Preventivka

Zpráva

praclovicek · #1 Příspěvek od **praclovicek** » 12 kvě 2016 06:16

Dobrý den,
prosím o preventivní kontrolu logu. Děkuji Honza

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jan at 2016-05-12 07:05:20
Microsoft Windows 8.1
System drive C: has 41 GB (36%) free of 114 GB
Total RAM: 6143 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:05:36, on 12. 5. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AIMP\AIMP.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNABFSWK.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
C:\Program Files\trend micro\Jan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.eshield.com/general/new ... E7BAD7}&i=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ABUNINSTALLEX] c:\programdata\ab studio\ABUnInstallEx.exe
O4 - Startup: NexonX.vbs
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} (Mail Migration) - https://col430-sec.mail.live.com/mail/M ... =432100937
O17 - HKLM\System\CCS\Services\Tcpip\..\{567BA119-BDC8-4336-87A0-2EDC5D0D283A}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: AbSoftMgr4 - AB Studio - C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DraftSight API Service - Dassault Systemes - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @oem47.inf,%llmdisp%;Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: myPWT - Service for 'Reflex pro' - Heat exchanger (myPWTNTService.exe) - Unknown owner - c:\program files (x86)\ConSoft\Reflex pro\interfaces\myPWT\myPWTServer\bin\myPWTNTService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8962 bytes

======Listing Processes======

wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {fe58fe24-66d5-4225-a5229b44e88b5b17}
"C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe" C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Windows\system32\hasplms.exe -run
"c:\program files (x86)\ConSoft\Reflex pro\interfaces\myPWT\myPWTServer\bin\myPWTNTService.exe"
"c:\\program files (x86)\\ConSoft\\Reflex pro\\interfaces\\myPWT\\myPWTServer\\bin\\PWT2000ComServ.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
atieclxx
C:\Windows\system32\SearchIndexer.exe /Embedding
taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\System32\WScript.exe" "C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexonX.vbs"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\AIMP\AIMP.exe"
"C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe"
"C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNABFSWK.EXE !hide Canon LBP6020
"C:\Program Files\WindowsApps\Microsoft.WindowsScan_6.3.9654.17133_x64__8wekyb3d8bbwe\ScanApp.exe" -ServerName:App.AppXaxamg5eesqyjpqktbt1zkpbb33rtkxjx.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\totalcmd\TOTALCMD64.EXE"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="3012.3.1248780620\2007373244" "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3012 "\\.\pipe\gecko-crash-server-pipe.3012" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe" --proxy-stub-channel=Flash1320.69584560.1218 --host-broker-channel=Flash1320.69584560.19136 --host-pid=1320 --host-npapi-version=29 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_21_0_0_213.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe" --channel=4920.0114F884.2061594921 --proxy-stub-channel=Flash1320.69584560.1218 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_21_0_0_213.dll" --host-npapi-version=29 --type=renderer
"C:\Program Files\AB Studio\CadkonPlus 2016\2016\ICAD.EXE" "S:\2016\+Soběslav\31_Peterka\RD Peterkovi.dwg" /p "CADKON 2016 (čeština)" /nologo /ld "C:\Program Files\AB Studio\CadkonPlus 2016\ckLoader_3.02_9.irx"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
"E:\Staženo\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

#2 Příspěvek od **Márty84** » 12 kvě 2016 19:57

Zdravim

To je jen cast logu, potrebuji ho videt cely.

praclovicek · #3 Příspěvek od **praclovicek** » 13 kvě 2016 05:12

Dík, toho jsem si nevšiml.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jan at 2016-05-12 07:05:20
Microsoft Windows 8.1
System drive C: has 41 GB (36%) free of 114 GB
Total RAM: 6143 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:05:36, on 12. 5. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AIMP\AIMP.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNABFSWK.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
C:\Program Files\trend micro\Jan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.eshield.com/general/new ... E7BAD7}&i=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ABUNINSTALLEX] c:\programdata\ab studio\ABUnInstallEx.exe
O4 - Startup: NexonX.vbs
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} (Mail Migration) - https://col430-sec.mail.live.com/mail/M ... =432100937
O17 - HKLM\System\CCS\Services\Tcpip\..\{567BA119-BDC8-4336-87A0-2EDC5D0D283A}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: AbSoftMgr4 - AB Studio - C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DraftSight API Service - Dassault Systemes - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @oem47.inf,%llmdisp%;Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: myPWT - Service for 'Reflex pro' - Heat exchanger (myPWTNTService.exe) - Unknown owner - c:\program files (x86)\ConSoft\Reflex pro\interfaces\myPWT\myPWTServer\bin\myPWTNTService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8962 bytes

======Listing Processes======

wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {fe58fe24-66d5-4225-a5229b44e88b5b17}
"C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe" C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Windows\system32\hasplms.exe -run
"c:\program files (x86)\ConSoft\Reflex pro\interfaces\myPWT\myPWTServer\bin\myPWTNTService.exe"
"c:\\program files (x86)\\ConSoft\\Reflex pro\\interfaces\\myPWT\\myPWTServer\\bin\\PWT2000ComServ.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
atieclxx
C:\Windows\system32\SearchIndexer.exe /Embedding
taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\System32\WScript.exe" "C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexonX.vbs"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\AIMP\AIMP.exe"
"C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe"
"C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNABFSWK.EXE !hide Canon LBP6020
"C:\Program Files\WindowsApps\Microsoft.WindowsScan_6.3.9654.17133_x64__8wekyb3d8bbwe\ScanApp.exe" -ServerName:App.AppXaxamg5eesqyjpqktbt1zkpbb33rtkxjx.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\totalcmd\TOTALCMD64.EXE"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="3012.3.1248780620\2007373244" "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3012 "\\.\pipe\gecko-crash-server-pipe.3012" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe" --proxy-stub-channel=Flash1320.69584560.1218 --host-broker-channel=Flash1320.69584560.19136 --host-pid=1320 --host-npapi-version=29 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_21_0_0_213.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe" --channel=4920.0114F884.2061594921 --proxy-stub-channel=Flash1320.69584560.1218 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_21_0_0_213.dll" --host-npapi-version=29 --type=renderer
"C:\Program Files\AB Studio\CadkonPlus 2016\2016\ICAD.EXE" "S:\2016\+Soběslav\31_Peterka\RD Peterkovi.dwg" /p "CADKON 2016 (čeština)" /nologo /ld "C:\Program Files\AB Studio\CadkonPlus 2016\ckLoader_3.02_9.irx"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
"E:\Staženo\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\mzdsf0s6.default-1458999893019

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25 553024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-29 901600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25 214080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25 462400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-29 678656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CNAP2 Launcher"=C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2010-10-15 226784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"ABUNINSTALLEX"=c:\programdata\ab studio\ABUnInstallEx.exe [2011-11-21 258048]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-03-24 7139256]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-10-12 767176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ImageBrowser EX Agent.lnk - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe

C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
NexonX.vbs

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2016-05-12 07:05:20 ----D---- C:\rsit
2016-05-12 07:05:20 ----D---- C:\Program Files\trend micro
2016-05-11 13:05:40 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-05-11 13:05:40 ----A---- C:\Windows\system32\rpcrt4.dll
2016-05-11 13:05:36 ----A---- C:\Windows\system32\mshtml.dll
2016-05-11 13:05:34 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-05-11 13:05:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-05-11 13:05:32 ----A---- C:\Windows\system32\ieframe.dll
2016-05-11 13:05:31 ----A---- C:\Windows\system32\jscript9.dll
2016-05-11 13:05:30 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-05-11 13:05:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-05-11 13:05:30 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-05-11 13:05:30 ----A---- C:\Windows\system32\wininet.dll
2016-05-11 13:05:30 ----A---- C:\Windows\system32\urlmon.dll
2016-05-11 13:05:30 ----A---- C:\Windows\system32\jscript.dll
2016-05-11 13:05:30 ----A---- C:\Windows\system32\iertutil.dll
2016-05-11 13:05:29 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-05-11 13:05:29 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-05-11 13:05:29 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-05-11 13:05:29 ----A---- C:\Windows\system32\webcheck.dll
2016-05-11 13:05:29 ----A---- C:\Windows\system32\vbscript.dll
2016-05-11 13:05:29 ----A---- C:\Windows\system32\msfeeds.dll
2016-05-11 13:05:28 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-05-11 13:05:28 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-05-11 13:05:28 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-05-11 13:05:28 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-05-11 13:05:28 ----A---- C:\Windows\system32\inetcomm.dll
2016-05-11 13:05:28 ----A---- C:\Windows\system32\iedkcs32.dll
2016-05-11 13:05:28 ----A---- C:\Windows\system32\ieapfltr.dll
2016-05-11 13:05:28 ----A---- C:\Windows\system32\ie4uinit.exe
2016-05-11 13:05:27 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-05-11 13:04:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-05-11 13:04:15 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-05-11 13:04:15 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-05-11 13:04:15 ----A---- C:\Windows\system32\schannel.dll
2016-05-11 13:04:15 ----A---- C:\Windows\system32\ncrypt.dll
2016-05-11 13:04:15 ----A---- C:\Windows\system32\lsasrv.dll
2016-05-11 13:04:15 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-05-11 13:04:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-05-11 13:04:15 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-05-11 13:04:15 ----A---- C:\Windows\system32\drivers\cng.sys
2016-05-11 13:04:15 ----A---- C:\Windows\system32\certcli.dll
2016-05-11 13:04:13 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-05-11 13:04:13 ----A---- C:\Windows\SYSWOW64\Windows.UI.dll
2016-05-11 13:04:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2016-05-11 13:04:13 ----A---- C:\Windows\system32\Windows.UI.dll
2016-05-11 13:04:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-05-11 13:04:08 ----A---- C:\Windows\SYSWOW64\dsparse.dll
2016-05-11 13:04:08 ----A---- C:\Windows\system32\dsparse.dll
2016-05-11 13:04:07 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-05-11 13:04:07 ----A---- C:\Windows\system32\gdi32.dll
2016-05-11 13:04:06 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2016-05-11 13:04:06 ----A---- C:\Windows\system32\d3d10level9.dll
2016-05-11 13:04:05 ----A---- C:\Windows\SYSWOW64\webio.dll
2016-05-11 13:04:05 ----A---- C:\Windows\SYSWOW64\IPHLPAPI.DLL
2016-05-11 13:04:05 ----A---- C:\Windows\system32\webio.dll
2016-05-11 13:04:05 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2016-05-11 13:04:05 ----A---- C:\Windows\system32\drivers\tcpip.sys
2016-05-11 13:04:03 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2016-05-11 13:04:03 ----A---- C:\Windows\system32\rdpudd.dll
2016-05-11 13:04:03 ----A---- C:\Windows\system32\rdpcorets.dll
2016-05-11 13:04:03 ----A---- C:\Windows\system32\rdpcore.dll
2016-05-11 13:04:03 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-05-11 13:04:02 ----A---- C:\Windows\SYSWOW64\shacct.dll
2016-05-11 13:04:02 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-05-11 13:04:02 ----A---- C:\Windows\system32\shacct.dll
2016-05-11 13:04:02 ----A---- C:\Windows\system32\msv1_0.dll
2016-05-11 13:04:02 ----A---- C:\Windows\system32\dpapisrv.dll
2016-05-11 13:04:01 ----A---- C:\Windows\system32\drivers\volsnap.sys
2016-05-11 13:04:01 ----A---- C:\Windows\system32\drivers\volmgr.sys
2016-05-11 13:03:48 ----A---- C:\Windows\system32\win32k.sys
2016-05-05 21:50:10 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-04-27 11:17:58 ----D---- C:\ProgramData\ATI
2016-04-27 10:00:47 ----D---- C:\Users\Jan\AppData\Roaming\PDF Architect 4
2016-04-27 09:57:41 ----D---- C:\ProgramData\PDF Architect 4
2016-04-27 09:57:27 ----D---- C:\Program Files\PDFCreator
2016-04-25 20:28:11 ----DC---- C:\Windows\system32\DRVSTORE
2016-04-25 20:27:19 ----D---- C:\ProgramData\Soluto
2016-04-25 20:23:08 ----HD---- C:\$SysReset
2016-04-25 20:15:12 ----D---- C:\Users\Jan\AppData\Roaming\AMD
2016-04-25 19:48:44 ----D---- C:\Users\Jan\AppData\Roaming\ATI
2016-04-25 19:45:31 ----D---- C:\Program Files\Common Files\ATI Technologies
2016-04-25 19:44:54 ----D---- C:\Program Files (x86)\AMD
2016-04-25 07:31:20 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-64.dll
2016-04-18 17:57:51 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2016-04-18 17:57:51 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2016-04-18 17:57:51 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2016-04-18 17:57:51 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2016-04-18 17:57:51 ----A---- C:\Windows\system32\XAudio2_1.dll
2016-04-18 17:57:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2016-04-18 17:57:51 ----A---- C:\Windows\system32\xactengine3_1.dll
2016-04-18 17:57:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2016-04-18 17:57:50 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2016-04-18 17:57:50 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2016-04-18 17:57:50 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2016-04-18 17:57:50 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2016-04-18 17:57:50 ----A---- C:\Windows\system32\XAudio2_0.dll
2016-04-18 17:57:50 ----A---- C:\Windows\system32\xactengine3_0.dll
2016-04-18 17:57:50 ----A---- C:\Windows\system32\D3DX9_38.dll
2016-04-18 17:57:50 ----A---- C:\Windows\system32\d3dx10_38.dll
2016-04-18 17:57:50 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2016-04-18 17:57:49 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2016-04-18 17:57:49 ----A---- C:\Windows\system32\xactengine2_10.dll
2016-04-18 17:57:49 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2016-04-18 17:57:49 ----A---- C:\Windows\system32\D3DX9_37.dll
2016-04-18 17:57:49 ----A---- C:\Windows\system32\d3dx10_37.dll
2016-04-18 17:57:49 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2016-04-18 17:57:48 ----A---- C:\Windows\system32\d3dx9_36.dll
2016-04-18 17:57:48 ----A---- C:\Windows\system32\d3dx10_36.dll
2016-04-18 17:57:48 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2016-04-18 17:57:47 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2016-04-18 17:57:47 ----A---- C:\Windows\system32\xactengine2_9.dll
2016-04-18 17:57:47 ----A---- C:\Windows\system32\d3dx10_35.dll
2016-04-18 17:57:47 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2016-04-18 17:57:46 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2016-04-18 17:57:46 ----A---- C:\Windows\system32\xactengine2_8.dll
2016-04-18 17:57:46 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2016-04-18 17:57:46 ----A---- C:\Windows\system32\d3dx9_34.dll
2016-04-18 17:57:46 ----A---- C:\Windows\system32\d3dx10_34.dll
2016-04-18 17:57:46 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2016-04-18 17:57:45 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2016-04-18 17:57:45 ----A---- C:\Windows\system32\xactengine2_7.dll
2016-04-18 17:57:45 ----A---- C:\Windows\system32\d3dx10_33.dll
2016-04-18 17:57:45 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2016-04-18 17:57:44 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2016-04-18 17:57:44 ----A---- C:\Windows\system32\xactengine2_6.dll
2016-04-18 17:57:44 ----A---- C:\Windows\system32\d3dx9_33.dll
2016-04-18 17:57:43 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2016-04-18 17:57:43 ----A---- C:\Windows\system32\x3daudio1_1.dll
2016-04-15 17:09:27 ----D---- C:\Users\Jan\AppData\Roaming\library_dir
2016-04-15 17:09:21 ----D---- C:\Program Files (x86)\Raptr Inc
2016-04-13 07:58:36 ----A---- C:\Windows\SYSWOW64\mfmp4srcsnk.dll
2016-04-13 07:58:36 ----A---- C:\Windows\system32\mfmp4srcsnk.dll
2016-04-13 07:58:35 ----A---- C:\Windows\system32\drivers\rasl2tp.sys
2016-04-13 07:58:29 ----A---- C:\Windows\system32\samsrv.dll
2016-04-13 07:58:28 ----A---- C:\Windows\SYSWOW64\samlib.dll
2016-04-13 07:58:28 ----A---- C:\Windows\system32\samlib.dll
2016-04-13 07:57:57 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2016-04-13 07:57:57 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-04-13 07:57:57 ----A---- C:\Windows\system32\iepeers.dll
2016-04-13 07:57:57 ----A---- C:\Windows\system32\dxtrans.dll
2016-04-13 07:57:56 ----A---- C:\Windows\system32\mshtmled.dll
2016-04-13 07:56:45 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2016-04-13 07:56:45 ----A---- C:\Windows\system32\msxml3.dll
2016-04-13 07:56:44 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-04-13 07:56:44 ----A---- C:\Windows\system32\ole32.dll
2016-04-13 07:56:42 ----A---- C:\Windows\system32\rpcss.dll
2016-04-13 07:56:41 ----A---- C:\Windows\system32\drivers\vpci.sys
2016-04-13 07:56:40 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2016-04-13 07:56:40 ----A---- C:\Windows\system32\IKEEXT.DLL
2016-04-13 07:56:40 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2016-04-13 07:56:40 ----A---- C:\Windows\system32\BFE.DLL
2016-04-13 07:56:39 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2016-04-13 07:56:39 ----A---- C:\Windows\system32\nshwfp.dll
2016-04-13 07:56:38 ----A---- C:\Windows\system32\workfolderssvc.dll
2016-04-13 07:56:38 ----A---- C:\Windows\system32\WorkfoldersControl.dll
2016-04-13 07:56:36 ----A---- C:\Windows\system32\VSSVC.exe
2016-04-13 07:56:34 ----A---- C:\Windows\system32\ntdll.dll
2016-04-13 07:56:33 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-04-13 07:56:32 ----A---- C:\Windows\system32\winresume.exe
2016-04-13 07:56:32 ----A---- C:\Windows\system32\winload.exe
2016-04-13 07:56:32 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-04-13 07:56:30 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2016-04-13 07:56:30 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2016-04-13 07:56:30 ----A---- C:\Windows\SYSWOW64\WsmAuto.dll
2016-04-13 07:56:30 ----A---- C:\Windows\SYSWOW64\WsmAgent.dll
2016-04-13 07:56:30 ----A---- C:\Windows\system32\WsmWmiPl.dll
2016-04-13 07:56:30 ----A---- C:\Windows\system32\WsmSvc.dll
2016-04-13 07:56:30 ----A---- C:\Windows\system32\WsmAuto.dll
2016-04-13 07:56:30 ----A---- C:\Windows\system32\WsmAgent.dll
2016-04-13 07:56:30 ----A---- C:\Windows\system32\drivers\storport.sys
2016-04-13 07:56:29 ----A---- C:\Windows\SYSWOW64\dhcpsapi.dll
2016-04-13 07:56:29 ----A---- C:\Windows\system32\shell32.dll
2016-04-13 07:56:29 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys
2016-04-13 07:56:29 ----A---- C:\Windows\system32\dhcpsapi.dll
2016-04-13 07:56:28 ----A---- C:\Windows\system32\twinui.dll
2016-04-13 07:56:27 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-04-13 07:56:26 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-04-13 07:56:26 ----A---- C:\Windows\SYSWOW64\explorer.exe
2016-04-13 07:56:26 ----A---- C:\Windows\explorer.exe
2016-04-13 07:56:25 ----A---- C:\Windows\SYSWOW64\twinui.appcore.dll
2016-04-13 07:56:25 ----A---- C:\Windows\SYSWOW64\themecpl.dll
2016-04-13 07:56:25 ----A---- C:\Windows\SYSWOW64\SettingSyncCore.dll
2016-04-13 07:56:25 ----A---- C:\Windows\SYSWOW64\SettingSync.dll
2016-04-13 07:56:25 ----A---- C:\Windows\SYSWOW64\hgcpl.dll
2016-04-13 07:56:25 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\usercpl.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\twinui.appcore.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\themecpl.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-04-13 07:56:25 ----A---- C:\Windows\system32\stobject.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\SettingSyncHost.exe
2016-04-13 07:56:25 ----A---- C:\Windows\system32\SettingSyncCore.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\SettingSync.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\SettingsHandlers.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\SettingMonitor.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\hgcpl.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\ExplorerFrame.dll
2016-04-13 07:56:25 ----A---- C:\Windows\system32\AppXDeploymentExtensions.dll
2016-04-13 07:56:24 ----A---- C:\Windows\SYSWOW64\usercpl.dll
2016-04-13 07:56:24 ----A---- C:\Windows\SYSWOW64\stobject.dll
2016-04-13 07:56:24 ----A---- C:\Windows\SYSWOW64\SettingSyncHost.exe
2016-04-13 07:56:24 ----A---- C:\Windows\SYSWOW64\SettingMonitor.dll
2016-04-13 07:56:24 ----A---- C:\Windows\system32\AppXDeploymentServer.dll
2016-04-13 07:56:23 ----A---- C:\Windows\SYSWOW64\storagewmi.dll
2016-04-13 07:56:23 ----A---- C:\Windows\system32\storagewmi.dll
2016-04-13 07:56:21 ----A---- C:\Windows\system32\wbengine.exe
2016-04-13 07:56:21 ----A---- C:\Windows\system32\invagent.dll
2016-04-13 07:56:21 ----A---- C:\Windows\system32\generaltel.dll
2016-04-13 07:56:21 ----A---- C:\Windows\system32\devinv.dll
2016-04-13 07:56:21 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-04-13 07:56:21 ----A---- C:\Windows\system32\appraiser.dll
2016-04-13 07:56:21 ----A---- C:\Windows\system32\aepic.dll
2016-04-13 07:56:21 ----A---- C:\Windows\system32\aeinv.dll
2016-04-13 07:56:21 ----A---- C:\Windows\system32\acmigration.dll
2016-04-13 07:56:20 ----A---- C:\Windows\system32\basesrv.dll
2016-04-13 07:56:19 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeui.exe
2016-04-13 07:56:19 ----A---- C:\Windows\system32\drivers\vhdmp.sys
2016-04-13 07:56:19 ----A---- C:\Windows\system32\drivers\disk.sys
2016-04-13 07:56:18 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-04-13 07:56:18 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-04-13 07:56:18 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-04-13 07:56:18 ----A---- C:\Windows\system32\mtxoci.dll
2016-04-13 07:56:18 ----A---- C:\Windows\system32\KernelBase.dll

======List of files/folders modified in the last 1 month======

2016-05-12 07:05:20 ----RD---- C:\Program Files
2016-05-12 07:00:34 ----RD---- C:\Program Files (x86)
2016-05-12 07:00:00 ----D---- C:\Windows\system32\sru
2016-05-12 06:58:31 ----RSD---- C:\Windows\assembly
2016-05-12 06:53:40 ----D---- C:\Windows\Microsoft.NET
2016-05-12 06:32:37 ----D---- C:\Users\Jan\AppData\Roaming\AIMP
2016-05-12 06:31:38 ----D---- C:\Windows\Prefetch
2016-05-12 06:11:18 ----D---- C:\Windows\Temp
2016-05-12 05:44:31 ----RD---- C:\Windows\System32
2016-05-12 05:44:30 ----D---- C:\Windows\Inf
2016-05-12 05:44:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-05-12 05:40:33 ----D---- C:\Windows\system32\config
2016-05-12 05:40:31 ----D---- C:\Windows\WinSxS
2016-05-12 05:40:28 ----D---- C:\Windows\system32\drivers
2016-05-12 05:39:02 ----D---- C:\Windows\SysWOW64
2016-05-12 05:39:02 ----D---- C:\Windows\system32\wbem
2016-05-12 05:39:02 ----D---- C:\Windows\system32\drivers\cs-CZ
2016-05-12 05:39:02 ----D---- C:\Program Files\Internet Explorer
2016-05-12 05:39:02 ----D---- C:\Program Files (x86)\Internet Explorer
2016-05-12 05:39:01 ----D---- C:\Windows\system32\cs-CZ
2016-05-12 05:39:01 ----D---- C:\Program Files\Windows Journal
2016-05-12 05:39:00 ----D---- C:\Windows\SYSWOW64\wbem
2016-05-12 05:39:00 ----D---- C:\Windows\system32\DriverStore
2016-05-12 03:23:09 ----SHD---- C:\System Volume Information
2016-05-11 23:26:25 ----D---- C:\Windows\CbsTemp
2016-05-11 23:25:39 ----SHD---- C:\Windows\Installer
2016-05-11 23:25:26 ----D---- C:\ProgramData\Microsoft Help
2016-05-11 23:23:49 ----D---- C:\Windows\system32\MRT
2016-05-11 23:16:10 ----A---- C:\Windows\system32\MRT.exe
2016-05-11 23:15:52 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-05-11 19:22:36 ----D---- C:\Windows\system32\Tasks
2016-05-11 13:00:59 ----D---- C:\Windows\system32\catroot2
2016-05-09 07:53:25 ----HD---- C:\Program Files\WindowsApps
2016-05-09 07:53:25 ----D---- C:\Windows\AppReadiness
2016-05-08 18:33:12 ----HD---- C:\ProgramData
2016-05-08 08:51:42 ----SD---- C:\Users\Jan\AppData\Roaming\Microsoft
2016-05-07 17:25:09 ----D---- C:\Users\Jan\AppData\Roaming\FileZilla
2016-05-07 09:27:30 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 05:37:08 ----SD---- C:\Windows\SYSWOW64\GWX
2016-05-06 05:37:08 ----SD---- C:\Windows\system32\GWX
2016-05-05 08:53:40 ----D---- C:\ProgramData\Package Cache
2016-05-05 07:34:50 ----D---- C:\Windows\system32\appraiser
2016-05-05 07:20:07 ----D---- C:\Windows
2016-05-03 11:47:42 ----D---- C:\Windows\system32\NDF
2016-05-03 03:15:48 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-28 17:22:50 ----D---- C:\Program Files (x86)\Mobirise
2016-04-27 10:00:49 ----D---- C:\Program Files (x86)\Common Files
2016-04-27 09:57:39 ----A---- C:\Windows\system32\pdfcmon.dll
2016-04-27 02:49:57 ----D---- C:\Windows\debug
2016-04-26 12:04:57 ----D---- C:\Program Files (x86)\AIMP
2016-04-26 11:12:52 ----D---- C:\Program Files\AMD
2016-04-26 11:11:43 ----D---- C:\Windows\system32\catroot
2016-04-26 11:09:21 ----D---- C:\AMD
2016-04-25 21:12:19 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin
2016-04-25 20:07:34 ----D---- C:\Users\Jan\AppData\Roaming\AB Studio
2016-04-25 20:06:56 ----D---- C:\Program Files\AB Studio
2016-04-25 20:06:05 ----D---- C:\ProgramData\AB Studio
2016-04-25 19:45:31 ----D---- C:\Program Files\Common Files
2016-04-25 19:36:44 ----D---- C:\ProgramData\AMD
2016-04-25 19:30:11 ----D---- C:\Windows\Logs
2016-04-25 07:32:57 ----D---- C:\ProgramData\Oracle
2016-04-25 07:31:29 ----D---- C:\Program Files (x86)\Java
2016-04-25 07:31:18 ----D---- C:\Program Files\Java
2016-04-25 07:28:53 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2016-04-25 07:25:58 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-04-25 07:23:59 ----D---- C:\Windows\LiveKernelReports
2016-04-19 09:43:33 ----D---- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
2016-04-19 09:41:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-04-17 07:34:15 ----D---- C:\Windows\rescache
2016-04-14 20:56:43 ----D---- C:\Windows\apppatch
2016-04-14 20:56:42 ----RD---- C:\Windows\ToastData
2016-04-14 20:56:41 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmafd;@oem4.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter; C:\Windows\System32\drivers\amdkmafd.sys [2012-09-23 21160]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-29 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-29 287016]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-03-11 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-29 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-03-09 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-29 463744]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2015-09-23 109200]
R2 aksfridge;@oem47.inf,%AksFridgeServiceDisp%;Sentinel Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2015-09-23 205528]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-29 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-03-09 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-29 165344]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2015-09-23 350552]
R3 akshasp;@oem46.inf,%svcdesc%;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2015-09-23 77912]
R3 akshhl;@oem47.inf,%svcdesc%;SafeNet Inc. Sentinel HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2015-09-23 81368]
R3 aksusb;@oem45.inf,%svcdesc%;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2015-09-23 322560]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-10-12 21659136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-10-12 666112]
R3 AtiHDAudioService;@oem6.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWB6.sys [2015-07-15 102912]
R3 dot4;@oem23.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
R3 Dot4Print;@oem24.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\Windows\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
R3 dot4usb;@oem23.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
R3 dtsoftbus01;@oem10.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2015-02-07 283064]
R3 MTsensor;@oem8.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2013-05-17 17280]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\System32\drivers\usbscan.sys [2014-10-29 44544]
S2 multikey;@oem17.inf,%mkey.SVCDESC%;Virtual USB MultiKey; C:\Windows\System32\drivers\multikey.sys [2012-11-07 67584]
S3 cpuz136;cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys []
S3 Hamachi;LogMeIn Hamachi Virtual Miniport); C:\Windows\system32\DRIVERS\Hamdrv.sys [2016-04-05 45680]
S3 netr7364;@netr7364.inf,%General.Service.DispName%;RT73 USB - ovladač rozšiřitelné karty pro bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\netr7364.sys [2013-06-18 729152]
S3 WinUsb;@winusb.inf,%WinUSB_SvcDesc%;Ovladač WinUsb; C:\Windows\System32\drivers\WinUsb.sys [2015-10-10 78848]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-04-22 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-10-12 246784]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-10-12 351944]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-29 237096]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 DraftSight API Service;DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2015-09-02 123904]
R2 hasplms;@oem47.inf,%llmdisp%;Sentinel LDK License Manager; C:\Windows\system32\hasplms.exe [2015-09-23 4665168]
R2 myPWTNTService.exe;myPWT - Service for 'Reflex pro' - Heat exchanger; c:\program files (x86)\ConSoft\Reflex pro\interfaces\myPWT\myPWTServer\bin\myPWTNTService.exe [2013-05-28 77824]
R3 AbSoftMgr4;AbSoftMgr4; C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe [2015-06-29 2410248]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2016-01-24 1484080]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2016-04-01 1064752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-05-05 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

-----------------EOF-----------------

#4 Příspěvek od **Márty84** » 13 kvě 2016 07:02

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

praclovicek · #5 Příspěvek od **praclovicek** » 13 kvě 2016 10:36

Log z AdwCleaner

# AdwCleaner v5.116 - Log soubor vytvořen 13/05/2016 o 11:29:16
# Aktualizováno 09/05/2016 by Xplode
# Databáze : 2016-05-13.1 [Server]
# Operační systém : Windows 8.1 (X64)
# Jméno uživatele : Jan - KANCELAR
# Spuštěno z : E:\Staženo\adwcleaner_5.116.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka smazáno : C:\ProgramData\665d8a65-1f01-0
[-] Složka smazáno : C:\ProgramData\665d8a65-7a61-1
[-] Složka smazáno : C:\ProgramData\767b235d
[-] Složka smazáno : C:\ProgramData\{0834a16f-012c-0}
[-] Složka smazáno : C:\ProgramData\{0c77c7b2-012c-1}
[#] Složka smazáno : C:\ProgramData\Application Data\665d8a65-1f01-0
[#] Složka smazáno : C:\ProgramData\Application Data\665d8a65-7a61-1
[#] Složka smazáno : C:\ProgramData\Application Data\767b235d
[#] Složka smazáno : C:\ProgramData\Application Data\{0834a16f-012c-0}
[#] Složka smazáno : C:\ProgramData\Application Data\{0c77c7b2-012c-1}

***** [ Soubory ] *****

[-] Soubor smazáno : C:\Windows\SysNative\roboot64.exe

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úkoly ] *****

***** [ Registr ] *****

[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{767b235d}
[-] Klávesa smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Klávesa smazáno : HKCU\Software\APN PIP
[-] Klávesa smazáno : HKCU\Software\TNT2
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Obnoveno : HKU\S-1-5-21-3900215428-2688609332-2147277449-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{675FF53F-2F4E-4823-A97F-B8D1A282F763}
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Obnoveno : HKU\S-1-5-21-3900215428-2688609332-2147277449-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Obnoveno : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{567BA119-BDC8-4336-87A0-2EDC5D0D283A} [NameServer]

***** [ Webové prohlížeče ] *****

[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\mzdsf0s6.default-1458999893019\prefs.js] smazáno : user_pref("browser.search.selectedEngine", "eShield Safe Web");

*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5223 bytes] - [13/05/2016 11:29:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [5774 bytes] - [13/05/2016 11:20:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5369 bytes] ##########

#6 Příspěvek od **Márty84** » 13 kvě 2016 20:37

Fajn, jeste MBAM a pak uvidime co dal

praclovicek · #7 Příspěvek od **praclovicek** » 14 kvě 2016 06:26

MBAM log

Datum skenování: 13. 5. 2016
Čas skenování: 18:47
Protokol: MBAM log.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.05.13.04
Databáze rootkitů: v2016.05.06.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Jan

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 821937
Uplynulý čas: 3 hod, 18 min, 13 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, , [264221b4fc9d082ebace6b01ab57b24e],
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, , [4b1d9f36d0c953e3e29f335c1de6f20e],
PUP.Optional.TNT, HKU\S-1-5-21-3900215428-2688609332-2147277449-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B39C3212-7685-4332-88D2-8C839FD8DE88}, , [2c3c07ce0a8faf874648a3ec63a0ee12],

Hodnoty registru: 1
PUP.Optional.TNT, HKU\S-1-5-21-3900215428-2688609332-2147277449-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B39C3212-7685-4332-88D2-8C839FD8DE88}|OSDFileURL, file:///C:/Users/Jan/AppData/Local/TNT2/Profiles/11433/yah11433.xml, , [2c3c07ce0a8faf874648a3ec63a0ee12]

Data registru: 2
PUP.Optional.eShield, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://services.eshield.com/general/new ... E7BAD7}&i=, Dobré: (www.google.com), Špatné: (http://services.eshield.com/general/new ... E7BAD7}&i=),,[d593d401772285b1fcc0f64d877de719]
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Dobré: (8.8.8.8), Špatné: (82.163.142.7 95.211.158.134),,[83e55c791881102622405aeb48bc14ec]

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
PUP.Optional.APNToolBar, C:\Users\Jan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\stub_data\askrt_en.cab, , [9ace06cf3a5f7eb81042c55da061f808],
PUP.Optional.OpenCandy, E:\Prace\Podklady pro projektovani\Programy\System\Daemon Tools\DTLite4491-0356.exe, , [472120b57b1e16201479a1b4a46056aa],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#8 Příspěvek od **Márty84** » 14 kvě 2016 06:34

Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

praclovicek · #9 Příspěvek od **praclovicek** » 14 kvě 2016 07:14

Zavřel jsem MBAM, takže tu možnost vymazat ty nálezy nemám, musím nechat znovu proběhnout scan nebo to lze nějak nastavit v tom programku, např. načíst nějak ten txt soubor?

#10 Příspěvek od **Márty84** » 14 kvě 2016 08:58

Nacist ten textak jde, ale nalezy odstranit uz ne. Musite test zopakovat. Muzete zkusit jen Sken hrozeb, je rychlejsi. Pokud najde vsechny nalezy v registrech, bude to stacit. Nalezene soubory pak uz smaznu skriptem.

praclovicek · #11 Příspěvek od **praclovicek** » 16 kvě 2016 09:40

Dobrý den, tak vše vyčištěno, teď už to nic nenalezlo.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 16. 5. 2016
Čas skenování: 7:34
Protokol: mbam_vycisteno.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.05.16.01
Databáze rootkitů: v2016.05.06.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Jan

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 746274
Uplynulý čas: 2 hod, 53 min, 35 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#12 Příspěvek od **Márty84** » 16 kvě 2016 18:57

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

17.7. pro neaktivitu

http://forum.viry.cz/viewtopic.php?f=12&t=123975

VIRY.CZ

Preventivka

Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka