Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

PC dělá zvláštní "kousky"

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
krysarr
Návštěvník
Návštěvník
Příspěvky: 345
Registrován: 02 bře 2007 12:14
Kontaktovat uživatele:
Kontaktovat uživatele krysarr

PC dělá zvláštní "kousky"

#1 Příspěvek od krysarr »

Dobrý den,
poslední dny mě začal PC dělat podivné věci, např.
- nelze načíst správce disků
- flashdisk se přeformátoval z FAT na RAW a když chci spustit některý z programů na opravu, programy se nespustí
- po restartu nelze např. spustit (pořádně) obyčejný Speedfan a poté ho nelze ani vypnout (abych ho mohl zkusit pustit znovu)

apod.

Nevím, zda to mohla způsobit nějaká havěť či zda je jen pětiletý systém WIN7 již zralý na přinstalaci, ale chci si být jistý.

Který log mám vložit?

Děkuji
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: PC dělá zvláštní "kousky"

#2 Příspěvek od Rudy »

Zdravím!
Nejdřív zkuste obnovu systému k datu, kdy jorektně fungoval. Pak dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
krysarr
Návštěvník
Návštěvník
Příspěvky: 345
Registrován: 02 bře 2007 12:14
Kontaktovat uživatele:
Kontaktovat uživatele krysarr

Re: PC dělá zvláštní "kousky"

#3 Příspěvek od krysarr »

Zkusil jsem zvolit bod obnovy, ale obnovení neproběhlo úspěšně. Tak jsem zvolit vrátit změny zpátky a to také neproběhlo úspěšně. Tak teď nevím, kde vlastně jsem.
Bod obnovy mám jen jeden, ačkoli jsem se v minulosti opakovaně pokoušel o to, aby se body obnovy vytvářely pravidelně a automaticky. :(

LOG:
-----------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by krysarr (administrator) on KRYSARR-PC (18-04-2016 23:10:02)
Running from C:\Users\krysarr\Desktop
Loaded Profiles: krysarr (Available Profiles: krysarr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
( ) C:\Program Files (x86)\WIP Miranda IM 1.7.1\miranda32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Almico Software (www.almico.com)) C:\Users\krysarr\Documents\SpeedFan\speedfan.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Esmska\jre\launch4j-tmp\esmska.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\krysarr\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518976 2013-08-21] (Acronis)
HKLM\...\Run: [COMODO Internet Security] => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cistray.exe [1610936 2016-04-08] (COMODO)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-08] (COMODO)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7806192 2013-12-13] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102208 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2016-03-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-25] (Oracle Corporation)
HKU\S-1-5-21-2364752156-3425092201-2570250543-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll [596232 2016-04-06] (COMODO)
AppInit_DLLs: , C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2013-08-21] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-18] (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2013-12-11] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2013-12-11] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2013-12-11] (Mozy, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-12-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WIP Miranda IM.lnk [2011-03-20]
ShortcutTarget: WIP Miranda IM.lnk -> C:\Program Files (x86)\WIP Miranda IM 1.7.1\miranda32.exe ( )
Startup: C:\Users\krysarr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esmska.lnk [2011-03-26]
ShortcutTarget: Esmska.lnk -> C:\Program Files (x86)\Esmska\esmska.exe ()
Startup: C:\Users\krysarr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader 2 Launcher.lnk [2012-11-28]
ShortcutTarget: JDownloader 2 Launcher.lnk -> C:\Program Files\JDownloader 2\JDownloader 2.exe (No File)
Startup: C:\Users\krysarr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2011-11-12]
ShortcutTarget: SpeedFan.lnk -> C:\Users\krysarr\Documents\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{361767F6-E1CC-4406-8CEC-208D090EE157}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{361767F6-E1CC-4406-8CEC-208D090EE157}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2364752156-3425092201-2570250543-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-18] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-18] (AVAST Software)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation)
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/x64/ractrl.cab?lmi=724

FireFox:
========
FF ProfilePath: C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default
FF SearchEngineOrder.1: Google
FF Homepage: www.seznam.cz
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxp://www.google.cz/#hl=cs&source=hp&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2364752156-3425092201-2570250543-1000: @lingea.com/x-lingea-translate -> C:\Program Files (x86)\Common Files\Lingea Shared\LG_Mozilla.dll [2014-04-18] (Lingea s.r.o.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\searchplugins\zbocz.xml [2012-01-05]
FF Extension: Add to Amazon Wish List Button - C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\extensions\amznUWL2@amazon.com.xpi [2015-06-05]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\Extensions\LogMeInClient@logmein.com [2014-11-13] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-18] [not signed]

Chrome:
=======
CHR Profile: C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-18]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera 11.00 beta\Opera.exe
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera 11.00 beta\Launcher.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-18] (AVAST Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5799552 2016-04-08] (COMODO)
S3 cmdvirth; C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cmdvirth.exe [2271928 2016-04-08] (COMODO)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2016-03-20] (CHENGDU YIWO Tech Development Co., Ltd)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-04-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-16] (Malwarebytes)
S4 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55112 2013-12-11] (Mozy, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-02-27] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148632 2011-11-22] (Crawler.com)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [28320 2011-10-25] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-18] (AVAST Software)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [823848 2016-04-06] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56464 2016-04-06] (COMODO)
R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [13184 2011-07-06] (Fengtao Software Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2016-03-20] ()
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-12-15] (Huawei Technologies Co., Ltd.)
R3 FFUsbAudio; C:\Windows\System32\DRIVERS\ffusbaudio.sys [51200 2010-03-05] (Focusrite Audio Engineering Ltd.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-04-06] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-16] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-16] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-12-11] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39104 2015-10-10] (IObit Information Technology)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2012-10-26] () [File not signed]
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-10-28] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-10-28] (Acronis International GmbH)
R3 vdrive; C:\Windows\System32\DRIVERS\vdrive.sys [45952 2011-07-06] (Fengtao Software Inc.)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-10-28] (Acronis International GmbH)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\D:\Documents and Settings\Franta\Dokumenty\soft\CrystalMark2004R2\SysInfoX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 23:10 - 2016-04-18 23:10 - 00021189 _____ C:\Users\krysarr\Desktop\FRST.txt
2016-04-18 23:07 - 2016-04-18 23:07 - 00112640 _____ (forum.viry.cz) C:\Users\krysarr\Desktop\FRSTLauncher.exe
2016-04-18 23:02 - 2016-04-18 23:02 - 02375680 _____ (Farbar) C:\Users\krysarr\Desktop\FRST64.exe
2016-04-18 22:55 - 2016-04-18 22:55 - 00001941 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-04-18 22:55 - 2016-04-18 22:55 - 00001056 _____ C:\Users\Public\Desktop\Avast SafeZone 1 Browser.lnk
2016-04-18 22:55 - 2016-04-18 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-18 22:55 - 2016-03-23 01:44 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw23C9.tmp
2016-04-18 22:55 - 2016-03-09 21:36 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw23F9.tmp
2016-04-18 22:55 - 2016-03-09 21:36 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\asw24B7.tmp
2016-04-18 22:55 - 2016-02-23 20:55 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2517.tmp
2016-04-18 22:55 - 2016-02-18 21:37 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2537.tmp
2016-04-18 22:55 - 2016-02-18 21:36 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-18 22:55 - 2016-02-18 21:36 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2567.tmp
2016-04-18 22:55 - 2016-02-18 21:36 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2458.tmp
2016-04-18 22:55 - 2016-02-18 21:36 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw24E7.tmp
2016-04-18 22:55 - 2016-02-18 21:36 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2488.tmp
2016-04-18 22:16 - 2016-04-18 22:36 - 00000000 ____D C:\ProgramData\Wondershare
2016-04-18 22:16 - 2016-04-18 22:16 - 00000000 ____D C:\Users\krysarr\AppData\Local\Wondershare
2016-04-18 22:16 - 2016-04-18 22:16 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-04-18 22:07 - 2016-04-18 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.8
2016-04-12 15:11 - 2016-04-12 15:11 - 01686711 ____N C:\Windows\Minidump\041616-12994-01.dmp
2016-04-12 13:59 - 2016-04-16 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-10 20:32 - 2016-04-17 09:40 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-10 20:32 - 2016-04-10 20:32 - 00003960 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-25 12:51 - 2016-03-25 12:51 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\HDX4 GmbH
2016-03-25 12:49 - 2016-03-25 12:49 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\ATViewer
2016-03-25 12:45 - 2016-03-25 12:45 - 00001214 _____ C:\Users\Public\Desktop\MovieSaver 4.lnk
2016-03-25 12:45 - 2016-03-25 12:45 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-25 12:45 - 2016-03-25 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MovieSaver 4
2016-03-25 12:45 - 2016-03-25 12:45 - 00000000 ____D C:\ProgramData\Engelmann Media
2016-03-25 12:45 - 2016-03-25 12:45 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2016-03-24 08:21 - 2016-04-10 12:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-24 08:21 - 2016-03-24 08:21 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-24 08:21 - 2016-03-24 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-24 08:19 - 2016-03-24 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-03-24 08:19 - 2016-03-24 08:19 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2016-03-23 01:44 - 2016-04-18 22:55 - 00003052 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458690297
2016-03-23 01:44 - 2016-04-07 21:53 - 00001184 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-23 01:44 - 2016-03-23 01:44 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-23 01:44 - 2016-03-23 01:44 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-20 23:44 - 2016-03-20 23:44 - 00001354 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 9.1.lnk
2016-03-20 23:44 - 2016-03-20 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 9.1
2016-03-20 23:44 - 2016-03-20 23:42 - 00192552 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2016-03-20 23:44 - 2016-03-20 23:42 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2016-03-20 23:44 - 2016-03-20 23:42 - 00048168 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2016-03-20 23:44 - 2016-03-20 23:42 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2016-03-20 23:42 - 2016-04-18 22:52 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-03-20 23:42 - 2016-03-20 23:42 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 23:10 - 2015-10-10 17:49 - 00000000 ____D C:\Users\krysarr\AppData\Local\Tmp
2016-04-18 23:10 - 2014-04-28 18:14 - 00000000 ____D C:\FRST
2016-04-18 23:09 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-18 23:09 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-18 23:00 - 2009-07-14 17:18 - 00806674 _____ C:\Windows\system32\perfh005.dat
2016-04-18 23:00 - 2009-07-14 17:18 - 00186774 _____ C:\Windows\system32\perfc005.dat
2016-04-18 23:00 - 2009-07-14 07:13 - 01770156 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-18 23:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-18 22:55 - 2012-11-12 16:10 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-18 22:54 - 2015-12-04 20:54 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-18 22:54 - 2011-03-20 12:59 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\esmska
2016-04-18 22:54 - 2011-03-20 11:45 - 00000000 ____D C:\Users\krysarr
2016-04-18 22:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-18 22:53 - 2015-12-03 18:30 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-18 22:53 - 2015-04-09 21:25 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-18 22:53 - 2014-03-31 21:02 - 00000000 ____D C:\Users\krysarr\AppData\Local\Abelssoft
2016-04-18 22:53 - 2011-03-20 12:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-18 22:53 - 2011-03-20 11:58 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\GHISLER
2016-04-18 22:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-18 22:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-04-18 22:52 - 2011-03-20 12:29 - 00000000 ____D C:\ProgramData\Adobe
2016-04-18 15:03 - 2011-03-20 17:24 - 00000000 ____D C:\Users\krysarr\AppData\Local\ElevatedDiagnostics
2016-04-17 10:32 - 2012-07-12 18:56 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-17 10:15 - 2015-09-07 21:25 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 00:55 - 2014-09-01 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-17 00:21 - 2011-03-20 17:18 - 00007613 _____ C:\Users\krysarr\AppData\Local\Resmon.ResmonCfg
2016-04-16 13:09 - 2014-06-05 07:43 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1381484934
2016-04-16 13:09 - 2011-03-20 13:09 - 00000000 ____D C:\Program Files (x86)\Opera 11.00 beta
2016-04-16 13:03 - 2013-10-12 02:04 - 00000000 ____D C:\Windows\Minidump
2016-04-13 21:16 - 2015-09-07 21:26 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-10 20:32 - 2012-07-12 18:56 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-10 20:32 - 2012-04-02 09:32 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-10 20:32 - 2011-05-17 20:51 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-10 12:36 - 2012-03-10 20:47 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\Skype
2016-04-10 12:33 - 2012-03-10 20:46 - 00000000 ____D C:\ProgramData\Skype
2016-04-08 21:44 - 2015-02-20 18:01 - 00000000 ____D C:\Users\krysarr\AppData\Local\JDownloader 2.0
2016-04-08 21:44 - 2014-12-25 10:29 - 00036264 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-04-06 14:19 - 2010-09-11 00:40 - 00116248 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-04-06 14:19 - 2010-09-11 00:40 - 00056464 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-04-06 14:18 - 2010-09-11 00:40 - 00823848 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys
2016-04-06 14:18 - 2010-09-11 00:40 - 00031648 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-04-06 14:17 - 2011-12-18 10:56 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-04-06 14:16 - 2010-09-11 00:41 - 00596232 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-04-06 14:16 - 2010-09-11 00:41 - 00461648 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-04-06 14:14 - 2014-04-03 19:59 - 00365752 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-04-06 14:14 - 2014-04-03 19:59 - 00051896 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2016-04-06 14:12 - 2014-04-03 19:59 - 00296120 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-04-06 14:11 - 2014-04-03 19:59 - 00046776 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2016-04-04 23:47 - 2011-03-20 16:21 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\vlc
2016-03-25 11:26 - 2015-01-30 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-25 11:26 - 2015-01-30 22:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-25 11:06 - 2015-08-31 11:18 - 00000000 ____D C:\Users\krysarr\.oracle_jre_usage
2016-03-25 11:06 - 2015-01-30 22:23 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-23 01:44 - 2014-07-22 20:08 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 01:44 - 2012-02-11 22:26 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-20 23:39 - 2011-11-12 14:07 - 00000000 ____D C:\ProgramData\Temp
2016-03-20 23:38 - 2011-11-27 19:30 - 00000000 ____D C:\Program Files (x86)\Titan Backup
2016-03-19 20:57 - 2015-10-10 17:30 - 00000000 ____D C:\Program Files\Sweet Home 3D

==================== Files in the root of some directories =======

2011-11-27 21:57 - 2011-11-27 21:57 - 0007859 _____ () C:\Users\krysarr\AppData\Roaming\pcouffin.cat
2011-11-27 21:57 - 2011-11-27 21:57 - 0001167 _____ () C:\Users\krysarr\AppData\Roaming\pcouffin.inf
2011-11-27 21:58 - 2011-11-27 21:58 - 0000034 _____ () C:\Users\krysarr\AppData\Roaming\pcouffin.log
2011-11-27 21:57 - 2011-11-27 21:57 - 0082816 _____ (VSO Software) C:\Users\krysarr\AppData\Roaming\pcouffin.sys
2012-03-14 07:23 - 2011-01-04 10:26 - 0076407 _____ () C:\Users\krysarr\AppData\Roaming\Smiley.ico
2011-11-05 18:06 - 2012-08-20 15:35 - 0000079 _____ () C:\Users\krysarr\AppData\Local\CrystalDiskMark30.ini
2011-12-10 20:16 - 2015-09-16 07:31 - 0005632 _____ () C:\Users\krysarr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-20 17:18 - 2016-04-17 00:21 - 0007613 _____ () C:\Users\krysarr\AppData\Local\Resmon.ResmonCfg
2012-02-06 13:36 - 2012-02-06 13:36 - 0000040 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\krysarr\AppData\Local\Tmp\sfamcc00001.dll
C:\Users\krysarr\AppData\Local\Tmp\sfareca00001.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 00:23

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (COMPATRIOT IN FERNO) (Fixed) (Total:57.71 GB) (Free:3.84 GB) NTFS
Drive d: (DEVIL'S APPRENTICE) (Fixed) (Total:465.76 GB) (Free:4.3 GB) NTFS
Drive g: (GAGA) (Fixed) (Total:180.66 GB) (Free:26.48 GB) NTFS

Available physical RAM: 5334.38 MB
Total physical RAM: 7934.16 MB
Percentage of memory in use: 32%

==================== MBR and Partition Table ==================

2016-03-20 23:42 - 2016-03-20 23:42 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 36C4EB2C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=57.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=180.7 GB) - (Type=07 NTFS)
Disk: 1 (Size: 465.8 GB) (Disk ID: 4C67AF3C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fbnative.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsquirt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcr70.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eubakup.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EUBKMON.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eudskacs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EuFdDisk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:7204B89D [195]
AlternateDataStreams: C:\Users\krysarr\Desktop\CHAVVVA.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\DIPLOMOVA-PRACE-bilingvismus-Lennie.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\krysarr\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\FRSTLauncher.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\mbam-setup-2.2.0.1024.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\MPC-HC.1.7.8.x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\krysarr\Desktop\Nabivaci tytul.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\photo.htm:$CmdZnID [26]

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\krysarr\Desktop" je 94 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cistray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR
C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDFab VDrive
"C:\PROGRAM FILES\DVDFAB VIRTUAL DRIVE\VDRIVE.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods
"C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq
C:\Users\krysarr\AppData\Roaming\ICQM\icq.exe -CU [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU
"C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu
"C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD14Agent
"C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor
"C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe" /server [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9
"C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slu�ba Acronis Scheduler2
"C:\Program Files (x86)\Common Files\Acronis\Pl�n2\schedhlp.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol
"C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu
"C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut
"C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut
"C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut
"C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut
"C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AirLive Skyphone-1000.lnk
C:\PROGRA~2\AIRLIV~1\SKYPHO~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^avast! Free Antivirus.lnk
C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk
C:\PROGRA~1\MozyHome\mozystat.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk
C:\PROGRA~2\ArcSoft\TOTALM~1\TOTALM~1\TMSERV~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^krysarr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk
C:\PROGRA~2\COMMON~1\LINGEA~1\luc.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: PC dělá zvláštní "kousky"

#4 Příspěvek od Rudy »

OK. Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
krysarr
Návštěvník
Návštěvník
Příspěvky: 345
Registrován: 02 bře 2007 12:14
Kontaktovat uživatele:
Kontaktovat uživatele krysarr

Re: PC dělá zvláštní "kousky"

#5 Příspěvek od krysarr »

# AdwCleaner v5.010 - Logfile created 10/10/2015 at 10:26:29
# Updated 04/10/2015 by Xplode
# Database : 2015-10-04.3 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : krysarr - KRYSARR-PC
# Running from : C:\Users\krysarr\Desktop\adwcleaner_5.010.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : sp_rsdrv2

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\eSupport.com
[-] Folder Deleted : C:\Program Files (x86)\Pirrit
[-] Folder Deleted : C:\Program Files (x86)\Applian Technologies
[-] Folder Deleted : C:\ProgramData\DeviceVM
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[-] Folder Deleted : C:\Users\krysarr\AppData\Local\PirritSuggestor
[-] Folder Deleted : C:\Users\krysarr\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\krysarr\AppData\Roaming\DeviceVM
[-] Folder Deleted : C:\Users\krysarr\AppData\Roaming\Pirrit
[-] Folder Deleted : C:\Users\krysarr\AppData\Roaming\Systweak

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysNative\roboot64.exe

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler lišta\Nápověda pro lištu.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler lišta\Více produktů Crawler.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
[-] Key Deleted : HKCU\Software\CToolbar
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\jZip
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKLM\SOFTWARE\CToolbar
[-] Key Deleted : HKLM\SOFTWARE\Pirrit
[!] Key Not Deleted : [x64] HKCU\Software\CToolbar
[!] Key Not Deleted : [x64] HKCU\Software\eSupport.com
[!] Key Not Deleted : [x64] HKCU\Software\jZip
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\systweak
[!] Key Not Deleted : [x64] HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : [x64] HKLM\SOFTWARE\Pirrit

***** [ Web browsers ] *****

[-] [C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\prefs.js] [Preference] Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
[-] [C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\prefs.js] [Preference] Deleted : user_pref("extensions.facemoods.firstRun", false);
[-] [C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\prefs.js] [Preference] Deleted : user_pref("extensions.facemoods.lastActv", "22");
[-] [C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\prefs.js] [Preference] Deleted : user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true);

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7048 bytes] ##########
# AdwCleaner v5.112 - Log soubor vytvořen 19/04/2016 o 22:15:37
# Aktualizováno 17/04/2016 by Xplode
# Databáze : 2016-04-19.5 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Jméno uživatele : krysarr - KRYSARR-PC
# Spuštěno z : C:\Users\krysarr\Desktop\adwcleaner_5.112.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****


***** [ Soubory ] *****

[-] Soubor smazáno : C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_xoncisfktn-a.akamaihd.net_0.localstorage
[-] Soubor smazáno : C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_xoncisfktn-a.akamaihd.net_0.localstorage-journal
[-] Soubor smazáno : C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] Soubor smazáno : C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****

[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{98ED0D10-F1FC-4113-A095-9BD7F96040C9}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{B162A975-6C7C-4202-9167-306028913A3D}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{DEF4ED0D-E666-4631-A35A-A634332F0550}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
[-] Klávesa smazáno : HKCU\Software\Mail.Ru
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2364752156-3425092201-2570250543-1000\Software\CToolbar
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Babylon Client
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\BCU
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\DataMngr
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\facemoods

***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [11210 bytes] - [10/10/2015 10:26:29]
C:\AdwCleaner\AdwCleaner[R0].txt - [8257 bytes] - [06/01/2014 18:49:33]
C:\AdwCleaner\AdwCleaner[S0].txt - [7923 bytes] - [06/01/2014 18:52:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [11160 bytes] - [10/10/2015 10:20:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11504 bytes] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: PC dělá zvláštní "kousky"

#6 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
krysarr
Návštěvník
Návštěvník
Příspěvky: 345
Registrován: 02 bře 2007 12:14
Kontaktovat uživatele:
Kontaktovat uživatele krysarr

Re: PC dělá zvláštní "kousky"

#7 Příspěvek od krysarr »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by krysarr (administrator) on KRYSARR-PC (20-04-2016 22:52:51)
Running from C:\Users\krysarr\Desktop
Loaded Profiles: krysarr (Available Profiles: krysarr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
( ) C:\Program Files (x86)\WIP Miranda IM 1.7.1\miranda32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Almico Software (www.almico.com)) C:\Users\krysarr\Documents\SpeedFan\speedfan.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Esmska\jre\launch4j-tmp\esmska.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(forum.viry.cz) C:\Users\krysarr\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518976 2013-08-21] (Acronis)
HKLM\...\Run: [COMODO Internet Security] => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cistray.exe [1610936 2016-04-08] (COMODO)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-08] (COMODO)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7806192 2013-12-13] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102208 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2016-03-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-25] (Oracle Corporation)
HKU\S-1-5-21-2364752156-3425092201-2570250543-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll [596232 2016-04-06] (COMODO)
AppInit_DLLs: , C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2013-08-21] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-18] (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2013-12-11] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2013-12-11] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2013-12-11] (Mozy, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-12-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WIP Miranda IM.lnk [2011-03-20]
ShortcutTarget: WIP Miranda IM.lnk -> C:\Program Files (x86)\WIP Miranda IM 1.7.1\miranda32.exe ( )
Startup: C:\Users\krysarr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esmska.lnk [2011-03-26]
ShortcutTarget: Esmska.lnk -> C:\Program Files (x86)\Esmska\esmska.exe ()
Startup: C:\Users\krysarr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader 2 Launcher.lnk [2012-11-28]
ShortcutTarget: JDownloader 2 Launcher.lnk -> C:\Program Files\JDownloader 2\JDownloader 2.exe (No File)
Startup: C:\Users\krysarr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2011-11-12]
ShortcutTarget: SpeedFan.lnk -> C:\Users\krysarr\Documents\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{361767F6-E1CC-4406-8CEC-208D090EE157}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{361767F6-E1CC-4406-8CEC-208D090EE157}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2364752156-3425092201-2570250543-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-18] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-18] (AVAST Software)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation)
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/x64/ractrl.cab?lmi=724

FireFox:
========
FF ProfilePath: C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default
FF SearchEngineOrder.1: Google
FF Homepage: www.seznam.cz
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxp://www.google.cz/#hl=cs&source=hp&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2364752156-3425092201-2570250543-1000: @lingea.com/x-lingea-translate -> C:\Program Files (x86)\Common Files\Lingea Shared\LG_Mozilla.dll [2014-04-18] (Lingea s.r.o.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\searchplugins\zbocz.xml [2012-01-05]
FF Extension: Add to Amazon Wish List Button - C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\extensions\amznUWL2@amazon.com.xpi [2015-06-05]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\krysarr\AppData\Roaming\Mozilla\Firefox\Profiles\by63fyf3.default\Extensions\LogMeInClient@logmein.com [2014-11-13] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-19]

Chrome:
=======
CHR Profile: C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\krysarr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-18]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera 11.00 beta\Opera.exe
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera 11.00 beta\Launcher.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-18] (AVAST Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5799552 2016-04-08] (COMODO)
S3 cmdvirth; C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cmdvirth.exe [2271928 2016-04-08] (COMODO)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2016-03-20] (CHENGDU YIWO Tech Development Co., Ltd)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-04-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-16] (Malwarebytes)
S4 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55112 2013-12-11] (Mozy, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-02-27] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148632 2011-11-22] (Crawler.com)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [28320 2011-10-25] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-18] (AVAST Software)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [823848 2016-04-06] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56464 2016-04-06] (COMODO)
R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [13184 2011-07-06] (Fengtao Software Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2016-03-20] ()
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-12-15] (Huawei Technologies Co., Ltd.)
R3 FFUsbAudio; C:\Windows\System32\DRIVERS\ffusbaudio.sys [51200 2010-03-05] (Focusrite Audio Engineering Ltd.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-04-06] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-16] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-16] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-12-11] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39104 2015-10-10] (IObit Information Technology)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2012-10-26] () [File not signed]
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-10-28] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-10-28] (Acronis International GmbH)
R3 vdrive; C:\Windows\System32\DRIVERS\vdrive.sys [45952 2011-07-06] (Fengtao Software Inc.)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-10-28] (Acronis International GmbH)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\D:\Documents and Settings\Franta\Dokumenty\soft\CrystalMark2004R2\SysInfoX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-19 22:01 - 2016-04-19 22:01 - 03683904 _____ C:\Users\krysarr\Desktop\adwcleaner_5.112.exe
2016-04-18 23:10 - 2016-04-20 22:53 - 00021164 _____ C:\Users\krysarr\Desktop\FRST.txt
2016-04-18 23:07 - 2016-04-18 23:07 - 00112640 _____ (forum.viry.cz) C:\Users\krysarr\Desktop\FRSTLauncher.exe
2016-04-18 23:02 - 2016-04-18 23:02 - 02375680 _____ (Farbar) C:\Users\krysarr\Desktop\FRST64.exe
2016-04-18 22:55 - 2016-04-18 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-18 22:55 - 2016-02-18 21:36 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-18 22:16 - 2016-04-18 22:36 - 00000000 ____D C:\ProgramData\Wondershare
2016-04-18 22:16 - 2016-04-18 22:16 - 00000000 ____D C:\Users\krysarr\AppData\Local\Wondershare
2016-04-18 22:16 - 2016-04-18 22:16 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-04-18 22:07 - 2016-04-18 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.8
2016-04-12 15:11 - 2016-04-12 15:11 - 01686711 ____N C:\Windows\Minidump\041616-12994-01.dmp
2016-04-12 13:59 - 2016-04-16 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-10 20:32 - 2016-04-17 09:40 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-10 20:32 - 2016-04-10 20:32 - 00003960 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-25 12:51 - 2016-03-25 12:51 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\HDX4 GmbH
2016-03-25 12:49 - 2016-03-25 12:49 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\ATViewer
2016-03-25 12:45 - 2016-03-25 12:45 - 00001214 _____ C:\Users\Public\Desktop\MovieSaver 4.lnk
2016-03-25 12:45 - 2016-03-25 12:45 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-25 12:45 - 2016-03-25 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MovieSaver 4
2016-03-25 12:45 - 2016-03-25 12:45 - 00000000 ____D C:\ProgramData\Engelmann Media
2016-03-25 12:45 - 2016-03-25 12:45 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2016-03-24 08:21 - 2016-04-10 12:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-24 08:21 - 2016-03-24 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-24 08:19 - 2016-03-24 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-03-24 08:19 - 2016-03-24 08:19 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2016-03-23 01:44 - 2016-04-18 22:55 - 00003052 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458690297
2016-03-23 01:44 - 2016-03-23 01:44 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-23 01:44 - 2016-03-23 01:44 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 22:53 - 2015-10-10 17:49 - 00000000 ____D C:\Users\krysarr\AppData\Local\Tmp
2016-04-20 22:52 - 2014-04-28 18:14 - 00000000 ____D C:\FRST
2016-04-20 22:32 - 2012-07-12 18:56 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-20 22:15 - 2015-09-07 21:25 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 21:16 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 21:16 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 18:15 - 2015-12-04 20:54 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-19 22:49 - 2011-03-20 12:59 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\esmska
2016-04-19 22:23 - 2009-07-14 17:18 - 00806674 _____ C:\Windows\system32\perfh005.dat
2016-04-19 22:23 - 2009-07-14 17:18 - 00186774 _____ C:\Windows\system32\perfc005.dat
2016-04-19 22:23 - 2009-07-14 07:13 - 01770156 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-19 22:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-19 22:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-19 22:08 - 2014-01-06 18:48 - 00000000 ____D C:\AdwCleaner
2016-04-18 23:12 - 2011-10-10 11:46 - 00000000 ____D C:\Users\krysarr\Desktop\SAFETY
2016-04-18 22:55 - 2012-11-12 16:10 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-18 22:54 - 2011-03-20 11:45 - 00000000 ____D C:\Users\krysarr
2016-04-18 22:53 - 2015-12-03 18:30 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-18 22:53 - 2015-04-09 21:25 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-18 22:53 - 2014-03-31 21:02 - 00000000 ____D C:\Users\krysarr\AppData\Local\Abelssoft
2016-04-18 22:53 - 2011-03-20 12:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-18 22:53 - 2011-03-20 11:58 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\GHISLER
2016-04-18 22:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-18 22:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-04-18 22:52 - 2016-03-20 23:42 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-04-18 22:52 - 2011-03-20 12:29 - 00000000 ____D C:\ProgramData\Adobe
2016-04-18 15:03 - 2011-03-20 17:24 - 00000000 ____D C:\Users\krysarr\AppData\Local\ElevatedDiagnostics
2016-04-17 00:55 - 2014-09-01 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-17 00:21 - 2011-03-20 17:18 - 00007613 _____ C:\Users\krysarr\AppData\Local\Resmon.ResmonCfg
2016-04-16 13:09 - 2014-06-05 07:43 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1381484934
2016-04-16 13:09 - 2011-03-20 13:09 - 00000000 ____D C:\Program Files (x86)\Opera 11.00 beta
2016-04-16 13:03 - 2013-10-12 02:04 - 00000000 ____D C:\Windows\Minidump
2016-04-13 21:16 - 2015-09-07 21:26 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-10 20:32 - 2012-07-12 18:56 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-10 20:32 - 2012-04-02 09:32 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-10 20:32 - 2011-05-17 20:51 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-10 12:36 - 2012-03-10 20:47 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\Skype
2016-04-10 12:33 - 2012-03-10 20:46 - 00000000 ____D C:\ProgramData\Skype
2016-04-08 21:44 - 2015-02-20 18:01 - 00000000 ____D C:\Users\krysarr\AppData\Local\JDownloader 2.0
2016-04-08 21:44 - 2014-12-25 10:29 - 00036264 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-04-06 14:19 - 2010-09-11 00:40 - 00116248 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-04-06 14:19 - 2010-09-11 00:40 - 00056464 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-04-06 14:18 - 2010-09-11 00:40 - 00823848 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys
2016-04-06 14:18 - 2010-09-11 00:40 - 00031648 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-04-06 14:17 - 2011-12-18 10:56 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-04-06 14:16 - 2010-09-11 00:41 - 00596232 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-04-06 14:16 - 2010-09-11 00:41 - 00461648 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-04-06 14:14 - 2014-04-03 19:59 - 00365752 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-04-06 14:14 - 2014-04-03 19:59 - 00051896 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2016-04-06 14:12 - 2014-04-03 19:59 - 00296120 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-04-06 14:11 - 2014-04-03 19:59 - 00046776 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2016-04-04 23:47 - 2011-03-20 16:21 - 00000000 ____D C:\Users\krysarr\AppData\Roaming\vlc
2016-03-25 11:26 - 2015-01-30 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-25 11:26 - 2015-01-30 22:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-25 11:06 - 2015-08-31 11:18 - 00000000 ____D C:\Users\krysarr\.oracle_jre_usage
2016-03-25 11:06 - 2015-01-30 22:23 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-23 01:44 - 2014-07-22 20:08 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 01:44 - 2012-02-11 22:26 - 00000000 ____D C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2011-11-27 21:57 - 2011-11-27 21:57 - 0007859 _____ () C:\Users\krysarr\AppData\Roaming\pcouffin.cat
2011-11-27 21:57 - 2011-11-27 21:57 - 0001167 _____ () C:\Users\krysarr\AppData\Roaming\pcouffin.inf
2011-11-27 21:58 - 2011-11-27 21:58 - 0000034 _____ () C:\Users\krysarr\AppData\Roaming\pcouffin.log
2011-11-27 21:57 - 2011-11-27 21:57 - 0082816 _____ (VSO Software) C:\Users\krysarr\AppData\Roaming\pcouffin.sys
2012-03-14 07:23 - 2011-01-04 10:26 - 0076407 _____ () C:\Users\krysarr\AppData\Roaming\Smiley.ico
2011-11-05 18:06 - 2012-08-20 15:35 - 0000079 _____ () C:\Users\krysarr\AppData\Local\CrystalDiskMark30.ini
2011-12-10 20:16 - 2015-09-16 07:31 - 0005632 _____ () C:\Users\krysarr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-20 17:18 - 2016-04-17 00:21 - 0007613 _____ () C:\Users\krysarr\AppData\Local\Resmon.ResmonCfg
2012-02-06 13:36 - 2012-02-06 13:36 - 0000040 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\krysarr\AppData\Local\Tmp\libeay32.dll
C:\Users\krysarr\AppData\Local\Tmp\msvcr120.dll
C:\Users\krysarr\AppData\Local\Tmp\sfamcc00001.dll
C:\Users\krysarr\AppData\Local\Tmp\sfareca00001.dll
C:\Users\krysarr\AppData\Local\Tmp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 00:23

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (COMPATRIOT IN FERNO) (Fixed) (Total:57.71 GB) (Free:3.11 GB) NTFS
Drive d: (DEVIL'S APPRENTICE) (Fixed) (Total:465.76 GB) (Free:4.17 GB) NTFS
Drive g: (GAGA) (Fixed) (Total:180.66 GB) (Free:26.48 GB) NTFS

Available physical RAM: 5450.15 MB
Total physical RAM: 7934.16 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

2016-03-20 23:42 - 2016-03-20 23:42 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 36C4EB2C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=57.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=180.7 GB) - (Type=07 NTFS)
Disk: 1 (Size: 465.8 GB) (Disk ID: 4C67AF3C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fbnative.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsquirt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcr70.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eubakup.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EUBKMON.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eudskacs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EuFdDisk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:7204B89D [195]
AlternateDataStreams: C:\Users\krysarr\Desktop\adwcleaner_5.112.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\CHAVVVA.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\DIPLOMOVA-PRACE-bilingvismus-Lennie.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\krysarr\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\FRSTLauncher.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\mbam-setup-2.2.0.1024.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\MPC-HC.1.7.8.x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\krysarr\Desktop\Nabivaci tytul.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\photo.htm:$CmdZnID [26]

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\krysarr\Desktop" je 98 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cistray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDFab VDrive
"C:\PROGRAM FILES\DVDFAB VIRTUAL DRIVE\VDRIVE.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq
C:\Users\krysarr\AppData\Roaming\ICQM\icq.exe -CU [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU
"C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu
"C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD14Agent
"C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor
"C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe" /server [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9
"C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slu�ba Acronis Scheduler2
"C:\Program Files (x86)\Common Files\Acronis\Pl�n2\schedhlp.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol
"C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu
"C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut
"C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut
"C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut
"C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut
"C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AirLive Skyphone-1000.lnk
C:\PROGRA~2\AIRLIV~1\SKYPHO~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^avast! Free Antivirus.lnk
C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk
C:\PROGRA~1\MozyHome\mozystat.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk
C:\PROGRA~2\ArcSoft\TOTALM~1\TOTALM~1\TMSERV~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^krysarr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk
C:\PROGRA~2\COMMON~1\LINGEA~1\luc.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: PC dělá zvláštní "kousky"

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-25] (Oracle Corporation)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\krysarr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\krysarr\AppData\Local\Tmp
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fbnative.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsquirt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcr70.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eubakup.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EUBKMON.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eudskacs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EuFdDisk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:7204B89D [195]
AlternateDataStreams: C:\Users\krysarr\Desktop\adwcleaner_5.112.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\CHAVVVA.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\DIPLOMOVA-PRACE-bilingvismus-Lennie.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\krysarr\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\FRSTLauncher.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\mbam-setup-2.2.0.1024.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\MPC-HC.1.7.8.x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\krysarr\Desktop\Nabivaci tytul.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\photo.htm:$CmdZnID [26]
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
krysarr
Návštěvník
Návštěvník
Příspěvky: 345
Registrován: 02 bře 2007 12:14
Kontaktovat uživatele:
Kontaktovat uživatele krysarr

Re: PC dělá zvláštní "kousky"

#9 Příspěvek od krysarr »

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by krysarr (2016-04-21 21:07:43) Run:6
Running from C:\Users\krysarr\Desktop
Loaded Profiles: krysarr (Available Profiles: krysarr)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-25] (Oracle Corporation)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\krysarr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\krysarr\AppData\Local\Tmp
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fbnative.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsquirt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcr70.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eubakup.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EUBKMON.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eudskacs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EuFdDisk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:7204B89D [195]
AlternateDataStreams: C:\Users\krysarr\Desktop\adwcleaner_5.112.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\CHAVVVA.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\DIPLOMOVA-PRACE-bilingvismus-Lennie.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\krysarr\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\FRSTLauncher.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\mbam-setup-2.2.0.1024.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\MPC-HC.1.7.8.x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\krysarr\Desktop\Nabivaci tytul.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\krysarr\Desktop\photo.htm:$CmdZnID [26]
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"C:\Windows\Jaksta\AC\x86\jaudcap.dll" => Value data removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Users\krysarr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\krysarr\AppData\Local\Tmp" folder move:

Could not move "C:\Users\krysarr\AppData\Local\Tmp" => Scheduled to move on reboot.

"C:\Windows\avastSS.scr" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\advapi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aelupsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aepic.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aitstatic.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\apisetschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\apphelp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appidapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appidcertstorecheck.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appidpolicyconverter.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appidsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appinfo.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\audiodg.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AudioEng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AUDIOKSE.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AudioSes.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\audiosrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\authui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\blackbox.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ci.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\clfs.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\clfsw32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\conhost.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\consent.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\crypt32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptbase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptnet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\csrsrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dciman32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\diagtrack.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\drmmgrtn.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\drmv2clt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dwmapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dwmcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\EncDump.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\evr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\fbnative.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\fontsub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\fsquirt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\InkEd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jnwmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\kernel32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KernelBase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lpk.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsass.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mferror.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfplat.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfpmp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msctf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msihnd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msimsg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msnetobj.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msscp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msxml3.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msxml3r.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msxml6.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msxml6r.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntdll.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntvdm64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\oleaut32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcadm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcaevts.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcalua.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcasvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcawrk.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\perftrack.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\poqexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\powertracker.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\qdvd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\quartz.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rdpudd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rrinstaller.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rstrui.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\scesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\schedsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sdbinst.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\services.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\setbcdlocale.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\shimeng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\smss.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspisrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tdh.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tzres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ubpm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\UtcResources.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wdi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\win32k.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winload.efi" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winload.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winresume.efi" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winresume.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WinSetupUI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winsrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wintrust.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wmdrmsdk.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMPhoto.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wow64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wow64cpu.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wow64win.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wpdshext.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wu.upgrade.ps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuauclt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuaueng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wucltux.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wups.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wups2.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\advapi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\apisetschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\apphelp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\appidapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\AudioEng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\AUDIOKSE.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\AudioSes.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\authui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\blackbox.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\clfsw32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\crypt32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\cryptbase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\cryptnet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\cryptsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\cryptsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\cryptui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dciman32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\drmmgrtn.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\drmv2clt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dwmapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dwmcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\evr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\fontsub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\InkEd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\instnm.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\kernel32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\KernelBase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\lpk.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mferror.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfplat.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfpmp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msctf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msihnd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msimsg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msnetobj.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msscp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msvcr70.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msxml3.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msxml3r.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msxml6.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msxml6r.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncsi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nlaapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntdll.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntkrnlpa.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntvdm64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\oleaut32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\poqexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\qdvd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\quartz.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\rrinstaller.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\scesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\sdbinst.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\setup16.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\shimeng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\tdh.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\tsgqec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\tzres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ubpm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\user.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wdi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wintrust.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wmdrmsdk.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMPhoto.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wow32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wpdshext.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wups.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\appid.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\bthenum.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\bthpan.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\bthport.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\BTHUSB.SYS" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\cng.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\eubakup.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\EUBKMON.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\eudskacs.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\EuFdDisk.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecdd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxsmb.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxsmb10.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxsmb20.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\PEAuth.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\rfcomm.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\stream.sys" => ":$CmdTcID" ADS not found.
C:\ProgramData\Temp => ":7204B89D" ADS removed successfully.
C:\Users\krysarr\Desktop\adwcleaner_5.112.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\krysarr\Desktop\CHAVVVA.jpg => ":$CmdZnID" ADS removed successfully.
"C:\Users\krysarr\Desktop\DIPLOMOVA-PRACE-bilingvismus-Lennie.doc" => ":$CmdTcID" ADS not found.
C:\Users\krysarr\Desktop\FRST64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\krysarr\Desktop\FRSTLauncher.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\krysarr\Desktop\mbam-setup-2.2.0.1024.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\krysarr\Desktop\MPC-HC.1.7.8.x64.exe" => ":$CmdTcID" ADS not found.
C:\Users\krysarr\Desktop\Nabivaci tytul.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\krysarr\Desktop\photo.htm => ":$CmdZnID" ADS removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-21 21:09:16)

C:\Users\krysarr\AppData\Local\Tmp => moved successfully

==== End of Fixlog 21:09:17 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: PC dělá zvláštní "kousky"

#10 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
krysarr
Návštěvník
Návštěvník
Příspěvky: 345
Registrován: 02 bře 2007 12:14
Kontaktovat uživatele:
Kontaktovat uživatele krysarr

Re: PC dělá zvláštní "kousky"

#11 Příspěvek od krysarr »

Bohužel moc ne. Něco je v PC pořád špatně, protože když připojím jakýkoli flashdisk nebo SD kartu, objeví se hláška, že je potřeba formátovat (v jiných počítačích se tato hláška neobjevuje). To samé dělal počítač i těsně předtím, než přeformátoval onen flashdisk zmíněný v prvním příspěvku. :(

Když ten poškozený flashdisk připojím a chci zkoušet opravit (v Acronis Disk Director), začne postupně blokovat i ostatní programy. :(

Na jednom fóru jsem našel tuto odpověď:
Pokud Vás systém žádá o formát i v případě připojení jiných médií, např. flash disku, je problém pravděpodobně úplně jinde. Já jsem se například nemohl dostat na žádné externí médium a systém stále vyžadoval formátování onoho média (několik flash disků, telefon). Nakonec jsem zjistil, že za to může nějaký Trojan (přesný název viru si nepamatuji)... Doporučuji Vám tedy zkusit ESET online scan a následně stáhnout a použít utilitu "Kaspersky TDSSKiller". Mě tohle řešení pomohlo a nemusel jsem formátovat jediné zařízení.
http://www.zive.cz/poradna/hdd-vyzaduje ... tanswers=1

Přesně to se děje i mně. Nevím, co s tím dělat. :(
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: PC dělá zvláštní "kousky"

#12 Příspěvek od Rudy »

Zkuste obnovu systému k datu, kdy korketně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
krysarr
Návštěvník
Návštěvník
Příspěvky: 345
Registrován: 02 bře 2007 12:14
Kontaktovat uživatele:
Kontaktovat uživatele krysarr

Re: PC dělá zvláštní "kousky"

#13 Příspěvek od krysarr »

Rudy píše:Zkuste obnovu systému k datu, kdy korektně fungoval.
To bohužel nejde, jak už jsem psal výše (pon dub 18, 2016 10:12 pm). :(
Může být problém v tom, že mám málo místa na disku? Nevím, kolik potřebují body obnovy místa.

Mám systém (WIN7) nainstalovaný už 5 let - myslíte, že je čas na přeinstalaci? Zlobí na něm více věcí (po probuzení z režimu spánku občas nefunguje myš či klávesnice a podobné "legrácky").
Například během psaní tohoto příspěvku se sama odpojila myš. 8-(
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: PC dělá zvláštní "kousky"

#14 Příspěvek od Rudy »

Na disku by mělo být min. 5-8GB volného místa (záleží na velikosti RAM)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“