VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podozrenie na haved,preventivka

https://forum.viry.cz:443/viewtopic.php?t=149816

Stránka 1 z 1

Podozrenie na haved,preventivka

Napsal: 24 srp 2016 17:10
od citizen
Cau,vsimol som si ze mi ghostery prestal blokovat alebo neblokuje uplne iste druhy reklam. Dva mesiace,mozno dozadu mi avira nieco nasla a mazala.
Chcel by som poprosit o kontrolo logu

Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2016-08-24 18:01:00
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 42 GB (41%) free of 104 GB
Total RAM: 8132 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:03, on 24. 8. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
F:\Steam\Steam.exe
F:\Steam\bin\steamwebhelper.exe
F:\Steam\bin\steamwebhelper.exe
C:\Program Files\trend micro\Martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ACP User Service (amdacpusrsvc) - Advanced Micro Devices - C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Users\Public\Desktop\Origin\OriginClientService.exe
O23 - Service: Plays.tv Update Service (PlaysService) - Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7797 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe"
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe" --log_to_file --from_stub --startup
raptr_im.exe
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr_ep64.exe" 2852
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_00000788
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
"C:\Windows\system32\wuauclt.exe"
F:\Steam\Steam.exe
F:\Steam\bin\steamwebhelper.exe "-cachedir=C:\Users\Martin\AppData\Local\Steam\htmlcache" "-steampid=1084" "-buildid=1471977975" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --enable-system-flash --disable-spell-checking --enable-widevine-cdm --enable-direct-write
"F:\Steam\bin\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --enable-pinch --lang=en-US --lang=en-US --log-file="F:\Steam\bin\debug.log" --product-version="Valve Steam Client" --disable-spell-checking --enable-system-flash --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="1720.0.1796542735\742609308" --font-cache-shared-handle=1196 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Martin\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ss8nayk4.default-1470506759666

prefs.js - "browser.startup.homepage" - "https://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21 551520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21 212576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}]
AviraBrowserSafety.BrowserSafety - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCN"=C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [2016-07-18 6626696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2016-07-28 831064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe [2016-08-05 58640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-26 14030080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-07-28 53655680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-06-08 334896]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-07-25 66328]
"avgnt"=C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2016-07-28 831064]
"Raptr"=C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe [2016-08-05 58640]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-08-24 18:01:00 ----D---- C:\rsit
2016-08-24 18:01:00 ----D---- C:\Program Files\trend micro
2016-08-23 17:43:57 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-08-22 17:16:29 ----A---- C:\Windows\ntbtlog.txt
2016-08-20 09:47:56 ----D---- C:\Users\Martin\AppData\Roaming\Raptr
2016-08-20 09:47:56 ----D---- C:\Program Files (x86)\Raptr
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\wdigest.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\TSpkg.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\sspisrv.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\sspicli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\schannel.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\secur32.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\rpchttp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\rpcrt4.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\ncrypt.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\msv1_0.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\msobjs.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\msaudite.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\lsass.exe
2016-08-19 20:05:23 ----A---- C:\Windows\system32\lsasrv.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\kerberos.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\cryptbase.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\credssp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\certcli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\auditpol.exe
2016-08-19 20:05:23 ----A---- C:\Windows\system32\adtschema.dll
2016-08-19 20:05:21 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-08-19 20:05:21 ----A---- C:\Windows\system32\tzres.dll
2016-08-19 20:04:38 ----A---- C:\Windows\system32\win32k.sys
2016-08-02 18:25:39 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2016-08-02 18:25:39 ----A---- C:\Windows\system32\WMPhoto.dll
2016-08-01 18:19:51 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2016-08-01 18:19:51 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2016-08-01 18:19:51 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2016-08-01 18:19:51 ----A---- C:\Windows\system32\msxml3r.dll
2016-08-01 18:19:51 ----A---- C:\Windows\system32\msxml3.dll
2016-08-01 18:19:51 ----A---- C:\Windows\system32\InkEd.dll
2016-08-01 18:19:50 ----A---- C:\Windows\system32\shell32.dll
2016-08-01 18:19:49 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-08-01 18:19:49 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2016-08-01 18:19:49 ----A---- C:\Windows\system32\ExplorerFrame.dll
2016-08-01 18:19:48 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2016-08-01 18:19:48 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-08-01 18:19:48 ----A---- C:\Windows\system32\cdd.dll
2016-08-01 18:19:46 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2016-08-01 18:19:46 ----A---- C:\Windows\system32\FntCache.dll
2016-08-01 18:19:46 ----A---- C:\Windows\system32\DWrite.dll
2016-08-01 18:19:45 ----A---- C:\Windows\SYSWOW64\user32.dll
2016-08-01 18:19:45 ----A---- C:\Windows\system32\user32.dll
2016-08-01 18:19:43 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2016-08-01 18:19:43 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2016-08-01 18:19:43 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2016-08-01 18:19:43 ----A---- C:\Windows\system32\wshrm.dll
2016-08-01 18:19:43 ----A---- C:\Windows\system32\WebClnt.dll
2016-08-01 18:19:43 ----A---- C:\Windows\system32\drivers\rmcast.sys
2016-08-01 18:19:43 ----A---- C:\Windows\system32\davclnt.dll
2016-08-01 18:19:42 ----A---- C:\Windows\system32\samsrv.dll
2016-08-01 18:19:41 ----A---- C:\Windows\SYSWOW64\samlib.dll
2016-08-01 18:19:41 ----A---- C:\Windows\system32\samlib.dll
2016-08-01 18:19:40 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2016-08-01 18:19:40 ----A---- C:\Windows\system32\d2d1.dll
2016-08-01 18:19:35 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-08-01 18:19:35 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-08-01 18:19:35 ----A---- C:\Windows\system32\mtxoci.dll
2016-08-01 18:19:35 ----A---- C:\Windows\system32\EncDec.dll
2016-08-01 18:19:35 ----A---- C:\Windows\system32\CPFilters.dll
2016-08-01 18:19:34 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-08-01 18:19:34 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-08-01 18:19:25 ----A---- C:\Windows\system32\wmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\wmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2016-08-01 18:19:24 ----A---- C:\Windows\system32\wmploc.DLL
2016-08-01 18:19:24 ----A---- C:\Windows\system32\spwmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\system32\dxmasf.dll
2016-08-01 18:19:23 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-08-01 18:19:23 ----A---- C:\Windows\system32\WindowsCodecs.dll
2016-08-01 18:17:32 ----A---- C:\Windows\system32\ole32.dll
2016-08-01 18:17:31 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-08-01 18:17:18 ----A---- C:\Windows\system32\sysmain.dll
2016-08-01 18:17:18 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2016-08-01 18:17:17 ----A---- C:\Windows\system32\msmmsp.dll
2016-08-01 18:17:09 ----A---- C:\Windows\system32\drivers\srv2.sys
2016-08-01 18:17:09 ----A---- C:\Windows\system32\drivers\srv.sys
2016-08-01 18:17:08 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2016-08-01 18:17:08 ----A---- C:\Windows\system32\drivers\srvnet.sys
2016-08-01 18:17:08 ----A---- C:\Windows\system32\drivers\cng.sys
2016-08-01 18:17:08 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-08-01 18:17:06 ----A---- C:\Windows\system32\wksprt.exe
2016-08-01 18:17:06 ----A---- C:\Windows\system32\mstscax.dll
2016-08-01 18:17:05 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2016-08-01 18:17:05 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2016-08-01 18:17:05 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2016-08-01 18:17:05 ----A---- C:\Windows\system32\tsgqec.dll
2016-08-01 18:17:05 ----A---- C:\Windows\system32\rdvidcrl.dll
2016-08-01 18:16:58 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\WMADMOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\MSMPEG2ENC.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\msmpeg2adec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\system32\mf.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMVSDECD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMVENCOD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMSPDMOD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMADMOE.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\mf.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\evr.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\COLORCNV.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\wmpmde.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\quartz.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\mcmde.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\evr.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\WMVXENCD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\WMVSENCD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\WMSPDMOE.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\VIDRESZR.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\RESAMPLEDMO.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\quartz.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\qasf.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MPG4DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MP4SDECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MP43DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MP3DMOD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MFWMAAEC.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfvdsp.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfps.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mferror.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\ksuser.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\devenum.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\SysFxUI.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\rrinstaller.exe
2016-08-01 18:16:55 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\qdvd.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\qasf.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfvdsp.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfps.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfpmp.exe
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfplat.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mferror.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\ksuser.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\drivers\portcls.sys
2016-08-01 18:16:55 ----A---- C:\Windows\system32\drivers\drmkaud.sys
2016-08-01 18:16:55 ----A---- C:\Windows\system32\drivers\drmk.sys
2016-08-01 18:16:55 ----A---- C:\Windows\system32\devenum.dll
2016-08-01 18:16:53 ----A---- C:\Windows\SYSWOW64\mapistub.dll
2016-08-01 18:16:53 ----A---- C:\Windows\SYSWOW64\mapi32.dll
2016-08-01 18:16:53 ----A---- C:\Windows\SYSWOW64\fixmapi.exe
2016-08-01 18:16:53 ----A---- C:\Windows\system32\mapistub.dll
2016-08-01 18:16:53 ----A---- C:\Windows\system32\mapi32.dll
2016-08-01 18:16:53 ----A---- C:\Windows\system32\fixmapi.exe
2016-08-01 18:16:50 ----A---- C:\Windows\system32\basesrv.dll
2016-08-01 18:16:44 ----A---- C:\Windows\system32\schedsvc.dll
2016-08-01 18:16:43 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2016-08-01 18:16:43 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2016-08-01 18:16:43 ----A---- C:\Windows\system32\msxml6r.dll
2016-08-01 18:16:43 ----A---- C:\Windows\system32\msxml6.dll
2016-08-01 18:16:41 ----A---- C:\Windows\SYSWOW64\usp10.dll
2016-08-01 18:16:41 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2016-08-01 18:16:41 ----A---- C:\Windows\system32\usp10.dll
2016-08-01 18:16:41 ----A---- C:\Windows\system32\oleaut32.dll
2016-08-01 18:16:40 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2016-08-01 18:16:40 ----A---- C:\Windows\system32\asycfilt.dll
2016-08-01 18:16:39 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-08-01 18:16:39 ----A---- C:\Windows\SYSWOW64\ntprint.exe
2016-08-01 18:16:39 ----A---- C:\Windows\SYSWOW64\ntprint.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\wpnpinst.exe
2016-08-01 18:16:39 ----A---- C:\Windows\system32\win32spl.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\ntprint.exe
2016-08-01 18:16:39 ----A---- C:\Windows\system32\ntprint.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\localspl.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\inetppui.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\inetpp.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2016-08-01 18:16:38 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\winipsec.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\polstore.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpscript.exe
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpscript.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpprefcl.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpapi.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\FwRemoteSvr.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\winipsec.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\polstore.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\IPSECSVC.DLL
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpsvc.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpscript.exe
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpscript.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpprefcl.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpapi.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2016-08-01 18:15:11 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2016-08-01 18:15:11 ----A---- C:\Windows\system32\d3d10warp.dll
2016-08-01 18:15:09 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\rdpudd.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\rdpcorets.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\d3d10level9.dll
2016-08-01 18:15:07 ----A---- C:\Windows\SYSWOW64\qedit.dll
2016-08-01 18:15:07 ----A---- C:\Windows\SYSWOW64\notepad.exe
2016-08-01 18:15:07 ----A---- C:\Windows\system32\qedit.dll
2016-08-01 18:15:07 ----A---- C:\Windows\system32\notepad.exe
2016-08-01 18:15:07 ----A---- C:\Windows\system32\drivers\tdx.sys
2016-08-01 18:15:07 ----A---- C:\Windows\system32\drivers\afd.sys
2016-08-01 18:15:07 ----A---- C:\Windows\notepad.exe
2016-08-01 18:15:01 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2016-08-01 18:15:01 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\ws2_32.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\winhttp.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\mswsock.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\drivers\netbt.sys
2016-08-01 18:15:01 ----A---- C:\Windows\system32\comsvcs.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\catsrvut.dll
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\ws2_32.dll
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\netbtugc.exe
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2016-08-01 18:15:00 ----A---- C:\Windows\system32\netbtugc.exe
2016-08-01 18:14:59 ----A---- C:\Windows\SYSWOW64\mfds.dll
2016-08-01 18:14:59 ----A---- C:\Windows\system32\mfds.dll
2016-08-01 18:14:59 ----A---- C:\Windows\system32\aepic.dll
2016-08-01 18:14:59 ----A---- C:\Windows\system32\aeinv.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\lpk.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\StructuredQuery.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\lpk.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\fontsub.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\dciman32.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\atmlib.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\atmfd.dll
2016-08-01 18:14:57 ----A---- C:\Windows\system32\TSWbPrxy.exe
2016-08-01 18:14:57 ----A---- C:\Windows\system32\seclogon.dll
2016-08-01 18:12:30 ----A---- C:\Windows\system32\jnwmon.dll
2016-08-01 18:12:26 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-08-01 18:12:26 ----A---- C:\Windows\system32\gdi32.dll
2016-08-01 18:10:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-08-01 18:10:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-08-01 18:10:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-08-01 18:10:18 ----A---- C:\Windows\system32\ntdll.dll
2016-08-01 18:10:18 ----A---- C:\Windows\system32\advapi32.dll
2016-08-01 18:10:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-01 18:10:17 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\wow64win.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\wow64.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\winsrv.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\winload.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\srcore.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\srclient.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\smss.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\rstrui.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\ntvdm64.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\KernelBase.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\kernel32.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\drivers\appid.sys
2016-08-01 18:10:17 ----A---- C:\Windows\system32\csrsrv.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\conhost.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidsvc.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidapi.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\user.exe
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-08-01 18:10:16 ----A---- C:\Windows\system32\wow64cpu.dll
2016-08-01 18:10:16 ----A---- C:\Windows\system32\apisetschema.dll
2016-08-01 18:10:09 ----A---- C:\Windows\SYSWOW64\els.dll
2016-08-01 18:10:09 ----A---- C:\Windows\system32\els.dll
2016-08-01 18:10:09 ----A---- C:\Windows\system32\drivers\ndis.sys

