows\system32\msxml3.dll
2015-08-14 16:31:48 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2015-08-14 16:31:48 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2015-08-14 16:31:48 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-08-14 16:31:48 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-08-14 16:31:48 ----A---- C:\Windows\system32\msxml6r.dll
2015-08-14 16:31:48 ----A---- C:\Windows\system32\msxml3r.dll
2015-08-14 16:31:38 ----A---- C:\Windows\SYSWOW64\notepad.exe
2015-08-14 16:31:38 ----A---- C:\Windows\system32\notepad.exe
2015-08-14 16:31:38 ----A---- C:\Windows\notepad.exe
2015-07-21 15:37:27 ----A---- C:\Windows\system32\aswBoot.exe
2015-07-21 15:36:55 ----A---- C:\Windows\avastSS.scr

======List of files/folders modified in the last 1 month======

2015-08-16 11:45:44 ----D---- C:\Program Files\trend micro
2015-08-16 11:40:41 ----RD---- C:\Program Files (x86)
2015-08-16 11:40:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-16 11:33:47 ----D---- C:\Windows\Temp
2015-08-16 11:15:47 ----D---- C:\Windows\system32\drivers
2015-08-16 11:08:20 ----D---- C:\Windows
2015-08-16 11:08:20 ----A---- C:\Windows\system.ini
2015-08-16 11:08:11 ----D---- C:\Windows\system32\drivers\etc
2015-08-16 11:06:11 ----D---- C:\Windows\system32\config
2015-08-16 10:57:14 ----D---- C:\Windows\erdnt
2015-08-16 10:52:24 ----D---- C:\Windows\SYSWOW64\drivers
2015-08-16 10:52:24 ----D---- C:\Windows\SysWOW64
2015-08-16 10:52:23 ----D---- C:\Windows\AppPatch
2015-08-16 10:52:22 ----D---- C:\Program Files (x86)\Common Files
2015-08-16 08:56:57 ----D---- C:\ProgramData
2015-08-16 08:56:56 ----D---- C:\Windows\system32\Tasks
2015-08-16 08:56:52 ----SHD---- C:\System Volume Information
2015-08-15 15:13:27 ----D---- C:\Users\Krhánková J\AppData\Roaming\Skype
2015-08-15 14:28:45 ----D---- C:\Windows\rescache
2015-08-15 08:47:50 ----D---- C:\$Windows.~BT
2015-08-15 08:39:11 ----D---- C:\Windows\Microsoft.NET
2015-08-15 08:38:07 ----RSD---- C:\Windows\assembly
2015-08-15 08:21:54 ----D---- C:\Windows\Panther
2015-08-15 07:36:33 ----RSD---- C:\Windows\Fonts
2015-08-15 07:36:32 ----D---- C:\Users\Krhánková J\AppData\Roaming\TeamViewer
2015-08-15 07:27:34 ----D---- C:\Windows\inf
2015-08-15 00:04:40 ----D---- C:\Windows\Logs
2015-08-14 22:50:40 ----D---- C:\Windows\winsxs
2015-08-14 22:48:44 ----D---- C:\Program Files\Microsoft Silverlight
2015-08-14 22:48:41 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 22:47:17 ----SD---- C:\Windows\system32\CompatTel
2015-08-14 22:47:17 ----D---- C:\Windows\system32\appraiser
2015-08-14 22:47:17 ----D---- C:\Windows\System32
2015-08-14 22:46:16 ----SHD---- C:\Windows\Installer
2015-08-14 22:46:14 ----D---- C:\Config.Msi
2015-08-14 22:46:00 ----D---- C:\ProgramData\Microsoft Help
2015-08-14 19:53:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-08-14 19:49:09 ----D---- C:\Windows\cs
2015-08-14 18:52:42 ----D---- C:\ProgramData\Malwarebytes
2015-08-14 18:41:30 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-08-14 18:41:29 ----D---- C:\Windows\system32\drivers\cs-CZ
2015-08-14 18:41:29 ----D---- C:\Windows\system32\cs-CZ
2015-08-14 18:41:25 ----D---- C:\Program Files\Internet Explorer
2015-08-14 18:41:24 ----D---- C:\Windows\SYSWOW64\en-US
2015-08-14 18:41:23 ----D---- C:\Windows\system32\en-US
2015-08-14 18:41:21 ----D---- C:\Program Files (x86)\Internet Explorer
2015-08-14 18:28:27 ----D---- C:\Windows\Minidump
2015-08-14 18:28:27 ----D---- C:\Windows\debug
2015-08-14 18:26:22 ----D---- C:\Program Files\CCleaner
2015-08-14 18:18:17 ----D---- C:\ProgramData\Skype
2015-08-14 18:18:09 ----RD---- C:\Program Files (x86)\Skype
2015-08-14 18:12:52 ----D---- C:\Windows\tracing
2015-08-14 16:18:58 ----D---- C:\Windows\system32\NDF
2015-08-14 16:13:56 ----RD---- C:\Program Files
2015-08-14 16:13:56 ----D---- C:\Windows\system32\MRT
2015-08-14 16:13:46 ----A---- C:\Windows\system32\MRT.exe
2015-08-13 18:41:20 ----D---- C:\Windows\system32\catroot2
2015-08-08 13:32:23 ----A---- C:\Windows\wininit.ini
2015-07-28 17:08:51 ----D---- C:\Windows\SoftwareDistribution
2015-07-25 15:59:30 ----SD---- C:\Windows\system32\GWX
2015-07-24 08:56:13 ----D---- C:\Windows\LiveKernelReports
2015-07-20 03:32:20 ----D---- C:\Windows\PolicyDefinitions
2015-07-20 03:32:06 ----D---- C:\Windows\system32\wbem
2015-07-19 13:03:19 ----SD---- C:\Windows\SYSWOW64\GWX
2015-07-19 12:59:19 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-07-21 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-07-21 274808]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-07-21 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-07-21 1048856]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-07-21 447944]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-07-21 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-07-21 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-07-21 150160]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2009-06-10 17024]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 119312]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6038016]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2009-02-13 1485824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-08-06 1974944]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-09-18 292912]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2009-02-13 740864]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-07-02 52264]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-10-03 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-08-29 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-08-29 21160]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 132608]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-30 203264]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-07-21 146600]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-10-03 873248]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-01 844320]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe [2005-01-04 65536]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-08-07 5611280]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe [2005-01-04 1527893]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]
S2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-25 62720]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14 269000]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-16 114688]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-05-26 641352]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-16 149160]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-18 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 Greg_Service;GRegService; C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Dubák · #14 Příspěvek od **Dubák** » 16 srp 2015 11:14

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Krhánková J (administrator) on NB-KRHANKOVA (16-08-2015 12:06:58)
Running from C:\Users\Krhánková J\Desktop
Loaded Profiles: Krhánková J (Available Profiles: Krhánková J)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(The Firebird Project) C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(The Firebird Project) C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(forum.viry.cz) C:\Users\Krhánková J\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-21] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-12-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-21] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-11] (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3812233246-2506474311-2689633737-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3812233246-2506474311-2689633737-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACAW
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3812233246-2506474311-2689633737-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3812233246-2506474311-2689633737-1000 -> {93B0FE99-29BF-4792-8334-E8CB5B9209AC} URL = hxxp://www.webhledani.cz/results.aspx?i=39&tp= ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-21] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-29] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-21] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-29] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3812233246-2506474311-2689633737-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.254.254.254 10.254.254.253
Tcpip\..\Interfaces\{40B1FABF-59AE-480C-91F2-CD8E4B90ED82}: [DhcpNameServer] 81.200.55.6 81.200.55.34
Tcpip\..\Interfaces\{AE9D1F6A-3734-48A4-8B68-74B1B313EB4E}: [DhcpNameServer] 10.254.254.254 10.254.254.253

FireFox:
========
FF ProfilePath: C:\Users\Krhánková J\AppData\Roaming\Mozilla\Firefox\Profiles\ik1xbd8b.default
FF DefaultSearchEngine: Seznam
FF SelectedSearchEngine: Seznam
FF Homepage: www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2012-08-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-08-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-08-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-08-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-08-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-08-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-08-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-08-12] (Apple Computer, Inc.)
FF Extension: Adblock Plus - C:\Users\Krhánková J\AppData\Roaming\Mozilla\Firefox\Profiles\ik1xbd8b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-14]

Chrome:
=======
CHR Profile: C:\Users\Krhánková J\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Krhánková J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-21] (AVAST Software)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe [65536 2005-01-04] (The Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe [1527893 2005-01-04] (The Firebird Project) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-18] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-21] (AVAST Software)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-07-23] (Huawei Technologies Co., Ltd.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 12:06 - 2015-08-16 12:07 - 00017125 _____ C:\Users\Krhánková J\Desktop\FRST.txt
2015-08-16 12:05 - 2015-03-27 21:07 - 00112640 _____ (forum.viry.cz) C:\Users\Krhánková J\Desktop\FRSTLauncher.exe
2015-08-16 11:48 - 2015-08-16 11:48 - 02173952 _____ (Farbar) C:\Users\Krhánková J\Downloads\FRST64(1).exe
2015-08-16 11:47 - 2015-08-16 11:47 - 02173952 _____ (Farbar) C:\Users\Krhánková J\Desktop\FRST64.exe
2015-08-16 11:42 - 2015-08-16 11:42 - 00000000 ____D C:\rsit
2015-08-16 11:41 - 2015-08-16 11:41 - 01222144 _____ C:\Users\Krhánková J\Desktop\RSITx64.exe
2015-08-16 11:15 - 2015-08-16 11:15 - 00020420 _____ C:\ComboFix.txt
2015-08-16 10:32 - 2015-08-16 02:40 - 05634818 ____R (Swearware) C:\ComboFix.exe
2015-08-16 10:23 - 2015-08-16 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-16 08:47 - 2015-08-16 08:48 - 08163850 _____ C:\Users\Krhánková J\Downloads\Application_Acer_1.02.3502_W7x64_A.zip
2015-08-16 02:42 - 2015-08-16 11:15 - 00000000 ____D C:\Qoobox
2015-08-16 02:39 - 2015-08-16 02:40 - 05634818 ____R (Swearware) C:\Users\Krhánková J\Desktop\ComboFix.exe
2015-08-15 17:24 - 2015-08-15 17:24 - 00000936 _____ C:\Users\Krhánková J\Desktop\HD Tune.lnk
2015-08-15 17:24 - 2015-08-15 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2015-08-15 17:24 - 2015-08-15 17:24 - 00000000 ____D C:\Program Files (x86)\HD Tune
2015-08-15 17:23 - 2015-08-15 17:23 - 00642632 _____ (EFD Software ) C:\Users\Krhánková J\Downloads\hdtune_255.exe
2015-08-15 15:12 - 2015-08-16 12:01 - 00004384 _____ C:\Windows\PFRO.log
2015-08-15 09:33 - 2015-08-15 09:34 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Krhánková J\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-15 09:23 - 2015-08-15 09:23 - 00001275 _____ C:\AdwCleaner[C3].txt
2015-08-15 09:19 - 2015-08-15 09:20 - 00001096 _____ C:\AdwCleaner[S3].txt
2015-08-15 09:19 - 2015-08-15 09:19 - 00000000 ____D C:\AdwCleaner
2015-08-15 09:17 - 2015-08-15 09:17 - 01563648 _____ C:\Users\Krhánková J\Downloads\adwcleaner_5.000.exe
2015-08-15 09:15 - 2012-01-05 14:02 - 00001268 _____ C:\Users\Krhánková J\Desktop\COPYRIGHT.txt
2015-08-15 09:13 - 2015-08-15 09:13 - 01496172 _____ C:\Users\Krhánková J\Downloads\CrystalDiskInfo5_0_0.zip
2015-08-15 07:47 - 2015-08-15 07:48 - 00036741 _____ C:\Users\Krhánková J\Downloads\Addition.txt
2015-08-15 07:46 - 2015-08-15 07:50 - 00057041 _____ C:\Users\Krhánková J\Downloads\FRST.txt
2015-08-15 07:44 - 2015-08-16 12:07 - 00000000 ____D C:\FRST
2015-08-15 07:43 - 2015-08-16 12:01 - 00000392 _____ C:\Windows\setupact.log
2015-08-15 07:43 - 2015-08-15 07:43 - 00000000 _____ C:\Windows\setuperr.log
2015-08-15 07:39 - 2015-08-15 07:39 - 00000000 ____D C:\Users\Krhánková J\AppData\Local\TeamViewer
2015-08-15 07:36 - 2015-08-15 08:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-15 07:36 - 2015-08-15 07:36 - 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-15 07:36 - 2015-08-15 07:36 - 00001041 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-08-15 07:35 - 2015-08-15 07:35 - 08144048 _____ (TeamViewer GmbH) C:\Users\Krhánková J\Downloads\TeamViewer_Setup_cs.exe
2015-08-15 07:31 - 2015-08-15 08:11 - 00011348 _____ C:\Users\Krhánková J\Downloads\hijackthis.log
2015-08-15 07:29 - 2015-08-15 07:29 - 00401720 _____ (Trend Micro Inc.) C:\Users\Krhánková J\Downloads\HijackThis.exe
2015-08-15 07:25 - 2015-08-15 07:25 - 00000723 _____ C:\Users\Krhánková J\Desktop\chata kroupy.lnk
2015-08-15 07:24 - 2015-08-15 07:24 - 00000777 _____ C:\Users\Krhánková J\Desktop\hudba -jana iphone.lnk
2015-08-15 07:15 - 2015-08-15 07:15 - 00000750 _____ C:\Users\Krhánková J\Desktop\Naty_mobil.lnk
2015-08-14 22:44 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 22:44 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 21:55 - 2015-08-14 22:19 - 00000000 ____D C:\Windows\$regcmp$
2015-08-14 19:28 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-14 16:48 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-14 16:48 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-14 16:48 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-14 16:48 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-14 16:48 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-14 16:48 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-14 16:48 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-14 16:48 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-14 16:47 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-14 16:47 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-14 16:47 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-14 16:47 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-14 16:47 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-14 16:47 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-14 16:47 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-14 16:47 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-14 16:47 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-14 16:47 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-14 16:47 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-14 16:47 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-14 16:47 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-14 16:47 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-14 16:47 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-14 16:47 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-14 16:47 - 2015-07-10 19:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-14 16:47 - 2015-07-10 19:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-14 16:47 - 2015-07-10 19:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-14 16:47 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-14 16:47 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-14 16:47 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-14 16:46 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-14 16:46 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-14 16:46 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-14 16:46 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-14 16:46 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-14 16:46 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-14 16:46 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-14 16:46 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-14 16:46 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-14 16:46 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-14 16:46 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-14 16:46 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-14 16:46 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-14 16:46 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-14 16:46 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-14 16:46 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-14 16:46 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-14 16:46 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-14 16:46 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-14 16:46 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-14 16:46 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-14 16:46 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-14 16:46 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-14 16:46 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-14 16:46 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-14 16:46 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-14 16:46 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-14 16:46 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-14 16:46 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-14 16:46 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-14 16:46 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-14 16:46 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-14 16:46 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-14 16:46 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-14 16:46 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-14 16:46 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-14 16:46 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-14 16:46 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-14 16:46 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-14 16:46 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-14 16:46 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-14 16:46 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-14 16:46 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-14 16:46 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-14 16:46 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 16:46 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-14 16:44 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-14 16:44 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-14 16:43 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-14 16:43 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-14 16:43 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-14 16:43 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-14 16:43 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-14 16:43 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-14 16:43 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-14 16:43 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-14 16:43 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-14 16:43 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-14 16:43 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-14 16:43 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-14 16:43 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-14 16:43 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-14 16:43 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-14 16:43 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-14 16:43 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-14 16:32 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-14 16:32 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-14 16:32 - 2015-07-16 23:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-14 16:32 - 2015-07-16 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-14 16:32 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-14 16:32 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-14 16:32 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-14 16:32 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-14 16:32 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-14 16:32 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-14 16:32 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-14 16:32 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-14 16:32 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-14 16:32 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-14 16:32 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-14 16:32 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-14 16:32 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-14 16:32 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-14 16:32 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-14 16:32 - 2015-07-16 22:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-14 16:32 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-14 16:32 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-14 16:32 - 2015-07-16 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-14 16:32 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-14 16:32 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-14 16:32 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-14 16:32 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-14 16:32 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-14 16:32 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-14 16:32 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-14 16:32 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-14 16:32 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-14 16:32 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-14 16:32 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-14 16:32 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-14 16:32 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-14 16:32 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-14 16:32 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-14 16:32 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-14 16:32 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-14 16:32 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-14 16:32 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-14 16:32 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-14 16:32 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-14 16:32 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-14 16:32 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-14 16:32 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-14 16:32 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-14 16:32 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-14 16:32 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-14 16:32 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-14 16:32 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-14 16:32 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-14 16:32 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-14 16:32 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-14 16:32 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-14 16:32 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-14 16:32 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-14 16:32 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-14 16:32 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-14 16:31 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-14 16:31 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-14 16:31 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-14 16:31 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-14 16:31 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-14 16:31 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-14 16:31 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-14 16:31 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-14 16:31 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-14 16:31 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-14 16:31 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-14 16:31 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-14 16:31 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-14 16:31 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-14 16:31 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-07-21 15:38 - 2015-07-21 15:38 - 00001928 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-21 15:38 - 2015-07-21 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-21 15:37 - 2015-07-21 15:37 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-21 15:36 - 2015-07-21 15:36 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 12:06 - 2009-12-22 02:47 - 01605745 _____ C:\Windows\WindowsUpdate.log
2015-08-16 12:04 - 2010-04-04 07:42 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-16 12:02 - 2011-02-12 18:21 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-08-16 12:01 - 2012-07-19 17:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-16 12:01 - 2010-04-04 07:42 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 12:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-16 11:52 - 2013-02-07 16:25 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-16 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-16 11:45 - 2012-08-29 08:44 - 00000000 ____D C:\Program Files\trend micro
2015-08-16 11:15 - 2009-07-14 06:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-16 11:15 - 2009-07-14 06:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-16 11:08 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-08-16 10:57 - 2015-02-04 14:49 - 00000000 ____D C:\Windows\erdnt
2015-08-16 08:56 - 2009-10-28 20:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-15 17:18 - 2009-07-14 07:08 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-15 15:13 - 2010-04-18 10:05 - 00000000 ____D C:\Users\Krhánková J\AppData\Roaming\Skype
2015-08-15 14:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-08-15 09:24 - 2009-07-14 06:45 - 00419136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-15 09:11 - 2010-04-02 23:41 - 00111288 _____ C:\Users\Krhánková J\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-15 08:47 - 2015-07-10 18:25 - 00000000 ____D C:\$Windows.~BT
2015-08-15 08:21 - 2009-07-27 22:41 - 00000000 ____D C:\Windows\Panther
2015-08-15 07:36 - 2014-05-14 18:24 - 00000000 ____D C:\Users\Krhánková J\AppData\Roaming\TeamViewer
2015-08-15 07:19 - 2010-04-18 10:06 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-15 07:14 - 2010-04-02 23:41 - 00000000 ____D C:\Users\Krhánková J
2015-08-15 07:07 - 2011-06-12 11:34 - 00253440 ___SH C:\Users\Krhánková J\Thumbs.db
2015-08-14 22:48 - 2012-08-29 08:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 22:48 - 2012-08-29 08:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 22:47 - 2014-12-11 16:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 22:47 - 2014-05-06 21:45 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-14 22:46 - 2009-10-29 06:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-14 22:44 - 2012-08-29 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 19:54 - 2014-05-14 18:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-14 19:53 - 2013-02-07 16:25 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-14 19:53 - 2012-08-29 07:15 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-14 19:53 - 2011-07-26 18:36 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 19:49 - 2011-01-01 21:26 - 00000000 ____D C:\Windows\cs
2015-08-14 18:52 - 2012-08-29 20:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-14 18:28 - 2011-11-17 11:46 - 00000000 ____D C:\Windows\Minidump
2015-08-14 18:26 - 2013-02-07 13:33 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-14 18:26 - 2013-02-07 13:33 - 00000000 ____D C:\Program Files\CCleaner
2015-08-14 18:18 - 2014-09-23 11:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-14 18:18 - 2010-04-18 10:04 - 00000000 ____D C:\ProgramData\Skype
2015-08-14 18:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-08-14 16:13 - 2013-08-16 17:22 - 00000000 ____D C:\Windows\system32\MRT
2015-08-14 16:13 - 2010-04-18 09:53 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-08 13:32 - 2015-06-04 18:11 - 00000259 _____ C:\Windows\wininit.ini
2015-07-25 15:59 - 2015-04-04 22:32 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 08:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-21 15:37 - 2014-05-14 18:30 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-21 15:37 - 2014-05-14 18:30 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-21 15:37 - 2014-05-14 18:30 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-21 15:37 - 2014-05-14 18:30 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-21 15:37 - 2014-05-14 18:30 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-21 15:37 - 2014-05-14 18:30 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-21 15:37 - 2014-05-14 18:30 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-21 15:36 - 2014-05-14 18:30 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-20 03:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-19 13:03 - 2015-04-04 22:32 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-19 12:59 - 2010-04-04 07:42 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-19 12:59 - 2010-04-04 07:42 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2010-04-06 15:43 - 2010-04-06 15:43 - 0000000 _____ () C:\Users\Krhánková J\AppData\Roaming\wklnhst.dat
2010-11-21 18:21 - 2011-11-17 15:40 - 0005632 _____ () C:\Users\Krhánková J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-29 09:55 - 2011-09-03 13:18 - 0000000 _____ () C:\Users\Krhánková J\AppData\Local\prvlcl.dat
2012-12-14 19:42 - 2012-12-14 19:42 - 0000017 _____ () C:\Users\Krhánková J\AppData\Local\resmon.resmoncfg
2015-07-07 13:44 - 2015-07-07 13:44 - 0000000 _____ () C:\Users\Krhánková J\AppData\Local\{A82E35C6-B738-4617-A005-FD80FD9CAB36}
2009-12-22 03:00 - 2009-12-22 03:03 - 0007830 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-28 15:16 - 2009-08-28 15:16 - 0130238 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-04-18 10:06 - 2010-04-18 10:06 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-10-29 06:22 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Krh�nkov� J\Desktop" je 355 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#15 Příspěvek od **Márty84** » 16 srp 2015 14:35

Hlidejte velikost adresare plochy. Cim mensi, tim lip.

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3812233246-2506474311-2689633737-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3812233246-2506474311-2689633737-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3812233246-2506474311-2689633737-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14 269000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

2015-08-14 18:52 - 2012-08-29 20:00 - 00000000 ____D C:\ProgramData\Malwarebytes

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

VIRY.CZ

Prosím o kontrolu - zpomalený ntb

Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb

Re: Prosím o kontrolu - zpomalený ntb