VIRY.CZ

Dobry vecer .
Potrebujem pomoct s notebookom.Je vytazeny na max pri zapnutom prehliadaci.Mam podozrenie na neznamy program NVstreamuseragent.exe cez spravcu nejde vypnut ani urobit absolutne nic.Zrejme nejaka haved.
prikladam log
Dakujem za pomoc.Neviem sam ako na to

Logfile of random's system information tool 1.10 (written by random/random)
Run by Robčo at 2016-04-12 23:18:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 35 GB (14%) free of 244 GB
Total RAM: 4007 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:19:01, on 12. 4. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18231)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Robčo\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Robčo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [BingSvc] C:\Users\Robčo\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Protect Service(eAHPeNhIUJ_protect) (eAHPeNhIUJ_protect) - Unknown owner - C:\ProgramData\eAHPeNhIUJ\protect\protect.exe
O23 - Service: Update Service(eAHPeNhIUJ_update) (eAHPeNhIUJ_update) - Unknown owner - C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_server.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: qkseeService - Qksee Pvt Ltd. - C:\Program Files (x86)\qksee\qkseeSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - Winzipper Pvt Ltd. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12040 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe" -switch-3be2f036c43042cdb03588591c9325c3
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files (x86)\qksee\qkseeSvc.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\WinZipper\winzipersvc.exe"
"taskhost.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
taskeng.exe {3CE80F06-1C07-4128-B64E-0E98A093512D}
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files\P4G\BatteryLife.exe"
taskeng.exe {29E4EA4C-50E7-4A8E-B369-7015BCDE37E8}
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Intel\TurboBoost\TurboBoost.exe"
"C:\Users\Robčo\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
WLIDSvcM.exe 4764
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-60631355-1963479883-1536209964-1872230486-18958088171149168044600480946-1685306253
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\ProgramData\eAHPeNhIUJ\protect\protect.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Robčo\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Robčo\AppData\Roaming\Mozilla\Firefox\Profiles\1dygzxlw.default

prefs.js - "browser.startup.homepage" - "https://www.google.sk/"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ZEON/PDF,version=2.0]
"Description"=
"Path"=C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll


C:\Users\Robčo\AppData\Roaming\Mozilla\Firefox\Profiles\1dygzxlw.default\searchplugins\
bing-.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08 2134656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08 1725056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-10 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-10 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-10 418328]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-05-17 2226280]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-05 2785064]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-03-13 617120]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-03-13 379552]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2011-05-05 97064]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
"Setwallpaper"=c:\programdata\SetWallpaper.cmd []
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-02-17 2789248]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-01-12 1860120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-03-31 3077712]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-03-01 50670720]
"BingSvc"=C:\Users\Robčo\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2016-03-23 144008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2015-12-27 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-03 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-05-17 11855976]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"=C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2011-04-01 2018032]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]
"SonicMasterTray"=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [2010-07-10 984400]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18 5732992]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-08 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-24 1601536]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-01-27 385024]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-12 23:18:58 ----D---- C:\rsit
2016-04-12 22:49:15 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-04-08 13:25:42 ----D---- C:\Program Files (x86)\qksee
2016-04-08 09:10:37 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2016-04-07 19:29:57 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2016-04-07 19:29:55 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2016-04-01 08:37:26 ----D---- C:\ProgramData\eAHPeNhIUJ
2016-04-01 08:37:17 ----D---- C:\Program Files (x86)\eAHPeNhIUJ
2016-03-24 14:19:03 ----D---- C:\Program Files (x86)\WinZipper
2016-03-24 14:18:25 ----D---- C:\Users\Robčo\AppData\Roaming\WinZiper
2016-03-24 14:18:25 ----D---- C:\Users\Robčo\AppData\Roaming\eCyber
2016-03-24 14:13:26 ----D---- C:\Users\Robčo\AppData\Roaming\qksee
2016-03-24 14:10:45 ----D---- C:\Program Files (x86)\QQBrowser
2016-03-23 16:08:13 ----D---- C:\Users\Robčo\AppData\Roaming\Skype
2016-03-23 16:07:54 ----RD---- C:\Program Files (x86)\Skype
2016-03-23 16:07:44 ----D---- C:\ProgramData\Skype

======List of files/folders modified in the last 1 month======

2016-04-12 23:19:00 ----D---- C:\Program Files\trend micro
2016-04-12 23:18:57 ----D---- C:\Windows\Temp
2016-04-12 23:13:08 ----D---- C:\Windows\System32
2016-04-12 23:13:08 ----D---- C:\Windows\inf
2016-04-12 23:13:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-12 23:10:32 ----D---- C:\Windows\system32\Tasks
2016-04-12 23:10:17 ----D---- C:\Program Files (x86)\Steam
2016-04-12 23:08:21 ----D---- C:\Windows\system32\config
2016-04-12 22:58:32 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-12 22:58:31 ----D---- C:\Program Files (x86)\SearchesToYesbnd
2016-04-12 22:55:13 ----RD---- C:\Program Files (x86)
2016-04-11 15:27:42 ----D---- C:\Windows\SysWOW64
2016-04-08 16:31:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-08 13:36:51 ----SHD---- C:\System Volume Information
2016-04-02 14:55:12 ----D---- C:\WarThunder
2016-04-01 08:37:26 ----HD---- C:\ProgramData
2016-03-28 10:59:50 ----SD---- C:\Users\Robčo\AppData\Roaming\Microsoft
2016-03-24 12:53:33 ----D---- C:\Windows\Prefetch
2016-03-24 12:51:23 ----A---- C:\Windows\system32\ServiceFilter.ini
2016-03-24 12:50:54 ----A---- C:\Windows\system32\AutoRunFilter.ini
2016-03-24 10:47:31 ----D---- C:\Windows\winsxs
2016-03-24 10:47:19 ----SD---- C:\Windows\SYSWOW64\GWX
2016-03-24 10:47:19 ----SD---- C:\Windows\system32\GWX
2016-03-24 10:46:29 ----D---- C:\Users\Robčo\AppData\Roaming\SoftGrid Client
2016-03-23 16:08:41 ----SHD---- C:\Windows\Installer
2016-03-23 16:07:55 ----D---- C:\Program Files (x86)\Common Files
2016-03-18 13:01:28 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-11-20 69840]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2016-02-24 38336]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-11-20 263528]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-11-20 186784]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-11-20 206312]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-11-20 52872]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2015-11-20 142976]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-04-17 13832]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-07-08 2228736]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-01-27 12273408]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-05-17 2872680]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-02-17 28032]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-12-18 47760]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2014-10-08 766632]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2014-10-08 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2014-10-08 29352]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2014-10-08 23208]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-05-05 1439792]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-02-19 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-02-19 47672]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RTSUVSTOR.sys [2010-08-03 290920]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 eAHPeNhIUJ_protect;Protect Service(eAHPeNhIUJ_protect); C:\ProgramData\eAHPeNhIUJ\protect\protect.exe [2016-03-31 308624]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2015-11-20 2522616]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-12 1163200]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-02-17 1880960]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-02-17 2609024]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-02-23 1263040]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2016-04-07 76888]
R2 qkseeService;qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [2016-04-08 706200]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-08 534184]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]
R2 winzipersvc;WinZiper service; C:\Program Files (x86)\WinZipper\winzipersvc.exe [2016-04-11 705688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-02-17 6474112]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-08 211104]
S2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-03-04 379520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 eAHPeNhIUJ_update;Update Service(eAHPeNhIUJ_update); C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_server.exe [2016-03-31 477584]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-01-29 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-02-08 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-04-12 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-03-31 835664]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-12-27 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

Krasny den Vam preju


Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.com
• obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
• nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete antiviry a vsechny real-time ochrany
• spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
• s licencnimi podminkami souhlaste - Ano
• pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
• v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
• vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

Dobre rano.
Log z Rkill

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/13/2016 07:07:13 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\ACEngSvr.exe (PID: 2760) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 04/13/2016 07:10:54 AM
Execution time: 0 hours(s), 3 minute(s), and 40 seconds(s)

Log Combo

ComboFix 16-04-06.01 - Robčo . 04. 2016 7:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4007.2091 [GMT 2:00]
Running from: c:\users\RobŔo\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.351.2 *Disabled/Outdated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personálny firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.351.2 *Disabled/Outdated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2016-03-13 to 2016-04-13 )))))))))))))))))))))))))))))))
.
.
2016-04-13 05:36 . 2016-04-13 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-13 05:23 . 2016-04-13 05:23 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC8C722C-E830-4C8C-BA40-C4FA0EB4DFA8}\offreg.1072.dll
2016-04-12 21:18 . 2016-04-12 21:19 -------- d-----w- C:\rsit
2016-04-08 11:36 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC8C722C-E830-4C8C-BA40-C4FA0EB4DFA8}\mpengine.dll
2016-04-08 11:25 . 2016-04-13 05:42 -------- d-----w- c:\program files (x86)\qksee
2016-04-08 09:19 . 2016-04-08 09:19 -------- d-----w- c:\users\Robčo\AppData\Local\eAHPeNhIUJ
2016-04-08 07:10 . 2016-04-08 09:19 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2016-04-07 17:33 . 2016-04-11 13:27 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-04-07 17:33 . 2016-04-07 17:33 -------- d-----w- c:\users\Robčo\AppData\Local\PunkBuster
2016-04-07 17:33 . 2016-04-07 17:33 -------- d-----w- c:\users\Robčo\AppData\Local\CrashRpt
2016-04-07 17:29 . 2016-04-11 13:27 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-04-07 17:29 . 2016-04-11 13:26 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-04-07 17:29 . 2016-04-07 17:36 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2016-04-01 06:37 . 2016-04-01 06:37 -------- d-----w- c:\programdata\eAHPeNhIUJ
2016-04-01 06:37 . 2016-04-13 05:00 -------- d-----w- c:\program files (x86)\eAHPeNhIUJ
2016-03-24 12:19 . 2016-04-13 05:43 -------- d-----w- c:\program files (x86)\WinZipper
2016-03-24 12:18 . 2016-04-12 06:58 -------- d-----w- c:\users\Robčo\AppData\Roaming\WinZiper
2016-03-24 12:18 . 2016-03-24 12:18 -------- d-----w- c:\users\Robčo\AppData\Roaming\eCyber
2016-03-24 12:13 . 2016-03-29 11:49 -------- d-----w- c:\users\Robčo\AppData\Roaming\qksee
2016-03-24 12:10 . 2016-03-24 12:10 -------- d-----w- c:\program files (x86)\QQBrowser
2016-03-23 14:09 . 2016-03-23 14:09 -------- d-----w- c:\users\Robčo\Tracing
2016-03-23 14:08 . 2016-04-12 21:02 -------- d-----w- c:\users\Robčo\AppData\Roaming\Skype
2016-03-23 14:07 . 2016-03-23 14:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-03-23 14:07 . 2016-03-23 14:08 -------- d-----r- c:\program files (x86)\Skype
2016-03-23 14:07 . 2016-03-23 14:08 -------- d-----w- c:\programdata\Skype
2016-03-17 15:25 . 2016-03-17 16:14 -------- d-----w- c:\users\Robčo\AppData\Local\Windows Live
2016-03-17 15:24 . 2016-03-17 15:25 -------- d-----w- c:\users\Robčo\AppData\Local\{E6CAFFC9-BC7B-4DD0-B259-6F558BB1710F}
2016-03-17 15:24 . 2016-03-17 15:25 -------- d-----w- c:\users\Robčo\AppData\Local\{B5DE2B53-39DE-430E-A347-7611E4CF72DC}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-08 14:31 . 2016-01-04 19:27 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 14:31 . 2016-01-04 19:27 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-09 13:10 . 2015-12-27 10:50 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-02-27 10:51 . 2015-12-27 01:47 45056 ----a-w- c:\windows\system32\acovcnt.exe
2016-02-23 23:58 . 2016-03-02 16:30 950328 ----a-w- c:\windows\system32\NvFBC64.dll
2016-02-23 23:58 . 2016-03-02 16:30 880576 ----a-w- c:\windows\system32\NvIFR64.dll
2016-02-23 23:58 . 2016-03-02 16:30 747064 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-02-23 23:58 . 2016-03-02 16:30 689600 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-02-23 23:58 . 2016-03-02 16:30 38336 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2016-02-23 23:58 . 2016-03-02 16:30 3143616 ----a-w- c:\windows\system32\nvcuvid.dll
2016-02-23 23:58 . 2016-03-02 16:30 31081920 ----a-w- c:\windows\system32\nvoglv64.dll
2016-02-23 23:58 . 2016-03-02 16:30 2722872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-02-23 23:58 . 2016-03-02 16:30 24914880 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-02-23 23:58 . 2016-03-02 16:30 21193032 ----a-w- c:\windows\system32\nvopencl.dll
2016-02-23 23:58 . 2016-03-02 16:30 20733832 ----a-w- c:\windows\system32\nvcuda.dll
2016-02-23 23:58 . 2016-03-02 16:30 1922496 ----a-w- c:\windows\system32\nvdispco6436200.dll
2016-02-23 23:58 . 2016-03-02 16:30 18758400 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-02-23 23:58 . 2016-03-02 16:30 17625136 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-02-23 23:58 . 2016-03-02 16:30 17218792 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-02-23 23:58 . 2016-03-02 16:30 16995384 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-02-23 23:58 . 2016-03-02 16:30 16328088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-02-23 23:58 . 2016-03-02 16:30 1571776 ----a-w- c:\windows\system32\nvdispgenco6436200.dll
2016-02-23 23:58 . 2016-03-02 16:30 151184 ----a-w- c:\windows\system32\nvoglshim64.dll
2016-02-23 23:58 . 2016-03-02 16:30 14016768 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-02-23 23:58 . 2016-03-02 16:30 128696 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2016-02-23 23:58 . 2016-03-02 16:30 12381632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-02-23 23:58 . 2016-03-02 16:30 42983992 ----a-w- c:\windows\system32\nvcompiler.dll
2016-02-23 23:58 . 2016-03-02 16:30 37616184 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-02-23 23:58 . 2016-03-02 16:30 3259872 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-02-23 23:58 . 2015-12-29 16:34 468960 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-02-23 23:58 . 2015-12-29 16:34 388560 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-02-23 23:58 . 2015-12-27 01:32 175368 ----a-w- c:\windows\system32\nvinitx.dll
2016-02-23 23:58 . 2015-12-27 01:32 153392 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-02-23 23:58 . 2015-12-27 01:32 3684072 ----a-w- c:\windows\system32\nvapi64.dll
2016-02-23 20:45 . 2011-05-11 11:53 6367168 ----a-w- c:\windows\system32\nvcpl.dll
2016-02-23 20:45 . 2011-05-11 11:52 2992064 ----a-w- c:\windows\system32\nvsvc64.dll
2016-02-23 20:45 . 2011-05-11 11:53 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-02-23 20:45 . 2011-05-11 11:53 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-02-23 20:45 . 2011-05-11 11:53 532024 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-02-23 20:45 . 2011-05-11 11:53 393784 ----a-w- c:\windows\system32\nvmctray.dll
2016-02-23 20:45 . 2011-05-11 11:53 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-02-23 20:45 . 2011-05-11 11:53 1263040 ----a-w- c:\windows\system32\nvvsvc.exe
2016-02-23 20:28 . 2011-05-11 11:53 6154909 ----a-w- c:\windows\system32\nvcoproc.bin
2016-02-19 19:02 . 2016-03-09 12:47 38336 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-02-19 18:54 . 2016-03-09 12:47 1168896 ----a-w- c:\windows\system32\aeinv.dll
2016-02-19 16:08 . 2016-02-19 16:08 47672 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2016-02-19 16:07 . 2016-02-19 16:07 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2016-02-19 14:07 . 2016-03-09 12:47 1373184 ----a-w- c:\windows\system32\appraiser.dll
2016-02-12 18:52 . 2016-03-09 13:05 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 13:05 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 13:05 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 13:05 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 13:05 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 13:05 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 13:05 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 13:05 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 13:05 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 13:05 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 13:05 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 13:05 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 13:05 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 13:05 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 13:05 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 13:05 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-11 18:56 . 2016-03-09 12:50 5572032 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-02-11 18:56 . 2016-03-09 12:50 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-02-11 18:56 . 2016-03-09 12:50 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-02-11 18:52 . 2016-03-09 12:50 1733592 ----a-w- c:\windows\system32\ntdll.dll
2016-02-11 18:49 . 2016-03-09 12:50 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-02-11 18:49 . 2016-03-09 12:50 243712 ----a-w- c:\windows\system32\wow64.dll
2016-02-11 18:49 . 2016-03-09 12:50 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-02-11 18:49 . 2016-03-09 12:50 215040 ----a-w- c:\windows\system32\winsrv.dll
2016-02-11 18:49 . 2016-03-09 12:50 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-02-11 18:49 . 2016-03-09 12:50 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-02-11 18:49 . 2016-03-09 12:50 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-02-11 18:49 . 2016-03-09 12:50 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-02-11 18:48 . 2016-03-09 12:50 503808 ----a-w- c:\windows\system32\srcore.dll
2016-02-11 18:48 . 2016-03-09 12:50 50176 ----a-w- c:\windows\system32\srclient.dll
2016-02-11 18:48 . 2016-03-09 12:50 28160 ----a-w- c:\windows\system32\secur32.dll
2016-02-11 18:48 . 2016-03-09 12:50 344064 ----a-w- c:\windows\system32\schannel.dll
2016-02-11 18:48 . 2016-03-09 12:50 1214464 ----a-w- c:\windows\system32\rpcrt4.dll
2016-02-11 18:47 . 2016-03-09 12:50 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-02-11 18:45 . 2016-03-09 12:50 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-02-11 18:45 . 2016-03-09 12:50 315392 ----a-w- c:\windows\system32\msv1_0.dll
2016-02-11 18:45 . 2016-03-09 12:50 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-02-11 18:45 . 2016-03-09 12:50 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-02-11 18:44 . 2016-03-09 12:50 3938240 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-02-11 18:44 . 2016-03-09 12:50 3994560 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-02-11 18:44 . 2016-03-09 12:50 1461248 ----a-w- c:\windows\system32\lsasrv.dll
2016-02-11 18:44 . 2016-03-09 12:50 422400 ----a-w- c:\windows\system32\KernelBase.dll
2016-02-11 18:44 . 2016-03-09 12:50 730112 ----a-w- c:\windows\system32\kerberos.dll
2016-02-11 18:44 . 2016-03-09 12:50 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-02-11 18:42 . 2016-03-09 12:50 43520 ----a-w- c:\windows\system32\csrsrv.dll
2016-02-11 18:42 . 2016-03-09 12:50 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-02-11 18:42 . 2016-03-09 12:50 22016 ----a-w- c:\windows\system32\credssp.dll
2016-02-11 18:41 . 2016-03-09 12:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 12:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-03-31 3077712]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-03-01 50670720]
"BingSvc"="c:\users\Robčo\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2016-03-23 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2015-12-27 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 eAHPeNhIUJ_protect;Protect Service(eAHPeNhIUJ_protect);c:\programdata\eAHPeNhIUJ\protect\protect.exe;c:\programdata\eAHPeNhIUJ\protect\protect.exe [x]
R2 eAHPeNhIUJ_update;Update Service(eAHPeNhIUJ_update);c:\program files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_server.exe;c:\program files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_server.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 qkseeService;qkseeService;c:\program files (x86)\qksee\qkseeSvc.exe;c:\program files (x86)\qksee\qkseeSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 winzipersvc;WinZiper service;c:\program files (x86)\WinZipper\winzipersvc.exe;c:\program files (x86)\WinZipper\winzipersvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-09 06:33 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-04 14:31]
.
2016-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26 18:27]
.
2016-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26 18:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-02-17 2789248]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-01-12 1860120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Robčo\AppData\Roaming\Mozilla\Firefox\Profiles\1dygzxlw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-13 08:19:37
ComboFix-quarantined-files.txt 2016-04-13 06:19
.
Pre-Run: 36 181 479 424 bytes free
Post-Run: 39 099 387 904 bytes free
.
- - End Of File - - B53E12C2D3C4A1577C6921F919A1485C

Pokud jeste nemate, presunte ComboFix do korenoveho adresare, aby jeho umisteni bylo C:\ComboFix.exe.

• Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
• zkopirujte do nej skript nize a ulozte rovnez do korenoveho adresare jako CFScript (Typ souboru: Textovy dokument)

  Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NvBackend"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
  
• Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Dobry vecer.
Tato uloha je nad moje sily
Neda sa ulozit alebo to neviem ComboFix do korenoveho adresara ani neviem kde ho hladat
Ked ulozim do C:\ComboFix.exe. tak proste tu poslednu bodku za exe nezoberie a ked to presuniem urobi iba odkaz na combo.
CFScript ten nechce ulozit vobec do C pyta povolenie spravcu.Som v koncoch
Neda sa ten skript pretiahnut do Comba na ploche?
Dakujem

Dobry vecer,

korenovy adresar disku je C:\
presunte CF, aby jeho umisteni bylo C:\ComboFix.exe (tecka patrila ke konci vety)
CFScript ulozte nejprve na plochu a az nasledne jej presunte do C:\ (jeho umisteni bude C:\CFScript.txt )
Operace se neda provest na plose, protoze mate v nazvu uzivatelskeho profilu diakritiku, se kterou si CF neporadi - CF vidi Robčo jako RobŔo

Script je uz v korenovom adresary.
Ako ho ale pretiahnut do zlozky kde je Cf ako odkaz

Mozem poprosit pokracovat zajtra cely den som bol v praci a toto je nad moje chapanie v tutu neskoru hodinu.
Dakujem
Dobru noc

Neni problem, tohle zvladneme

CF presunte primo do C:\
CFScript rovnez
pote v pruzkumniku mysi chytte CFScript a doslova jej pretahnete nad ComboFix, kde jej pustite

priladam log

ComboFix 16-04-06.01 - Robčo . 04. 2016 7:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4007.2378 [GMT 2:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: ESET Smart Security 9.0.351.2 *Enabled/Outdated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personálny firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.351.2 *Enabled/Outdated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2016-03-14 to 2016-04-14 )))))))))))))))))))))))))))))))
.
.
2016-04-14 05:29 . 2016-04-14 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-13 20:49 . 2016-04-13 20:49 -------- d-----w- C:\Nový priečinok
2016-04-13 20:45 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53915F02-0D63-40A9-93FC-573E179B5B25}\mpengine.dll
2016-04-13 05:51 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-04-13 05:51 . 2016-03-16 18:28 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-04-13 05:51 . 2016-03-16 18:28 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-04-13 05:51 . 2016-03-16 18:27 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-13 05:49 . 2016-01-21 00:51 73664 ----a-w- c:\windows\system32\drivers\disk.sys
2016-04-13 05:48 . 2016-03-11 18:57 2048 ----a-w- c:\windows\system32\tzres.dll
2016-04-13 05:48 . 2016-03-11 18:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-04-12 21:18 . 2016-04-12 21:19 -------- d-----w- C:\rsit
2016-04-08 11:25 . 2016-04-14 05:09 -------- d-----w- c:\program files (x86)\qksee
2016-04-08 09:19 . 2016-04-08 09:19 -------- d-----w- c:\users\Robčo\AppData\Local\eAHPeNhIUJ
2016-04-08 07:10 . 2016-04-08 09:19 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2016-04-07 17:33 . 2016-04-11 13:27 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-04-07 17:33 . 2016-04-07 17:33 -------- d-----w- c:\users\Robčo\AppData\Local\PunkBuster
2016-04-07 17:33 . 2016-04-07 17:33 -------- d-----w- c:\users\Robčo\AppData\Local\CrashRpt
2016-04-07 17:29 . 2016-04-11 13:27 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-04-07 17:29 . 2016-04-11 13:26 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-04-07 17:29 . 2016-04-07 17:36 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2016-04-01 06:37 . 2016-04-01 06:37 -------- d-----w- c:\programdata\eAHPeNhIUJ
2016-04-01 06:37 . 2016-04-14 05:34 -------- d-----w- c:\program files (x86)\eAHPeNhIUJ
2016-03-24 12:19 . 2016-04-14 05:12 -------- d-----w- c:\program files (x86)\WinZipper
2016-03-24 12:18 . 2016-04-12 06:58 -------- d-----w- c:\users\Robčo\AppData\Roaming\WinZiper
2016-03-24 12:18 . 2016-03-24 12:18 -------- d-----w- c:\users\Robčo\AppData\Roaming\eCyber
2016-03-24 12:13 . 2016-03-29 11:49 -------- d-----w- c:\users\Robčo\AppData\Roaming\qksee
2016-03-24 12:10 . 2016-03-24 12:10 -------- d-----w- c:\program files (x86)\QQBrowser
2016-03-23 14:09 . 2016-03-23 14:09 -------- d-----w- c:\users\Robčo\Tracing
2016-03-23 14:08 . 2016-04-13 20:36 -------- d-----w- c:\users\Robčo\AppData\Roaming\Skype
2016-03-23 14:07 . 2016-03-23 14:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-03-23 14:07 . 2016-03-23 14:08 -------- d-----r- c:\program files (x86)\Skype
2016-03-23 14:07 . 2016-03-23 14:08 -------- d-----w- c:\programdata\Skype
2016-03-17 15:25 . 2016-03-17 16:14 -------- d-----w- c:\users\Robčo\AppData\Local\Windows Live
2016-03-17 15:24 . 2016-03-17 15:25 -------- d-----w- c:\users\Robčo\AppData\Local\{E6CAFFC9-BC7B-4DD0-B259-6F558BB1710F}
2016-03-17 15:24 . 2016-03-17 15:25 -------- d-----w- c:\users\Robčo\AppData\Local\{B5DE2B53-39DE-430E-A347-7611E4CF72DC}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-14 05:31 . 2015-12-27 01:47 45056 ----a-w- c:\windows\system32\acovcnt.exe
2016-04-13 06:31 . 2015-12-27 10:50 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-08 14:31 . 2016-01-04 19:27 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 14:31 . 2016-01-04 19:27 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-17 22:57 . 2016-04-13 05:50 344064 ----a-w- c:\windows\system32\schannel.dll
2016-03-17 22:57 . 2016-04-13 05:50 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-03-17 22:29 . 2016-04-13 05:50 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-03-17 22:29 . 2016-04-13 05:50 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-03-17 22:24 . 2016-04-13 05:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-02-23 23:58 . 2016-03-02 16:30 950328 ----a-w- c:\windows\system32\NvFBC64.dll
2016-02-23 23:58 . 2016-03-02 16:30 880576 ----a-w- c:\windows\system32\NvIFR64.dll
2016-02-23 23:58 . 2016-03-02 16:30 747064 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-02-23 23:58 . 2016-03-02 16:30 689600 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-02-23 23:58 . 2016-03-02 16:30 38336 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2016-02-23 23:58 . 2016-03-02 16:30 3143616 ----a-w- c:\windows\system32\nvcuvid.dll
2016-02-23 23:58 . 2016-03-02 16:30 31081920 ----a-w- c:\windows\system32\nvoglv64.dll
2016-02-23 23:58 . 2016-03-02 16:30 2722872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-02-23 23:58 . 2016-03-02 16:30 24914880 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-02-23 23:58 . 2016-03-02 16:30 21193032 ----a-w- c:\windows\system32\nvopencl.dll
2016-02-23 23:58 . 2016-03-02 16:30 20733832 ----a-w- c:\windows\system32\nvcuda.dll
2016-02-23 23:58 . 2016-03-02 16:30 1922496 ----a-w- c:\windows\system32\nvdispco6436200.dll
2016-02-23 23:58 . 2016-03-02 16:30 18758400 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-02-23 23:58 . 2016-03-02 16:30 17625136 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-02-23 23:58 . 2016-03-02 16:30 17218792 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-02-23 23:58 . 2016-03-02 16:30 16995384 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-02-23 23:58 . 2016-03-02 16:30 16328088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-02-23 23:58 . 2016-03-02 16:30 1571776 ----a-w- c:\windows\system32\nvdispgenco6436200.dll
2016-02-23 23:58 . 2016-03-02 16:30 151184 ----a-w- c:\windows\system32\nvoglshim64.dll
2016-02-23 23:58 . 2016-03-02 16:30 14016768 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-02-23 23:58 . 2016-03-02 16:30 128696 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2016-02-23 23:58 . 2016-03-02 16:30 12381632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-02-23 23:58 . 2016-03-02 16:30 42983992 ----a-w- c:\windows\system32\nvcompiler.dll
2016-02-23 23:58 . 2016-03-02 16:30 37616184 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-02-23 23:58 . 2016-03-02 16:30 3259872 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-02-23 23:58 . 2015-12-29 16:34 468960 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-02-23 23:58 . 2015-12-29 16:34 388560 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-02-23 23:58 . 2015-12-27 01:32 175368 ----a-w- c:\windows\system32\nvinitx.dll
2016-02-23 23:58 . 2015-12-27 01:32 153392 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-02-23 23:58 . 2015-12-27 01:32 3684072 ----a-w- c:\windows\system32\nvapi64.dll
2016-02-23 20:45 . 2011-05-11 11:53 6367168 ----a-w- c:\windows\system32\nvcpl.dll
2016-02-23 20:45 . 2011-05-11 11:52 2992064 ----a-w- c:\windows\system32\nvsvc64.dll
2016-02-23 20:45 . 2011-05-11 11:53 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-02-23 20:45 . 2011-05-11 11:53 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-02-23 20:45 . 2011-05-11 11:53 532024 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-02-23 20:45 . 2011-05-11 11:53 393784 ----a-w- c:\windows\system32\nvmctray.dll
2016-02-23 20:45 . 2011-05-11 11:53 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-02-23 20:45 . 2011-05-11 11:53 1263040 ----a-w- c:\windows\system32\nvvsvc.exe
2016-02-23 20:28 . 2011-05-11 11:53 6154909 ----a-w- c:\windows\system32\nvcoproc.bin
2016-02-19 16:08 . 2016-02-19 16:08 47672 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2016-02-19 16:07 . 2016-02-19 16:07 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2016-02-12 18:52 . 2016-03-09 13:05 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 13:05 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 13:05 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 13:05 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 13:05 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 13:05 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 13:05 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 13:05 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 13:05 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 13:05 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 13:05 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 13:05 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 13:05 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 13:05 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 13:05 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 13:05 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 12:47 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 12:48 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 12:47 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 12:47 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 12:48 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 12:47 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 12:47 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 12:47 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 12:47 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 12:47 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:54 . 2016-03-09 12:48 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-09 12:48 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 12:48 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 12:48 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 12:48 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 12:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 12:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 12:48 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 12:48 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 12:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 01:19 . 2016-03-09 12:48 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 12:48 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 12:55 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 12:55 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 12:55 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 12:55 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 12:55 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2016-02-03 12:20 . 2016-02-03 12:20 0 ----a-w- c:\windows\SysWow64\shoB0B0.tmp
2016-01-23 03:42 . 2016-02-08 09:27 1924152 ----a-w- c:\windows\system32\nvdispco6436175.dll
2016-01-23 03:42 . 2016-02-08 09:27 1573432 ----a-w- c:\windows\system32\nvdispgenco6436175.dll
2016-01-22 06:19 . 2016-02-10 05:58 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-01-22 06:18 . 2016-02-10 05:58 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:18 . 2016-02-10 05:58 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:15 . 2016-02-10 05:58 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-03-31 3077712]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-03-01 50670720]
"BingSvc"="c:\users\Robčo\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2016-03-23 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2015-12-27 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 eAHPeNhIUJ_update;Update Service(eAHPeNhIUJ_update);c:\program files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_server.exe;c:\program files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_server.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 eAHPeNhIUJ_protect;Protect Service(eAHPeNhIUJ_protect);c:\programdata\eAHPeNhIUJ\protect\protect.exe;c:\programdata\eAHPeNhIUJ\protect\protect.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 qkseeService;qkseeService;c:\program files (x86)\qksee\qkseeSvc.exe;c:\program files (x86)\qksee\qkseeSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 winzipersvc;WinZiper service;c:\program files (x86)\WinZipper\winzipersvc.exe;c:\program files (x86)\WinZipper\winzipersvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-09 06:33 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-04 14:31]
.
2016-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26 18:27]
.
2016-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26 18:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-01-12 1860120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Robčo\AppData\Roaming\Mozilla\Firefox\Profiles\1dygzxlw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\users\Robc:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2016-04-14 07:42:06 - machine was rebooted
ComboFix-quarantined-files.txt 2016-04-14 05:42
ComboFix2.txt 2016-04-13 06:20
.
Pre-Run: 37 369 831 424 bytes free
Post-Run: 37 283 307 520 bytes free
.
- - End Of File - - 7CF2ABB60BFB65D56EE44B092BC04077

• Prejmenujte ComboFix na Uninstall a spustte jako spravce
• ComboFix se odinstaluje.

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

# AdwCleaner v5.110 - Logfile created 14/04/2016 at 12:26:35
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Robčo - ROBCO-PC
# Running from : C:\Users\Robčo\Desktop\adwcleaner_5.110.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : winzipersvc
[-] Service Deleted : IhPul
[-] Service Deleted : WdMan
[-] Service Deleted : qkseeService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\WinZipper
[-] Folder Deleted : C:\Program Files (x86)\SearchesToYesbnd
[-] Folder Deleted : C:\Program Files (x86)\Winsere
[-] Folder Deleted : C:\Program Files (x86)\WinTaske
[-] Folder Deleted : C:\Program Files (x86)\qksee
[-] Folder Deleted : C:\Program Files (x86)\QQBrowser
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
[-] Folder Deleted : C:\Users\Robčo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Folder Deleted : C:\Users\Robčo\AppData\Roaming\eCyber
[-] Folder Deleted : C:\Users\Robčo\AppData\Roaming\TSv
[-] Folder Deleted : C:\Users\Robčo\AppData\Roaming\qksee
[-] Folder Deleted : C:\Users\Robčo\AppData\Roaming\WinZiper

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\qksee.lnk
[-] File Deleted : C:\Users\Robčo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : WinTaske
[-] Task Deleted : Browser Updater Task(Core)

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key Deleted : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\qkseeViewer.bmp
[-] Key Deleted : HKLM\SOFTWARE\Classes\qkseeViewer.gif
[-] Key Deleted : HKLM\SOFTWARE\Classes\qkseeViewer.ico
[-] Key Deleted : HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\qkseeViewer.jpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\qkseeViewer.png
[-] Key Deleted : HKLM\SOFTWARE\Classes\qkseeViewer.tif
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\TSv
[-] Key Deleted : HKLM\SOFTWARE\yessearchesSoftware
[-] Key Deleted : HKLM\SOFTWARE\qkseeSvc
[-] Key Deleted : HKLM\SOFTWARE\qksee
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee

***** [ Web browsers ] *****

[-] [C:\Users\Robčo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5207 bytes] - [14/04/2016 12:26:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [4820 bytes] - [14/04/2016 12:07:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5353 bytes] ##########

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868

• Upozorneni: tento sken zabere od 30 minut po nekolik hodin

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15. 4. 2016
Čas skenování: 7:17
Protokol: M.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.04.15.01
Databáze rootkitů: v2016.04.09.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Robčo

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 560320
Uplynulý čas: 2 hod, 14 min, 55 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
PUP.Optional.RafoServer.ShrtCln, C:\ProgramData\eAHPeNhIUJ\protect\protect.exe, 5712, , [5fbecbe4debb5ed8d6b80e9742c28c74]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 7
PUP.Optional.RafoServer.ShrtCln, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\eAHPeNhIUJ_update, , [56c705aa8f0a9e988f043de54bb7f60a],
PUP.Optional.RafoServer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\eAHPeNhIUJBrowserUpdateCore, , [f8252c837d1cc96d1776b1f435cf3fc1],
PUP.Optional.RafoServer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\eAHPeNhIUJBrowserUpdateUA, , [6ab38f20f6a31620c1ccf3b291737f81],
PUP.Optional.RafoServer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\eAHPeNhIUJCheckTask, , [9984c7e8e1b890a6d0bd1a8bea1ad32d],
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, , [9b82357a0b8e1422f106b97bf50eab55],
PUP.Optional.RafoServer.ShrtCln, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\eAHPeNhIUJ_protect, , [5fbecbe4debb5ed8d6b80e9742c28c74],
PUP.Optional.RafoServer.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\eAHPeNhIUJ, , [8796c0ef2e6b58def8bf191636cd35cb],

Hodnoty registru: 4
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHUt ... =ffsengext, , [9b82357a0b8e1422f106b97bf50eab55]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHUt ... =ffsengext, , [bc61cae568310036d91e48ec966d9d63]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?u ... =ffsengext, , [64b9cde2cdcc5cdae0172f05808323dd]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?u ... toolbar&q=, , [9d80eac5633657dffdfa45ef56ad28d8]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 8
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\PepperFlash, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\VisualElements, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\ProgramData\eAHPeNhIUJ, , [22fbbbf41f7a95a1ceee57d86e956f91],
PUP.Optional.RafoServer.ShrtCln, C:\ProgramData\eAHPeNhIUJ\protect, , [22fbbbf41f7a95a1ceee57d86e956f91],

Soubory: 94
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_server.exe, , [56c705aa8f0a9e988f043de54bb7f60a],
PUP.Optional.Elex, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\SearchesToYesbnd\Winsere.exe.vir, , [53caa30c9702082e02a081a500020af6],
Adware.Downloader, C:\Users\Robčo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\109UJ23C\dam_setup[1].exe, , [a974c2ed5049fc3a56fecd3b7f83d12f],
PUP.Optional.AdOffer, C:\Users\Robčo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5CHS7KRA\BiTool[1].dll, , [c25b248b376260d621f23346c939c23e],
PUP.Optional.Somoto, C:\Users\Robčo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTP4GVGS\setup[1].exe, , [4ad3d8d7c0d97bbb411f728e50b24cb4],
PUP.Optional.Somoto, C:\Users\Robčo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4Q3Z5YQ\setup[1].exe, , [b16cd8d78a0fb2849bc530d0c1417d83],
PUP.Optional.CrossAd.Gen, C:\Users\Robčo\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi, , [a6774966aced95a153f4999a34cf08f8],
PUP.Optional.RafoServer, C:\Windows\System32\Tasks\eAHPeNhIUJBrowserUpdateCore, , [b469446be3b64de93c4fa1047292ab55],
PUP.Optional.RafoServer, C:\Windows\System32\Tasks\eAHPeNhIUJBrowserUpdateUA, , [27f6515ef7a2bb7be8a3c9dca75df30d],
PUP.Optional.RafoServer, C:\Windows\System32\Tasks\eAHPeNhIUJCheckTask, , [ed307a358217c472e7a41c89a75d38c8],
PUP.Optional.RafoServer.ShrtCln, C:\ProgramData\eAHPeNhIUJ\protect\protect.exe, , [5fbecbe4debb5ed8d6b80e9742c28c74],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\report.dat, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\Uninstall.exe, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\Extensions, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\49.6.2623.108.manifest, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\chrome.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\chrome.exe, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\chrome_100_percent.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\chrome_200_percent.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\chrome_child.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\chrome_elf.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\chrome_watcher.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\d3dcompiler_47.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\debug.log, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\delegate_execute.exe, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\icudtl.dat, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\libegl.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\libexif.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\libglesv2.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\metro_driver.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\natives_blob.bin, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\resources.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\secondarytile.png, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\snapshot_blob.bin, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\wow_helper.exe, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_browser.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_update.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\hi.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\am.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\ar.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\bg.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\bn.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\ca.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\cs.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\da.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\de.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\el.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\en-GB.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\en-US.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\es-419.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\es.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\et.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\fa.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\fi.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\fil.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\fr.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\gu.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\he.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\hr.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\hu.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\id.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\it.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\ja.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\kn.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\ko.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\lt.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\lv.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\ml.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\mr.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\ms.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\nb.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\nl.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\pl.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\pt-BR.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\pt-PT.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\ro.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\ru.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\sk.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\sl.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\sr.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\sv.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\sw.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\ta.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\te.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\th.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\tr.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\uk.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\vi.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\zh-CN.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\locales\zh-TW.pak, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\PepperFlash\manifest.json, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\PepperFlash\pepflashplayer.dll, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\VisualElements\logo.png, , [8796c0ef2e6b58def8bf191636cd35cb],
PUP.Optional.RafoServer.ShrtCln, C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\VisualElements\smalllogo.png, , [8796c0ef2e6b58def8bf191636cd35cb],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)