======List of files/folders modified in the last 1 month======

2016-08-24 18:01:04 ----D---- C:\Windows\Temp
2016-08-24 18:01:00 ----RD---- C:\Program Files
2016-08-24 17:05:15 ----D---- C:\Windows\system32\config
2016-08-24 16:56:02 ----D---- C:\Windows\System32
2016-08-24 16:56:02 ----D---- C:\Windows\inf
2016-08-24 16:56:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-08-24 16:49:51 ----D---- C:\Windows
2016-08-24 16:49:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-23 17:44:11 ----RD---- C:\Program Files (x86)
2016-08-21 16:41:32 ----D---- C:\Users\Martin\AppData\Roaming\MPC-HC
2016-08-21 16:32:20 ----D---- C:\Windows\Logs
2016-08-21 16:32:19 ----D---- C:\Windows\debug
2016-08-20 23:43:26 ----D---- C:\Windows\Microsoft.NET
2016-08-20 11:28:08 ----RSD---- C:\Windows\assembly
2016-08-20 11:27:43 ----SHD---- C:\System Volume Information
2016-08-20 09:59:05 ----D---- C:\Windows\system32\Tasks
2016-08-20 09:57:44 ----D---- C:\Windows\system32\catroot
2016-08-20 09:47:54 ----SHD---- C:\Windows\Installer
2016-08-20 09:47:54 ----SHD---- C:\Config.Msi
2016-08-20 09:47:52 ----D---- C:\Windows\SysWOW64
2016-08-20 09:47:52 ----D---- C:\Program Files\AMD
2016-08-20 09:47:42 ----D---- C:\Program Files (x86)\VulkanRT
2016-08-20 09:46:11 ----D---- C:\Windows\system32\drivers
2016-08-20 09:45:33 ----D---- C:\Windows\system32\DriverStore
2016-08-19 20:11:15 ----D---- C:\Windows\winsxs
2016-08-19 20:09:51 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-08-19 20:09:51 ----D---- C:\Windows\SYSWOW64\en-US
2016-08-19 20:09:51 ----D---- C:\Windows\system32\sk-SK
2016-08-19 20:09:51 ----D---- C:\Windows\system32\en-US
2016-08-19 20:08:20 ----D---- C:\Windows\system32\MRT
2016-08-19 20:05:56 ----AC---- C:\Windows\system32\MRT.exe
2016-08-19 20:04:58 ----D---- C:\Windows\system32\catroot2
2016-08-16 17:14:17 ----D---- C:\ProgramData\Package Cache
2016-08-02 18:56:04 ----D---- C:\Windows\system32\drivers\en-US
2016-08-02 18:56:02 ----D---- C:\Windows\ehome
2016-08-02 18:55:58 ----D---- C:\Windows\AppPatch
2016-08-02 18:55:56 ----D---- C:\Windows\system32\migration
2016-08-02 18:55:56 ----D---- C:\Program Files\Windows Media Player
2016-08-02 18:55:56 ----D---- C:\Program Files\Windows Journal
2016-08-02 18:55:56 ----D---- C:\Program Files (x86)\Windows Media Player
2016-08-02 18:55:55 ----D---- C:\Windows\system32\CodeIntegrity
2016-08-02 18:55:55 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2015-06-03 1443776]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2015-06-03 31144]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-07-28 145984]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-07-15 28600]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R2 amdacpksd;ACP Kernel Service Driver; \??\C:\Windows\system32\drivers\amdacpksd.sys [2016-07-19 305032]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-07-28 171752]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-18 79696]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-07-18 26708992]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-07-18 500736]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-30 96256]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT); C:\Windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136]
R3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4; C:\Windows\system32\DRIVERS\flashud.sys [2009-09-09 51712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2015-06-26 4509440]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2015-03-30 803600]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2015-05-19 986368]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-06-25 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-07-18 269824]
R2 amdacpusrsvc;ACP User Service; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [2016-07-18 121856]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2016-07-28 472112]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2016-07-28 472112]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-07-25 319648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2016-07-28 989696]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2016-07-28 1453696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 PlaysService;Plays.tv Update Service; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2016-03-11 32528]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-25 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12 270016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-21 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-08-23 146888]
S3 Origin Client Service;Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe [2016-07-05 2122248]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-08-03 1452320]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-05-16 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Re: Podozrenie na haved,preventivka

Napsal: 25 srp 2016 19:44
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Podozrenie na haved,preventivka

Napsal: 26 srp 2016 17:39
od citizen
Cau,nic nenaslo.Tak asi budem museit nahodit adblock
# *Mode: Clean
# *Support : https://toolslib.net/forum



***** [ *Services ] *****



***** [ *Folders ] *****



***** [ *Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****



***** [ *Registry ] *****



***** [ *Browsers ] *****



*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [775 *Bytes] - [26/08/2016 18:32:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [1181 *Bytes] - [26/08/2016 18:32:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [922 *Bytes] ##########

Re: Podozrenie na haved,preventivka

Napsal: 28 srp 2016 13:33
od Rudy
Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]/64

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Re: Podozrenie na haved,preventivka

Napsal: 29 srp 2016 14:25
od citizen
Toz otazka,dava sa 1 mesiac ked sa kontroluje cez rsit. Mne sa to ale stalo tusim 2-3 mesiace dozadu. Stahoval som jdownloader a kopec nazorov na to je ze je to cely malware software. Bolo tam odporucanie to stiahnut ako offline verziu. Odvtedy mi nieco avira nasla. Pravda je ze som si stiahol aj warez verizu sony vegas a crack. Ten crack tiez nejako zvlastne blbne..BTW po nainstalovani adblocku reklama zmizla az na jeden druh taky textovy. Nemam screen,...
Tu je log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2016-08-29 15:16:26
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 39 GB (38%) free of 104 GB
Total RAM: 8132 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:16:28, on 29. 8. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\Program Files\trend micro\Martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ACP User Service (amdacpusrsvc) - Advanced Micro Devices - C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Users\Public\Desktop\Origin\OriginClientService.exe
O23 - Service: Plays.tv Update Service (PlaysService) - Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7661 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe"
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_00000774
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe" --log_to_file --from_stub --newver --raptr_installed_over_plays
raptr_im.exe
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr_ep64.exe" 3956
"C:\Users\Martin\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ss8nayk4.default-1470506759666

prefs.js - "browser.startup.homepage" - "https://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21 551520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21 212576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}]
AviraBrowserSafety.BrowserSafety - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCN"=C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [2016-07-18 6626696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2016-07-28 831064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe [2016-08-23 58640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-26 14030080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-07-28 53655680]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-08-04 67864]
"avgnt"=C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2016-07-28 831064]
"Raptr"=C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe [2016-08-23 58640]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-08-29 15:12:08 ----D---- C:\_OTM
2016-08-26 18:31:35 ----D---- C:\AdwCleaner
2016-08-25 16:50:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-08-24 18:01:00 ----D---- C:\rsit
2016-08-24 18:01:00 ----D---- C:\Program Files\trend micro
2016-08-22 17:16:29 ----A---- C:\Windows\ntbtlog.txt
2016-08-20 09:47:56 ----D---- C:\Users\Martin\AppData\Roaming\Raptr
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\wdigest.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\TSpkg.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\sspisrv.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\sspicli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\schannel.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\secur32.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\rpchttp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\rpcrt4.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\ncrypt.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\msv1_0.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\msobjs.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\msaudite.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\lsass.exe
2016-08-19 20:05:23 ----A---- C:\Windows\system32\lsasrv.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\kerberos.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\cryptbase.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\credssp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\certcli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\auditpol.exe
2016-08-19 20:05:23 ----A---- C:\Windows\system32\adtschema.dll
2016-08-19 20:05:21 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-08-19 20:05:21 ----A---- C:\Windows\system32\tzres.dll
2016-08-19 20:04:38 ----A---- C:\Windows\system32\win32k.sys
2016-08-02 18:25:39 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2016-08-02 18:25:39 ----A---- C:\Windows\system32\WMPhoto.dll
2016-08-01 18:19:51 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2016-08-01 18:19:51 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2016-08-01 18:19:51 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2016-08-01 18:19:51 ----A---- C:\Windows\system32\msxml3r.dll
2016-08-01 18:19:51 ----A---- C:\Windows\system32\msxml3.dll
2016-08-01 18:19:51 ----A---- C:\Windows\system32\InkEd.dll
2016-08-01 18:19:50 ----A---- C:\Windows\system32\shell32.dll
2016-08-01 18:19:49 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-08-01 18:19:49 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2016-08-01 18:19:49 ----A---- C:\Windows\system32\ExplorerFrame.dll
2016-08-01 18:19:48 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2016-08-01 18:19:48 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-08-01 18:19:48 ----A---- C:\Windows\system32\cdd.dll
2016-08-01 18:19:46 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2016-08-01 18:19:46 ----A---- C:\Windows\system32\FntCache.dll
2016-08-01 18:19:46 ----A---- C:\Windows\system32\DWrite.dll
2016-08-01 18:19:45 ----A---- C:\Windows\SYSWOW64\user32.dll
2016-08-01 18:19:45 ----A---- C:\Windows\system32\user32.dll
2016-08-01 18:19:43 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2016-08-01 18:19:43 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2016-08-01 18:19:43 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2016-08-01 18:19:43 ----A---- C:\Windows\system32\wshrm.dll
2016-08-01 18:19:43 ----A---- C:\Windows\system32\WebClnt.dll
2016-08-01 18:19:43 ----A---- C:\Windows\system32\drivers\rmcast.sys
2016-08-01 18:19:43 ----A---- C:\Windows\system32\davclnt.dll
2016-08-01 18:19:42 ----A---- C:\Windows\system32\samsrv.dll
2016-08-01 18:19:41 ----A---- C:\Windows\SYSWOW64\samlib.dll
2016-08-01 18:19:41 ----A---- C:\Windows\system32\samlib.dll
2016-08-01 18:19:40 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2016-08-01 18:19:40 ----A---- C:\Windows\system32\d2d1.dll
2016-08-01 18:19:35 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-08-01 18:19:35 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-08-01 18:19:35 ----A---- C:\Windows\system32\mtxoci.dll
2016-08-01 18:19:35 ----A---- C:\Windows\system32\EncDec.dll
2016-08-01 18:19:35 ----A---- C:\Windows\system32\CPFilters.dll
2016-08-01 18:19:34 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-08-01 18:19:34 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-08-01 18:19:25 ----A---- C:\Windows\system32\wmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\wmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2016-08-01 18:19:24 ----A---- C:\Windows\system32\wmploc.DLL
2016-08-01 18:19:24 ----A---- C:\Windows\system32\spwmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\system32\dxmasf.dll
2016-08-01 18:19:23 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-08-01 18:19:23 ----A---- C:\Windows\system32\WindowsCodecs.dll
2016-08-01 18:17:32 ----A---- C:\Windows\system32\ole32.dll
2016-08-01 18:17:31 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-08-01 18:17:18 ----A---- C:\Windows\system32\sysmain.dll
2016-08-01 18:17:18 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2016-08-01 18:17:17 ----A---- C:\Windows\system32\msmmsp.dll
2016-08-01 18:17:09 ----A---- C:\Windows\system32\drivers\srv2.sys
2016-08-01 18:17:09 ----A---- C:\Windows\system32\drivers\srv.sys
2016-08-01 18:17:08 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2016-08-01 18:17:08 ----A---- C:\Windows\system32\drivers\srvnet.sys
2016-08-01 18:17:08 ----A---- C:\Windows\system32\drivers\cng.sys
2016-08-01 18:17:08 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-08-01 18:17:06 ----A---- C:\Windows\system32\wksprt.exe
2016-08-01 18:17:06 ----A---- C:\Windows\system32\mstscax.dll
2016-08-01 18:17:05 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2016-08-01 18:17:05 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2016-08-01 18:17:05 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2016-08-01 18:17:05 ----A---- C:\Windows\system32\tsgqec.dll
2016-08-01 18:17:05 ----A---- C:\Windows\system32\rdvidcrl.dll
2016-08-01 18:16:58 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\WMADMOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\MSMPEG2ENC.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\msmpeg2adec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\system32\mf.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMVSDECD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMVENCOD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMSPDMOD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMADMOE.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\mf.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\evr.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\COLORCNV.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\wmpmde.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\quartz.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\mcmde.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\evr.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\WMVXENCD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\WMVSENCD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\WMSPDMOE.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\VIDRESZR.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\RESAMPLEDMO.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\quartz.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\qasf.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MPG4DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MP4SDECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MP43DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MP3DMOD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MFWMAAEC.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfvdsp.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfps.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mferror.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\ksuser.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\devenum.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\SysFxUI.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\rrinstaller.exe
2016-08-01 18:16:55 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\qdvd.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\qasf.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfvdsp.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfps.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfpmp.exe
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfplat.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mferror.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\ksuser.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\drivers\portcls.sys
2016-08-01 18:16:55 ----A---- C:\Windows\system32\drivers\drmkaud.sys
2016-08-01 18:16:55 ----A---- C:\Windows\system32\drivers\drmk.sys
2016-08-01 18:16:55 ----A---- C:\Windows\system32\devenum.dll
2016-08-01 18:16:53 ----A---- C:\Windows\SYSWOW64\mapistub.dll
2016-08-01 18:16:53 ----A---- C:\Windows\SYSWOW64\mapi32.dll
2016-08-01 18:16:53 ----A---- C:\Windows\SYSWOW64\fixmapi.exe
2016-08-01 18:16:53 ----A---- C:\Windows\system32\mapistub.dll
2016-08-01 18:16:53 ----A---- C:\Windows\system32\mapi32.dll
2016-08-01 18:16:53 ----A---- C:\Windows\system32\fixmapi.exe
2016-08-01 18:16:50 ----A---- C:\Windows\system32\basesrv.dll
2016-08-01 18:16:44 ----A---- C:\Windows\system32\schedsvc.dll
2016-08-01 18:16:43 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2016-08-01 18:16:43 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2016-08-01 18:16:43 ----A---- C:\Windows\system32\msxml6r.dll
2016-08-01 18:16:43 ----A---- C:\Windows\system32\msxml6.dll
2016-08-01 18:16:41 ----A---- C:\Windows\SYSWOW64\usp10.dll
2016-08-01 18:16:41 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2016-08-01 18:16:41 ----A---- C:\Windows\system32\usp10.dll
2016-08-01 18:16:41 ----A---- C:\Windows\system32\oleaut32.dll
2016-08-01 18:16:40 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2016-08-01 18:16:40 ----A---- C:\Windows\system32\asycfilt.dll
2016-08-01 18:16:39 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-08-01 18:16:39 ----A---- C:\Windows\SYSWOW64\ntprint.exe
2016-08-01 18:16:39 ----A---- C:\Windows\SYSWOW64\ntprint.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\wpnpinst.exe
2016-08-01 18:16:39 ----A---- C:\Windows\system32\win32spl.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\ntprint.exe
2016-08-01 18:16:39 ----A---- C:\Windows\system32\ntprint.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\localspl.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\inetppui.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\inetpp.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2016-08-01 18:16:38 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\winipsec.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\polstore.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpscript.exe
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpscript.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpprefcl.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpapi.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\FwRemoteSvr.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\winipsec.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\polstore.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\IPSECSVC.DLL
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpsvc.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpscript.exe
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpscript.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpprefcl.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpapi.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2016-08-01 18:15:11 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2016-08-01 18:15:11 ----A---- C:\Windows\system32\d3d10warp.dll
2016-08-01 18:15:09 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\rdpudd.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\rdpcorets.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\d3d10level9.dll
2016-08-01 18:15:07 ----A---- C:\Windows\SYSWOW64\qedit.dll
2016-08-01 18:15:07 ----A---- C:\Windows\SYSWOW64\notepad.exe
2016-08-01 18:15:07 ----A---- C:\Windows\system32\qedit.dll
2016-08-01 18:15:07 ----A---- C:\Windows\system32\notepad.exe
2016-08-01 18:15:07 ----A---- C:\Windows\system32\drivers\tdx.sys
2016-08-01 18:15:07 ----A---- C:\Windows\system32\drivers\afd.sys
2016-08-01 18:15:07 ----A---- C:\Windows\notepad.exe
2016-08-01 18:15:01 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2016-08-01 18:15:01 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\ws2_32.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\winhttp.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\mswsock.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\drivers\netbt.sys
2016-08-01 18:15:01 ----A---- C:\Windows\system32\comsvcs.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\catsrvut.dll
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\ws2_32.dll
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\netbtugc.exe
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2016-08-01 18:15:00 ----A---- C:\Windows\system32\netbtugc.exe
2016-08-01 18:14:59 ----A---- C:\Windows\SYSWOW64\mfds.dll
2016-08-01 18:14:59 ----A---- C:\Windows\system32\mfds.dll
2016-08-01 18:14:59 ----A---- C:\Windows\system32\aepic.dll
2016-08-01 18:14:59 ----A---- C:\Windows\system32\aeinv.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\lpk.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\StructuredQuery.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\lpk.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\fontsub.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\dciman32.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\atmlib.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\atmfd.dll
2016-08-01 18:14:57 ----A---- C:\Windows\system32\TSWbPrxy.exe
2016-08-01 18:14:57 ----A---- C:\Windows\system32\seclogon.dll
2016-08-01 18:12:30 ----A---- C:\Windows\system32\jnwmon.dll
2016-08-01 18:12:26 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-08-01 18:12:26 ----A---- C:\Windows\system32\gdi32.dll
2016-08-01 18:10:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-08-01 18:10:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-08-01 18:10:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-08-01 18:10:18 ----A---- C:\Windows\system32\ntdll.dll
2016-08-01 18:10:18 ----A---- C:\Windows\system32\advapi32.dll
2016-08-01 18:10:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-01 18:10:17 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\wow64win.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\wow64.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\winsrv.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\winload.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\srcore.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\srclient.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\smss.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\rstrui.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\ntvdm64.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\KernelBase.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\kernel32.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\drivers\appid.sys
2016-08-01 18:10:17 ----A---- C:\Windows\system32\csrsrv.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\conhost.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidsvc.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidapi.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\user.exe
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-08-01 18:10:16 ----A---- C:\Windows\system32\wow64cpu.dll
2016-08-01 18:10:16 ----A---- C:\Windows\system32\apisetschema.dll
2016-08-01 18:10:09 ----A---- C:\Windows\SYSWOW64\els.dll
2016-08-01 18:10:09 ----A---- C:\Windows\system32\els.dll
2016-08-01 18:10:09 ----A---- C:\Windows\system32\drivers\ndis.sys

======List of files/folders modified in the last 1 month======

2016-08-29 15:16:27 ----D---- C:\Windows\Temp
2016-08-29 15:15:36 ----RD---- C:\Program Files (x86)
2016-08-29 15:13:53 ----D---- C:\Windows\SysWOW64
2016-08-29 15:13:53 ----D---- C:\Windows\System32
2016-08-29 11:23:19 ----D---- C:\Windows\system32\config
2016-08-29 10:38:55 ----D---- C:\Windows\inf
2016-08-29 10:38:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-08-26 17:37:52 ----D---- C:\ProgramData\Package Cache
2016-08-26 17:37:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-25 18:19:38 ----SHD---- C:\Windows\Installer
2016-08-25 18:19:37 ----SHD---- C:\Config.Msi
2016-08-24 18:01:00 ----RD---- C:\Program Files
2016-08-24 16:49:51 ----D---- C:\Windows
2016-08-21 16:41:32 ----D---- C:\Users\Martin\AppData\Roaming\MPC-HC
2016-08-21 16:32:20 ----D---- C:\Windows\Logs
2016-08-21 16:32:19 ----D---- C:\Windows\debug
2016-08-20 23:43:26 ----D---- C:\Windows\Microsoft.NET
2016-08-20 11:28:08 ----RSD---- C:\Windows\assembly
2016-08-20 11:27:43 ----SHD---- C:\System Volume Information
2016-08-20 09:59:05 ----D---- C:\Windows\system32\Tasks
2016-08-20 09:57:44 ----D---- C:\Windows\system32\catroot
2016-08-20 09:47:52 ----D---- C:\Program Files\AMD
2016-08-20 09:47:42 ----D---- C:\Program Files (x86)\VulkanRT
2016-08-20 09:46:11 ----D---- C:\Windows\system32\drivers
2016-08-20 09:45:33 ----D---- C:\Windows\system32\DriverStore
2016-08-19 20:11:15 ----D---- C:\Windows\winsxs
2016-08-19 20:09:51 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-08-19 20:09:51 ----D---- C:\Windows\SYSWOW64\en-US
2016-08-19 20:09:51 ----D---- C:\Windows\system32\sk-SK
2016-08-19 20:09:51 ----D---- C:\Windows\system32\en-US
2016-08-19 20:08:20 ----D---- C:\Windows\system32\MRT
2016-08-19 20:05:56 ----AC---- C:\Windows\system32\MRT.exe
2016-08-19 20:04:58 ----D---- C:\Windows\system32\catroot2
2016-08-02 18:56:04 ----D---- C:\Windows\system32\drivers\en-US
2016-08-02 18:56:02 ----D---- C:\Windows\ehome
2016-08-02 18:55:58 ----D---- C:\Windows\AppPatch
2016-08-02 18:55:56 ----D---- C:\Windows\system32\migration
2016-08-02 18:55:56 ----D---- C:\Program Files\Windows Media Player
2016-08-02 18:55:56 ----D---- C:\Program Files\Windows Journal
2016-08-02 18:55:56 ----D---- C:\Program Files (x86)\Windows Media Player
2016-08-02 18:55:55 ----D---- C:\Windows\system32\CodeIntegrity
2016-08-02 18:55:55 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2015-06-03 1443776]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2015-06-03 31144]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-07-28 145984]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-07-15 28600]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R2 amdacpksd;ACP Kernel Service Driver; \??\C:\Windows\system32\drivers\amdacpksd.sys [2016-07-19 305032]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-07-28 171752]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-18 79696]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-07-18 26708992]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-07-18 500736]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-30 96256]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT); C:\Windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136]
R3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4; C:\Windows\system32\DRIVERS\flashud.sys [2009-09-09 51712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2015-06-26 4509440]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2015-03-30 803600]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2015-05-19 986368]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-06-25 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-07-18 269824]
R2 amdacpusrsvc;ACP User Service; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [2016-07-18 121856]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2016-07-28 472112]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2016-07-28 472112]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-08-04 320672]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-25 327296]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2016-07-28 989696]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2016-07-28 1453696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 PlaysService;Plays.tv Update Service; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2016-03-11 32528]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12 270016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-21 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-08-25 146888]
S3 Origin Client Service;Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe [2016-07-05 2122248]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-08-23 1465120]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-05-16 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Re: Podozrenie na haved,preventivka

Napsal: 29 srp 2016 17:26
od Rudy
Můžete to samozřejmě změnit a pak spustit. Jen poznámka: kdybyste nelezl na warez, neměl byste tento problém. :D

Re: Podozrenie na haved,preventivka

Napsal: 01 zář 2016 12:36
od citizen
takze nic sa nepodarilo take najst?
Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2016-09-01 13:28:43
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 47 GB (45%) free of 104 GB
Total RAM: 8132 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:28:45, on 1. 9. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\updrgui.exe
C:\Program Files\trend micro\Martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ACP User Service (amdacpusrsvc) - Advanced Micro Devices - C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Users\Public\Desktop\Origin\OriginClientService.exe
O23 - Service: Plays.tv Update Service (PlaysService) - Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7720 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe"
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_00000630
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe" --log_to_file --from_stub --startup
raptr_im.exe
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr_ep64.exe" 3440
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
taskeng.exe {302534E2-834A-41B6-9CA2-37BA0D5B1372}
taskeng.exe {16AEFBFA-7578-49A4-B1D3-D4B20607B948}
C:\Windows\System32\mobsync.exe -Embedding
"C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\update.exe" configfile="C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\intermediate.conf"
"C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\updrgui.exe"
"C:\Users\Martin\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ss8nayk4.default-1470506759666

prefs.js - "browser.startup.homepage" - "https://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21 551520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21 212576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}]
AviraBrowserSafety.BrowserSafety - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCN"=C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [2016-07-18 6626696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2016-07-28 831064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe [2016-08-23 58640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-26 14030080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-07-28 53655680]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-08-04 67864]
"avgnt"=C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2016-07-28 831064]
"Raptr"=C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe [2016-08-23 58640]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2016-08-29 15:12:08 ----D---- C:\_OTM
2016-08-26 18:31:35 ----D---- C:\AdwCleaner
2016-08-25 16:50:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-08-24 18:01:00 ----D---- C:\rsit
2016-08-24 18:01:00 ----D---- C:\Program Files\trend micro
2016-08-22 17:16:29 ----A---- C:\Windows\ntbtlog.txt
2016-08-20 09:47:56 ----D---- C:\Users\Martin\AppData\Roaming\Raptr
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-08-19 20:05:23 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\wdigest.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\TSpkg.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\sspisrv.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\sspicli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\schannel.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\secur32.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\rpchttp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\rpcrt4.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\ncrypt.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\msv1_0.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\msobjs.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\msaudite.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\lsass.exe
2016-08-19 20:05:23 ----A---- C:\Windows\system32\lsasrv.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\kerberos.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-08-19 20:05:23 ----A---- C:\Windows\system32\cryptbase.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\credssp.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\certcli.dll
2016-08-19 20:05:23 ----A---- C:\Windows\system32\auditpol.exe
2016-08-19 20:05:23 ----A---- C:\Windows\system32\adtschema.dll
2016-08-19 20:05:21 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-08-19 20:05:21 ----A---- C:\Windows\system32\tzres.dll
2016-08-19 20:04:38 ----A---- C:\Windows\system32\win32k.sys
2016-08-02 18:25:39 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2016-08-02 18:25:39 ----A---- C:\Windows\system32\WMPhoto.dll
2016-08-01 18:19:51 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2016-08-01 18:19:51 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2016-08-01 18:19:51 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2016-08-01 18:19:51 ----A---- C:\Windows\system32\msxml3r.dll
2016-08-01 18:19:51 ----A---- C:\Windows\system32\msxml3.dll
2016-08-01 18:19:51 ----A---- C:\Windows\system32\InkEd.dll
2016-08-01 18:19:50 ----A---- C:\Windows\system32\shell32.dll
2016-08-01 18:19:49 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-08-01 18:19:49 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2016-08-01 18:19:49 ----A---- C:\Windows\system32\ExplorerFrame.dll
2016-08-01 18:19:48 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2016-08-01 18:19:48 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-08-01 18:19:48 ----A---- C:\Windows\system32\cdd.dll
2016-08-01 18:19:46 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2016-08-01 18:19:46 ----A---- C:\Windows\system32\FntCache.dll
2016-08-01 18:19:46 ----A---- C:\Windows\system32\DWrite.dll
2016-08-01 18:19:45 ----A---- C:\Windows\SYSWOW64\user32.dll
2016-08-01 18:19:45 ----A---- C:\Windows\system32\user32.dll
2016-08-01 18:19:43 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2016-08-01 18:19:43 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2016-08-01 18:19:43 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2016-08-01 18:19:43 ----A---- C:\Windows\system32\wshrm.dll
2016-08-01 18:19:43 ----A---- C:\Windows\system32\WebClnt.dll
2016-08-01 18:19:43 ----A---- C:\Windows\system32\drivers\rmcast.sys
2016-08-01 18:19:43 ----A---- C:\Windows\system32\davclnt.dll
2016-08-01 18:19:42 ----A---- C:\Windows\system32\samsrv.dll
2016-08-01 18:19:41 ----A---- C:\Windows\SYSWOW64\samlib.dll
2016-08-01 18:19:41 ----A---- C:\Windows\system32\samlib.dll
2016-08-01 18:19:40 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2016-08-01 18:19:40 ----A---- C:\Windows\system32\d2d1.dll
2016-08-01 18:19:35 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-08-01 18:19:35 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-08-01 18:19:35 ----A---- C:\Windows\system32\mtxoci.dll
2016-08-01 18:19:35 ----A---- C:\Windows\system32\EncDec.dll
2016-08-01 18:19:35 ----A---- C:\Windows\system32\CPFilters.dll
2016-08-01 18:19:34 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-08-01 18:19:34 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-08-01 18:19:25 ----A---- C:\Windows\system32\wmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\wmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2016-08-01 18:19:24 ----A---- C:\Windows\system32\wmploc.DLL
2016-08-01 18:19:24 ----A---- C:\Windows\system32\spwmp.dll
2016-08-01 18:19:24 ----A---- C:\Windows\system32\dxmasf.dll
2016-08-01 18:19:23 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-08-01 18:19:23 ----A---- C:\Windows\system32\WindowsCodecs.dll
2016-08-01 18:17:32 ----A---- C:\Windows\system32\ole32.dll
2016-08-01 18:17:31 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-08-01 18:17:18 ----A---- C:\Windows\system32\sysmain.dll
2016-08-01 18:17:18 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2016-08-01 18:17:17 ----A---- C:\Windows\system32\msmmsp.dll
2016-08-01 18:17:09 ----A---- C:\Windows\system32\drivers\srv2.sys
2016-08-01 18:17:09 ----A---- C:\Windows\system32\drivers\srv.sys
2016-08-01 18:17:08 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2016-08-01 18:17:08 ----A---- C:\Windows\system32\drivers\srvnet.sys
2016-08-01 18:17:08 ----A---- C:\Windows\system32\drivers\cng.sys
2016-08-01 18:17:08 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-08-01 18:17:06 ----A---- C:\Windows\system32\wksprt.exe
2016-08-01 18:17:06 ----A---- C:\Windows\system32\mstscax.dll
2016-08-01 18:17:05 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2016-08-01 18:17:05 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2016-08-01 18:17:05 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2016-08-01 18:17:05 ----A---- C:\Windows\system32\tsgqec.dll
2016-08-01 18:17:05 ----A---- C:\Windows\system32\rdvidcrl.dll
2016-08-01 18:16:58 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\WMADMOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\MSMPEG2ENC.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\SYSWOW64\msmpeg2adec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2016-08-01 18:16:57 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-08-01 18:16:57 ----A---- C:\Windows\system32\mf.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMVSDECD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMVENCOD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMSPDMOD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\WMADMOE.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\mf.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\evr.dll
2016-08-01 18:16:56 ----A---- C:\Windows\SYSWOW64\COLORCNV.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\wmpmde.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-08-01 18:16:56 ----A---- C:\Windows\system32\quartz.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\mcmde.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\evr.dll
2016-08-01 18:16:56 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\WMVXENCD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\WMVSENCD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\WMSPDMOE.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\VIDRESZR.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\RESAMPLEDMO.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\quartz.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\qasf.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MPG4DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MP4SDECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MP43DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MP3DMOD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\MFWMAAEC.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfvdsp.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfps.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\mferror.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\ksuser.dll
2016-08-01 18:16:55 ----A---- C:\Windows\SYSWOW64\devenum.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\SysFxUI.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\rrinstaller.exe
2016-08-01 18:16:55 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\qdvd.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\qasf.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfvdsp.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfps.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfpmp.exe
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mfplat.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\mferror.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\ksuser.dll
2016-08-01 18:16:55 ----A---- C:\Windows\system32\drivers\portcls.sys
2016-08-01 18:16:55 ----A---- C:\Windows\system32\drivers\drmkaud.sys
2016-08-01 18:16:55 ----A---- C:\Windows\system32\drivers\drmk.sys
2016-08-01 18:16:55 ----A---- C:\Windows\system32\devenum.dll
2016-08-01 18:16:53 ----A---- C:\Windows\SYSWOW64\mapistub.dll
2016-08-01 18:16:53 ----A---- C:\Windows\SYSWOW64\mapi32.dll
2016-08-01 18:16:53 ----A---- C:\Windows\SYSWOW64\fixmapi.exe
2016-08-01 18:16:53 ----A---- C:\Windows\system32\mapistub.dll
2016-08-01 18:16:53 ----A---- C:\Windows\system32\mapi32.dll
2016-08-01 18:16:53 ----A---- C:\Windows\system32\fixmapi.exe
2016-08-01 18:16:50 ----A---- C:\Windows\system32\basesrv.dll
2016-08-01 18:16:44 ----A---- C:\Windows\system32\schedsvc.dll
2016-08-01 18:16:43 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2016-08-01 18:16:43 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2016-08-01 18:16:43 ----A---- C:\Windows\system32\msxml6r.dll
2016-08-01 18:16:43 ----A---- C:\Windows\system32\msxml6.dll
2016-08-01 18:16:41 ----A---- C:\Windows\SYSWOW64\usp10.dll
2016-08-01 18:16:41 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2016-08-01 18:16:41 ----A---- C:\Windows\system32\usp10.dll
2016-08-01 18:16:41 ----A---- C:\Windows\system32\oleaut32.dll
2016-08-01 18:16:40 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2016-08-01 18:16:40 ----A---- C:\Windows\system32\asycfilt.dll
2016-08-01 18:16:39 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-08-01 18:16:39 ----A---- C:\Windows\SYSWOW64\ntprint.exe
2016-08-01 18:16:39 ----A---- C:\Windows\SYSWOW64\ntprint.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\wpnpinst.exe
2016-08-01 18:16:39 ----A---- C:\Windows\system32\win32spl.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\ntprint.exe
2016-08-01 18:16:39 ----A---- C:\Windows\system32\ntprint.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\localspl.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\inetppui.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\inetpp.dll
2016-08-01 18:16:39 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2016-08-01 18:16:38 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\winipsec.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\polstore.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpscript.exe
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpscript.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpprefcl.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\gpapi.dll
2016-08-01 18:15:13 ----A---- C:\Windows\SYSWOW64\FwRemoteSvr.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\winipsec.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\polstore.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\IPSECSVC.DLL
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpsvc.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpscript.exe
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpscript.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpprefcl.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\gpapi.dll
2016-08-01 18:15:13 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2016-08-01 18:15:11 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2016-08-01 18:15:11 ----A---- C:\Windows\system32\d3d10warp.dll
2016-08-01 18:15:09 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\rdpudd.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\rdpcorets.dll
2016-08-01 18:15:09 ----A---- C:\Windows\system32\d3d10level9.dll
2016-08-01 18:15:07 ----A---- C:\Windows\SYSWOW64\qedit.dll
2016-08-01 18:15:07 ----A---- C:\Windows\SYSWOW64\notepad.exe
2016-08-01 18:15:07 ----A---- C:\Windows\system32\qedit.dll
2016-08-01 18:15:07 ----A---- C:\Windows\system32\notepad.exe
2016-08-01 18:15:07 ----A---- C:\Windows\system32\drivers\tdx.sys
2016-08-01 18:15:07 ----A---- C:\Windows\system32\drivers\afd.sys
2016-08-01 18:15:07 ----A---- C:\Windows\notepad.exe
2016-08-01 18:15:01 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2016-08-01 18:15:01 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\ws2_32.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\winhttp.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\mswsock.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\drivers\netbt.sys
2016-08-01 18:15:01 ----A---- C:\Windows\system32\comsvcs.dll
2016-08-01 18:15:01 ----A---- C:\Windows\system32\catsrvut.dll
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\ws2_32.dll
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\netbtugc.exe
2016-08-01 18:15:00 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2016-08-01 18:15:00 ----A---- C:\Windows\system32\netbtugc.exe
2016-08-01 18:14:59 ----A---- C:\Windows\SYSWOW64\mfds.dll
2016-08-01 18:14:59 ----A---- C:\Windows\system32\mfds.dll
2016-08-01 18:14:59 ----A---- C:\Windows\system32\aepic.dll
2016-08-01 18:14:59 ----A---- C:\Windows\system32\aeinv.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\lpk.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2016-08-01 18:14:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\StructuredQuery.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\lpk.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\fontsub.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\dciman32.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\atmlib.dll
2016-08-01 18:14:58 ----A---- C:\Windows\system32\atmfd.dll
2016-08-01 18:14:57 ----A---- C:\Windows\system32\TSWbPrxy.exe
2016-08-01 18:14:57 ----A---- C:\Windows\system32\seclogon.dll
2016-08-01 18:12:30 ----A---- C:\Windows\system32\jnwmon.dll
2016-08-01 18:12:26 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-08-01 18:12:26 ----A---- C:\Windows\system32\gdi32.dll
2016-08-01 18:10:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-08-01 18:10:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-08-01 18:10:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-08-01 18:10:18 ----A---- C:\Windows\system32\ntdll.dll
2016-08-01 18:10:18 ----A---- C:\Windows\system32\advapi32.dll
2016-08-01 18:10:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-01 18:10:17 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-08-01 18:10:17 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\wow64win.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\wow64.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\winsrv.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\winload.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\srcore.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\srclient.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\smss.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\rstrui.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\ntvdm64.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\KernelBase.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\kernel32.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\drivers\appid.sys
2016-08-01 18:10:17 ----A---- C:\Windows\system32\csrsrv.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\conhost.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidsvc.dll
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-08-01 18:10:17 ----A---- C:\Windows\system32\appidapi.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-01 18:10:16 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\user.exe
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-08-01 18:10:16 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-08-01 18:10:16 ----A---- C:\Windows\system32\wow64cpu.dll
2016-08-01 18:10:16 ----A---- C:\Windows\system32\apisetschema.dll
2016-08-01 18:10:09 ----A---- C:\Windows\SYSWOW64\els.dll
2016-08-01 18:10:09 ----A---- C:\Windows\system32\els.dll
2016-08-01 18:10:09 ----A---- C:\Windows\system32\drivers\ndis.sys
2016-07-19 00:22:10 ----A---- C:\Windows\SYSWOW64\amdave32.dll
2016-07-19 00:22:10 ----A---- C:\Windows\system32\amdave64.dll
2016-07-19 00:22:04 ----A---- C:\Windows\system32\amdhcp64.dll
2016-07-19 00:22:02 ----A---- C:\Windows\SYSWOW64\amdhcp32.dll
2016-07-19 00:21:58 ----A---- C:\Windows\system32\atimpc64.dll
2016-07-19 00:21:58 ----A---- C:\Windows\system32\amdpcom64.dll
2016-07-19 00:21:56 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2016-07-19 00:21:56 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2016-07-19 00:21:42 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2016-07-19 00:21:40 ----A---- C:\Windows\system32\atiu9p64.dll
2016-07-19 00:21:38 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2016-07-19 00:21:30 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2016-07-19 00:21:20 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2016-07-19 00:21:12 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2016-07-19 00:21:04 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2016-07-19 00:20:54 ----A---- C:\Windows\system32\atiumd6a.dll
2016-07-19 00:20:50 ----A---- C:\Windows\system32\atiumd64.dll
2016-07-19 00:20:14 ----A---- C:\Windows\system32\drivers\amdacpksd.sys
2016-07-19 00:07:28 ----A---- C:\Windows\system32\amfrt64.dll
2016-07-19 00:06:02 ----A---- C:\Windows\SYSWOW64\amfrt32.dll
2016-07-19 00:04:46 ----A---- C:\Windows\system32\amdvlk64.dll
2016-07-18 23:54:52 ----A---- C:\Windows\SYSWOW64\amdvlk32.dll
2016-07-18 23:42:24 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2016-07-18 23:37:38 ----A---- C:\Windows\system32\atio6axx.dll
2016-07-18 23:31:54 ----A---- C:\Windows\system32\coinst_16.30.dll
2016-07-18 23:28:24 ----A---- C:\Windows\system32\clinfo.exe
2016-07-18 23:28:12 ----A---- C:\Windows\system32\amdocl64.dll
2016-07-18 23:27:00 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2016-07-18 23:25:52 ----A---- C:\Windows\system32\OpenCL.dll
2016-07-18 23:25:48 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2016-07-18 23:22:58 ----A---- C:\Windows\system32\amdlvr64.dll
2016-07-18 23:22:16 ----A---- C:\Windows\SYSWOW64\amdlvr32.dll
2016-07-18 23:21:48 ----A---- C:\Windows\system32\amdocl12cl64.dll
2016-07-18 23:21:38 ----A---- C:\Windows\SYSWOW64\amdocl12cl.dll
2016-07-18 23:21:38 ----A---- C:\Windows\system32\mantle64.dll
2016-07-18 23:21:26 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2016-07-18 23:21:10 ----A---- C:\Windows\system32\amdmantle64.dll
2016-07-18 23:11:18 ----A---- C:\Windows\SYSWOW64\amdmantle32.dll
2016-07-18 23:06:24 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2016-07-18 23:04:42 ----A---- C:\Windows\system32\amdmmcl6.dll
2016-07-18 23:04:38 ----A---- C:\Windows\SYSWOW64\amdmmcl.dll
2016-07-18 23:03:22 ----A---- C:\Windows\system32\mantleaxl64.dll
2016-07-18 23:03:14 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2016-07-18 22:46:50 ----A---- C:\Windows\system32\atiapfxx.exe
2016-07-18 22:46:44 ----A---- C:\Windows\system32\aticalrt64.dll
2016-07-18 22:46:40 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2016-07-18 22:46:32 ----A---- C:\Windows\system32\aticalcl64.dll
2016-07-18 22:46:30 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2016-07-18 22:46:18 ----A---- C:\Windows\system32\aticaldd64.dll
2016-07-18 22:45:20 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2016-07-18 22:39:22 ----A---- C:\Windows\system32\atisamu64.dll
2016-07-18 22:39:18 ----A---- C:\Windows\SYSWOW64\atisamu32.dll
2016-07-18 22:39:18 ----A---- C:\Windows\system32\atidemgy.dll
2016-07-18 22:39:14 ----A---- C:\Windows\system32\dgtrayicon.exe
2016-07-18 22:39:08 ----A---- C:\Windows\system32\GameManager64.dll
2016-07-18 22:39:00 ----A---- C:\Windows\system32\atieah64.exe
2016-07-18 22:38:58 ----A---- C:\Windows\SYSWOW64\atieah32.exe
2016-07-18 22:38:52 ----A---- C:\Windows\system32\amdgfxinfo64.dll
2016-07-18 22:38:50 ----A---- C:\Windows\SYSWOW64\amdgfxinfo32.dll
2016-07-18 22:38:50 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2016-07-18 22:38:48 ----A---- C:\Windows\system32\atimuixx.dll
2016-07-18 22:38:42 ----A---- C:\Windows\system32\atieclxx.exe
2016-07-18 22:38:24 ----A---- C:\Windows\system32\atiesrxx.exe
2016-07-18 22:37:38 ----A---- C:\Windows\system32\atitmm64.dll
2016-07-18 22:33:38 ----A---- C:\Windows\system32\atiadlxx.dll
2016-07-18 22:33:30 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2016-07-18 22:33:30 ----A---- C:\Windows\SYSWOW64\atiadlxx.dll
2016-07-18 22:33:22 ----A---- C:\Windows\system32\atig6pxx.dll
2016-07-18 22:33:18 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2016-07-18 22:33:18 ----A---- C:\Windows\system32\atiglpxx.dll
2016-07-18 22:33:14 ----A---- C:\Windows\system32\atig6txx.dll
2016-07-18 22:33:04 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2016-07-18 22:32:52 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2016-07-18 22:29:22 ----A---- C:\Windows\system32\hsa-thunk64.dll
2016-07-18 22:29:16 ----A---- C:\Windows\SYSWOW64\hsa-thunk.dll
2016-07-18 16:51:10 ----A---- C:\Windows\system32\amdacpusl.dll
2016-07-18 16:51:02 ----A---- C:\Windows\SYSWOW64\amdacpusl.dll
2016-07-16 10:58:42 ----SHD---- C:\Config.Msi
2016-07-07 12:18:20 ----A---- C:\Windows\system32\amdicdxx.dat
2016-07-01 22:19:43 ----D---- C:\Users\Martin\AppData\Roaming\Carbon
2016-06-23 20:22:00 ----A---- C:\Windows\SYSWOW64\vulkan-1-1-0-17-0.dll
2016-06-23 20:21:24 ----A---- C:\Windows\SYSWOW64\vulkaninfo-1-1-0-17-0.exe
2016-06-23 20:21:06 ----A---- C:\Windows\system32\vulkan-1-1-0-17-0.dll
2016-06-23 20:20:28 ----A---- C:\Windows\system32\vulkaninfo-1-1-0-17-0.exe
2016-06-17 20:50:52 ----A---- C:\Windows\system32\ativvaxy_stn_nd.dat
2016-06-17 20:45:10 ----A---- C:\Windows\system32\ativvaxy_el_nd.dat
2016-06-16 20:09:36 ----A---- C:\Windows\system32\ativvaxy_FJ_nd.dat
2016-06-06 22:51:58 ----A---- C:\Windows\system32\ativvaxy_FJ.dat
2016-06-06 22:47:58 ----A---- C:\Windows\system32\ativvaxy_cz_nd.dat
2016-06-03 16:56:08 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2016-06-03 16:56:08 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2016-06-03 16:56:08 ----A---- C:\Windows\system32\vulkaninfo.exe
2016-06-03 16:56:08 ----A---- C:\Windows\system32\vulkan-1.dll
2016-06-03 16:55:58 ----D---- C:\Program Files (x86)\VulkanRT
2016-06-03 16:55:29 ----D---- C:\Program Files (x86)\AMD
2016-06-03 16:53:50 ----D---- C:\Users\Martin\AppData\Roaming\ATI
2016-06-03 16:53:50 ----D---- C:\ProgramData\ATI

======List of files/folders modified in the last 3 months======

2016-09-01 13:28:43 ----D---- C:\Windows\Temp
2016-09-01 09:43:42 ----D---- C:\Windows\system32\config
2016-09-01 09:33:49 ----D---- C:\Windows\System32
2016-09-01 09:33:49 ----D---- C:\Windows\inf
2016-09-01 09:33:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-08-29 20:37:22 ----SHD---- C:\System Volume Information
2016-08-29 15:15:36 ----RD---- C:\Program Files (x86)
2016-08-29 15:13:53 ----D---- C:\Windows\SysWOW64
2016-08-26 17:37:52 ----D---- C:\ProgramData\Package Cache
2016-08-26 17:37:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-25 18:19:38 ----SHD---- C:\Windows\Installer
2016-08-24 18:01:00 ----RD---- C:\Program Files
2016-08-24 16:49:51 ----D---- C:\Windows
2016-08-21 16:41:32 ----D---- C:\Users\Martin\AppData\Roaming\MPC-HC
2016-08-21 16:32:20 ----D---- C:\Windows\Logs
2016-08-21 16:32:19 ----D---- C:\Windows\debug
2016-08-20 23:43:26 ----D---- C:\Windows\Microsoft.NET
2016-08-20 11:28:08 ----RSD---- C:\Windows\assembly
2016-08-20 09:59:05 ----D---- C:\Windows\system32\Tasks
2016-08-20 09:57:44 ----D---- C:\Windows\system32\catroot
2016-08-20 09:47:52 ----D---- C:\Program Files\AMD
2016-08-20 09:46:11 ----D---- C:\Windows\system32\drivers
2016-08-20 09:45:33 ----D---- C:\Windows\system32\DriverStore
2016-08-19 20:11:15 ----D---- C:\Windows\winsxs
2016-08-19 20:09:51 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-08-19 20:09:51 ----D---- C:\Windows\SYSWOW64\en-US
2016-08-19 20:09:51 ----D---- C:\Windows\system32\sk-SK
2016-08-19 20:09:51 ----D---- C:\Windows\system32\en-US
2016-08-19 20:08:20 ----D---- C:\Windows\system32\MRT
2016-08-19 20:05:56 ----AC---- C:\Windows\system32\MRT.exe
2016-08-19 20:04:58 ----D---- C:\Windows\system32\catroot2
2016-08-02 18:56:04 ----D---- C:\Windows\system32\drivers\en-US
2016-08-02 18:56:02 ----D---- C:\Windows\ehome
2016-08-02 18:55:58 ----D---- C:\Windows\AppPatch
2016-08-02 18:55:56 ----D---- C:\Windows\system32\migration
2016-08-02 18:55:56 ----D---- C:\Program Files\Windows Media Player
2016-08-02 18:55:56 ----D---- C:\Program Files\Windows Journal
2016-08-02 18:55:56 ----D---- C:\Program Files (x86)\Windows Media Player
2016-08-02 18:55:55 ----D---- C:\Windows\system32\CodeIntegrity
2016-08-02 18:55:55 ----D---- C:\Windows\system32\Boot
2016-07-24 16:54:30 ----SD---- C:\Users\Martin\AppData\Roaming\Microsoft
2016-07-19 00:21:44 ----A---- C:\Windows\system32\atiuxp64.dll
2016-07-19 00:21:34 ----A---- C:\Windows\system32\aticfx64.dll
2016-07-19 00:21:24 ----A---- C:\Windows\system32\atidxx64.dll
2016-07-18 22:39:04 ----A---- C:\Windows\SYSWOW64\GameManager32.dll
2016-07-17 14:39:06 ----D---- C:\ProgramData\Origin
2016-07-16 10:54:28 ----D---- C:\AMD
2016-07-12 21:54:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-07-12 20:54:05 ----D---- C:\Windows\system32\Macromed
2016-07-12 20:54:04 ----D---- C:\Windows\SYSWOW64\Macromed
2016-06-03 16:53:50 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2015-06-03 1443776]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2015-06-03 31144]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-07-28 145984]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-07-15 28600]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R2 amdacpksd;ACP Kernel Service Driver; \??\C:\Windows\system32\drivers\amdacpksd.sys [2016-07-19 305032]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-07-28 171752]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-18 79696]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-07-18 26708992]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-07-18 500736]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-30 96256]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT); C:\Windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136]
R3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4; C:\Windows\system32\DRIVERS\flashud.sys [2009-09-09 51712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2015-06-26 4509440]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2015-03-30 803600]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2015-05-19 986368]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-06-25 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-07-18 269824]
R2 amdacpusrsvc;ACP User Service; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [2016-07-18 121856]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2016-07-28 472112]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2016-07-28 472112]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-08-04 320672]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2016-07-28 989696]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2016-07-28 1453696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 PlaysService;Plays.tv Update Service; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2016-03-11 32528]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-25 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12 270016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-21 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-08-25 146888]
S3 Origin Client Service;Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe [2016-07-05 2122248]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-08-23 1465120]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-05-16 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------
tak viete jdowloader je zadarmo,len asi nie je celkom kosher. A kupovat si sony vegas ked ho nemienim pouzivat na biznis ucely nema zmysel. Chcel som ho len vyskusat ale kvoli tymto problemom som sa k tomu ani nedostal.

Re: Podozrenie na haved,preventivka

Napsal: 01 zář 2016 17:03
od Rudy
Dvouklikem na soubor C:\Program Files\trend micro\Martin.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

Víceméně jste tam měl zbytečnosti. Toto je pouze dočištění.

Re: Podozrenie na haved,preventivka

Napsal: 03 zář 2016 22:05
od citizen
Vsetko? Uz nic netreba?

Re: Podozrenie na haved,preventivka

Napsal: 04 zář 2016 10:42
od Rudy
Není-li jiný problém, je to vše.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz