Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu, naliehavý prípad...

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
godfather13
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 26 lis 2008 10:42

Prosím o kontrolu, naliehavý prípad...

#1 Příspěvek od godfather13 »

Dobrý deň,
Veľmi pekne by som Vás chcel poprosiť o kontrolu logu z môjho NTB. Asi pred týždňom mi skončila licencia na Norton 360, a kedže mám v rámci zmluvy s Providerom licenciu na Eset , tak som si vymenil antiviráky, najprv mi našlo asi 3 infiltrácie ktoré som odstránil , no potom mi každá kontrola zastala na 10% a nepohla sa ani po hodinách... PC je teraz spomalený, mrzne, Mozzila aj Chrome sú takmer nepoužiteľné, totálne pomalé a nemám iné zariadenie na ktorom by som mohol pracovať či už do školy, alebo práce. Veľmi Vás prosím, pomôžte mi. Tu prikladám log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Keramont at 2014-10-25 12:37:25
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 11 GB (16%) free of 74 GB
Total RAM: 5611 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:27, on 25. 10. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe
C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files\trend micro\Keramont.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [3200 Scan2PC] "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\ConnectifyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SafetyNut Manager (SafetyNutManager) - Unknown owner - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11998 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"

C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 31219728
\??\C:\Windows\system32\conhost.exe "-3755141772001501869-124019852-2106865135-1396045344206230955229176843480359124
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2504
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"
"C:/Users/Keramont/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
taskeng.exe {77E529A9-67FE-469E-A98E-E26527A73D8C}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"
"H:\Program Files User\ACAD\AutoCAD 2012 - English\acad.exe"
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
"C:\Program Files\Common Files\Autodesk Shared\WSCommCntr3\lib\\WSCommCntr3.exe" -Embedding
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4460.c209df0.798154108 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4460 "\\.\pipe\gecko-crash-server-pipe.4460" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe" --proxy-stub-channel=Flash4744.65EB3FA8.16559 --host-broker-channel=Flash4744.65EB3FA8.11003 --host-pid=4744 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe" --channel=5684.003AF8B0.1528910777 --proxy-stub-channel=Flash4744.65EB3FA8.16559 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll" --host-npapi-version=27 --type=renderer
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"G:\DOWNLOAD\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1200702374-1131186070-1473926133-1002Core.job - C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1200702374-1131186070-1473926133-1002UA.job - C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForKeramont.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForKeramont (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš

"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=C:\Program Files\IMPI\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš\extensions\
trash

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-25 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-25 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-14 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-07-07 157680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-06-10 2799912]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-12-17 525312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe [2014-04-17 4672920]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2013-02-05 1081224]
"Facebook Update"=C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-27 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-06-14 795808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2011-04-08 586808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-06-13 336440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPQuickWebProxy]
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-06-27 168504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBox Price Watch]
C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2010-10-28 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefault]
C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-06-27 42808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-05 336384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe [2013-05-26 1043536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]
C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe /min []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"3200 Scan2PC"=C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [2010-05-18 1989120]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-10-25 12:37:25 ----D---- C:\rsit
2014-10-16 23:26:41 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2014-10-16 23:26:41 ----A---- C:\Windows\system32\drmv2clt.dll
2014-10-16 23:26:41 ----A---- C:\Windows\system32\blackbox.dll
2014-10-16 23:26:39 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2014-10-16 23:26:36 ----A---- C:\Windows\system32\wmp.dll
2014-10-16 23:26:34 ----A---- C:\Windows\system32\mf.dll
2014-10-16 23:26:33 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2014-10-16 23:26:33 ----A---- C:\Windows\system32\wmdrmsdk.dll
2014-10-16 23:26:31 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-10-16 23:26:30 ----A---- C:\Windows\SYSWOW64\wmp.dll
2014-10-16 23:26:27 ----A---- C:\Windows\SYSWOW64\mf.dll
2014-10-16 23:26:27 ----A---- C:\Windows\system32\drmmgrtn.dll
2014-10-16 23:26:26 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2014-10-16 23:26:26 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2014-10-16 23:26:26 ----A---- C:\Windows\system32\ci.dll
2014-10-16 23:26:25 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-10-16 23:26:21 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-10-16 23:26:21 ----A---- C:\Windows\system32\winresume.exe
2014-10-16 23:26:21 ----A---- C:\Windows\system32\winload.exe
2014-10-16 23:26:21 ----A---- C:\Windows\system32\quartz.dll
2014-10-16 23:26:21 ----A---- C:\Windows\system32\AudioEng.dll
2014-10-16 23:26:20 ----A---- C:\Windows\system32\wintrust.dll
2014-10-16 23:26:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-10-16 23:26:20 ----A---- C:\Windows\system32\cryptsvc.dll
2014-10-16 23:26:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-10-16 23:26:19 ----A---- C:\Windows\system32\evr.dll
2014-10-16 23:26:19 ----A---- C:\Windows\system32\EncDump.dll
2014-10-16 23:26:18 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2014-10-16 23:26:18 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2014-10-16 23:26:18 ----A---- C:\Windows\system32\cryptui.dll
2014-10-16 23:26:18 ----A---- C:\Windows\system32\crypt32.dll
2014-10-16 23:26:18 ----A---- C:\Windows\system32\AudioSes.dll
2014-10-16 23:26:17 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-10-16 23:26:17 ----A---- C:\Windows\SYSWOW64\evr.dll
2014-10-16 23:26:17 ----A---- C:\Windows\system32\audiosrv.dll
2014-10-16 23:26:16 ----A---- C:\Windows\SYSWOW64\quartz.dll
2014-10-16 23:26:16 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-10-16 23:26:16 ----A---- C:\Windows\system32\mfplat.dll
2014-10-16 23:26:15 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2014-10-16 23:26:15 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2014-10-16 23:26:15 ----A---- C:\Windows\system32\srcore.dll
2014-10-16 23:26:15 ----A---- C:\Windows\system32\pcasvc.dll
2014-10-16 23:26:14 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2014-10-16 23:26:14 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-10-16 23:26:14 ----A---- C:\Windows\system32\msscp.dll
2014-10-16 23:26:14 ----A---- C:\Windows\system32\cryptsp.dll
2014-10-16 23:26:13 ----A---- C:\Windows\SYSWOW64\msscp.dll
2014-10-16 23:26:13 ----A---- C:\Windows\system32\rstrui.exe
2014-10-16 23:26:13 ----A---- C:\Windows\system32\msnetobj.dll
2014-10-16 23:26:13 ----A---- C:\Windows\system32\appidsvc.dll
2014-10-16 23:26:13 ----A---- C:\Windows\system32\appidapi.dll
2014-10-16 23:26:12 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2014-10-16 23:26:12 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2014-10-16 23:26:12 ----A---- C:\Windows\SYSWOW64\mfps.dll
2014-10-16 23:26:12 ----A---- C:\Windows\system32\rrinstaller.exe
2014-10-16 23:26:12 ----A---- C:\Windows\system32\mfps.dll
2014-10-16 23:26:12 ----A---- C:\Windows\system32\drivers\appid.sys
2014-10-16 23:26:12 ----A---- C:\Windows\system32\audiodg.exe
2014-10-16 23:26:11 ----A---- C:\Windows\SYSWOW64\srclient.dll
2014-10-16 23:26:11 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2014-10-16 23:26:11 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2014-10-16 23:26:11 ----A---- C:\Windows\system32\srclient.dll
2014-10-16 23:26:11 ----A---- C:\Windows\system32\setbcdlocale.dll
2014-10-16 23:26:11 ----A---- C:\Windows\system32\mfpmp.exe
2014-10-16 23:26:11 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 23:26:11 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 23:26:10 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2014-10-16 23:26:10 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2014-10-16 23:26:10 ----A---- C:\Windows\SYSWOW64\mferror.dll
2014-10-16 23:26:10 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2014-10-16 23:26:10 ----A---- C:\Windows\system32\wmploc.DLL
2014-10-16 23:26:10 ----A---- C:\Windows\system32\spwmp.dll
2014-10-16 23:26:10 ----A---- C:\Windows\system32\mferror.dll
2014-10-16 23:26:10 ----A---- C:\Windows\system32\dxmasf.dll
2014-10-16 14:00:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-10-16 14:00:24 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-10-16 14:00:24 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-10-16 14:00:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-10-16 14:00:23 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-10-16 14:00:23 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-10-16 14:00:23 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-16 14:00:23 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-10-16 14:00:23 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-10-16 14:00:23 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 14:00:23 ----A---- C:\Windows\system32\iernonce.dll
2014-10-16 14:00:23 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-16 14:00:23 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-16 14:00:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-10-16 14:00:20 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-10-16 14:00:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-10-16 14:00:20 ----A---- C:\Windows\system32\urlmon.dll
2014-10-16 14:00:20 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-16 14:00:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-10-16 14:00:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-10-16 14:00:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-10-16 14:00:19 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-10-16 14:00:19 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-16 14:00:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 14:00:19 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-16 14:00:19 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-16 14:00:18 ----A---- C:\Windows\system32\iesetup.dll
2014-10-16 14:00:17 ----A---- C:\Windows\system32\iertutil.dll
2014-10-16 14:00:16 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-10-16 14:00:16 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-10-16 14:00:16 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-10-16 14:00:16 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-10-16 14:00:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-10-16 14:00:15 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-10-16 14:00:15 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-10-16 14:00:15 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-10-16 14:00:15 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-16 14:00:14 ----A---- C:\Windows\system32\ieui.dll
2014-10-16 14:00:14 ----A---- C:\Windows\system32\ieframe.dll
2014-10-16 14:00:14 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-16 14:00:13 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-16 14:00:13 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-16 14:00:12 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-16 14:00:12 ----A---- C:\Windows\system32\jscript9.dll
2014-10-16 14:00:12 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-16 14:00:11 ----A---- C:\Windows\system32\wininet.dll
2014-10-16 14:00:11 ----A---- C:\Windows\system32\vbscript.dll
2014-10-16 14:00:11 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-16 14:00:10 ----A---- C:\Windows\system32\msrating.dll
2014-10-16 14:00:10 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-16 14:00:09 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 14:00:09 ----A---- C:\Windows\system32\mshtml.dll
2014-10-16 13:55:04 ----A---- C:\Windows\system32\win32k.sys
2014-10-16 13:50:08 ----A---- C:\Windows\SYSWOW64\rastls.dll
2014-10-16 13:50:08 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 13:49:57 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-16 13:49:57 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-16 13:49:57 ----A---- C:\Windows\system32\mscorier.dll
2014-10-16 13:49:57 ----A---- C:\Windows\system32\dfshim.dll
2014-10-16 13:49:56 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-16 13:49:56 ----A---- C:\Windows\system32\mscories.dll
2014-10-16 13:49:33 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-10-16 13:49:33 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-10-16 13:49:33 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-10-16 13:49:33 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-10-16 13:49:33 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-10-16 13:49:33 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-10-16 13:49:33 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-10-16 13:49:33 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-10-16 13:49:33 ----A---- C:\Windows\system32\KBDRU.DLL
2014-10-16 13:49:33 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-10-16 13:44:39 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-10-16 13:44:39 ----A---- C:\Windows\system32\msi.dll
2014-10-16 13:44:21 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-10-16 13:44:21 ----A---- C:\Windows\system32\termsrv.dll
2014-10-16 13:44:21 ----A---- C:\Windows\system32\mstscax.dll
2014-10-16 13:44:21 ----A---- C:\Windows\system32\mstsc.exe
2014-10-16 13:44:20 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-16 13:44:20 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-10-16 13:44:20 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-10-16 13:44:20 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-10-16 13:44:20 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-10-16 13:44:20 ----A---- C:\Windows\system32\winsta.dll
2014-10-16 13:44:20 ----A---- C:\Windows\system32\winlogon.exe
2014-10-16 13:44:20 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-16 13:44:20 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-16 13:44:20 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-16 13:44:20 ----A---- C:\Windows\system32\credssp.dll
2014-10-16 13:44:19 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-16 13:44:01 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-10-16 13:44:01 ----A---- C:\Windows\system32\packager.dll
2014-10-12 17:58:35 ----RD---- C:\Program Files (x86)\Skype
2014-10-12 17:56:07 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-10-12 17:55:47 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 17:55:47 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-10-12 17:55:47 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-10-11 23:00:29 ----D---- C:\ProgramData\ESET
2014-10-11 23:00:29 ----D---- C:\Program Files\ESET
2014-10-11 01:37:32 ----D---- C:\Program Files (x86)\TeamViewer
2014-10-10 14:42:30 ----A---- C:\Windows\system32\drivers\cnnctfy3.sys
2014-10-01 16:55:45 ----D---- C:\Program Files (x86)\Pixia ver. 6
2014-10-01 13:26:27 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2014-10-01 13:26:27 ----A---- C:\Windows\system32\qdvd.dll

======List of files/folders modified in the last 1 month======

2014-10-25 12:37:27 ----D---- C:\Windows\Prefetch
2014-10-25 12:37:26 ----D---- C:\Windows\temp
2014-10-25 12:37:26 ----D---- C:\Program Files\trend micro
2014-10-25 09:48:37 ----D---- C:\Windows\system32\config
2014-10-24 21:30:43 ----D---- C:\Users\Keramont\AppData\Roaming\vlc
2014-10-24 19:03:38 ----D---- C:\Windows\System32
2014-10-24 19:03:38 ----D---- C:\Windows\inf
2014-10-24 19:03:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-23 22:12:27 ----D---- C:\The KMPlayer
2014-10-18 19:59:32 ----SHD---- C:\System Volume Information
2014-10-18 19:59:31 ----D---- C:\Windows\rescache
2014-10-18 19:36:23 ----D---- C:\Windows\Microsoft.NET
2014-10-17 17:53:36 ----RSD---- C:\Windows\assembly
2014-10-17 11:54:07 ----D---- C:\Windows\system32\catroot2
2014-10-17 11:46:53 ----D---- C:\Windows\winsxs
2014-10-17 11:42:36 ----D---- C:\Windows\SysWOW64
2014-10-17 11:42:30 ----RSD---- C:\Windows\Fonts
2014-10-17 11:42:20 ----D---- C:\Program Files\Windows Media Player
2014-10-17 11:42:19 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-10-17 11:42:19 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-17 11:42:18 ----D---- C:\Windows\SYSWOW64\Dism
2014-10-17 11:42:14 ----D---- C:\Windows\system32\drivers
2014-10-17 11:42:14 ----D---- C:\Windows\system32\Dism
2014-10-17 11:42:13 ----D---- C:\Windows\system32\sk-SK
2014-10-17 11:42:12 ----D---- C:\Windows\system32\en-US
2014-10-17 11:42:06 ----D---- C:\Windows\system32\Boot
2014-10-17 11:42:05 ----D---- C:\Windows\system32\CodeIntegrity
2014-10-17 11:42:03 ----D---- C:\Program Files\Internet Explorer
2014-10-17 11:42:02 ----D---- C:\Windows\SYSWOW64\en-US
2014-10-17 11:41:54 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 23:58:55 ----SHD---- C:\Windows\Installer
2014-10-16 23:56:51 ----D---- C:\ProgramData\Microsoft Help
2014-10-16 23:35:07 ----D---- C:\Windows\system32\MRT
2014-10-16 23:35:06 ----D---- C:\Windows\debug
2014-10-16 23:35:01 ----A---- C:\Windows\system32\MRT.exe
2014-10-16 23:24:52 ----D---- C:\Windows\system32\catroot
2014-10-12 18:00:19 ----D---- C:\Windows
2014-10-12 17:59:59 ----D---- C:\Program Files (x86)
2014-10-12 17:58:38 ----D---- C:\Program Files (x86)\Common Files
2014-10-12 17:58:34 ----D---- C:\ProgramData\Skype
2014-10-12 17:55:47 ----D---- C:\ProgramData\Malwarebytes
2014-10-12 12:40:33 ----D---- C:\Program Files (x86)\Connectify
2014-10-12 01:42:58 ----D---- C:\Users\Keramont\AppData\Roaming\Skype
2014-10-12 01:16:52 ----D---- C:\Windows\system32\Tasks
2014-10-12 00:34:48 ----D---- C:\Program Files\IMPI
2014-10-11 23:00:55 ----D---- C:\Windows\system32\DriverStore
2014-10-11 23:00:29 ----RD---- C:\Program Files
2014-10-11 23:00:29 ----D---- C:\ProgramData
2014-10-11 22:43:48 ----D---- C:\ProgramData\Norton
2014-10-11 22:34:02 ----D---- C:\ProgramData\Performancer
2014-10-11 22:32:14 ----D---- C:\Program Files\Common Files
2014-10-11 01:37:38 ----D---- C:\Users\Keramont\AppData\Roaming\TeamViewer
2014-10-10 14:54:12 ----D---- C:\Program Files (x86)\Virtual Router
2014-10-02 23:01:09 ----D---- C:\Windows\system32\wdi
2014-10-01 16:56:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-09-26 11:46:15 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-07-03 198944]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-02 834544]
R1 cnnctfy3;Connectify LightWeight Filter; C:\Windows\system32\DRIVERS\cnnctfy3.sys [2014-10-10 42152]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-07 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-04-21 2727424]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-06-14 30368]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-01 412264]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-12-17 520192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-06-10 1451056]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-06-14 36000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-06-14 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-06-14 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-06-14 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-06-14 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-06-14 280992]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-06-14 496800]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-05-01 20568]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 63704]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\Windows\system32\DRIVERS\silabenm.sys [2011-08-08 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2011-08-08 70656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-04-24 42184]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-06 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-14 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-06-14 97952]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2011-06-20 73728]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-12-17 276992]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-05-08 1471352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 SafetyNutManager;SafetyNut Manager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 Connectify;Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [2014-10-01 487936]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-03-14 994176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-25 114288]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-06 1255736]
S4 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119547
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu, naliehavý prípad...

#2 Příspěvek od Rudy »

Zdravím!
Spusťte nejprve tuto mutilitu:
Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
godfather13
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 26 lis 2008 10:42

Re: Prosím o kontrolu, naliehavý prípad...

#3 Příspěvek od godfather13 »

Ďakujem za rýchlo reakciu.
Tu je log z AdwCleaner:

# AdwCleaner v4.001 - Report created 25/10/2014 at 13:13:34
# DB v2014-10-23.2
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Keramont - METRO-HP
# Running from : C:\Users\Keramont\Desktop\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : SafetyNutManager

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DataMngr
Folder Deleted : C:\Users\Keramont\AppData\LocalLow\DataMngr
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Keramont\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Keramont\Documents\Optimizer Pro
Folder Deleted : C:\ProgramData\Performancer
Folder Deleted : C:\ProgramData\wincert
File Deleted : C:\Users\Keramont\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\Keramont\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{dfc86759}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F937787D1134BBA4B846D98011F78299

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 cs)


-\\ Google Chrome v35.0.1916.114


*************************

AdwCleaner[R3].txt - [3019 octets] - [25/10/2014 13:10:38]
AdwCleaner[S2].txt - [2810 octets] - [25/10/2014 13:13:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2870 octets] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119547
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu, naliehavý prípad...

#4 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
godfather13
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 26 lis 2008 10:42

Re: Prosím o kontrolu, naliehavý prípad...

#5 Příspěvek od godfather13 »

RSIT Log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Keramont at 2014-10-26 14:45:52
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 11 GB (15%) free of 74 GB
Total RAM: 5611 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:45:55, on 26. 10. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe
C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Program Files\Common Files\Autodesk Shared\AcHelp2.exe
H:\Program Files User\ACAD\AutoCAD 2012 - English\AdExchange\AdExchange.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files\trend micro\Keramont.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [3200 Scan2PC] "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\ConnectifyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12375 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"

C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 36734624
\??\C:\Windows\system32\conhost.exe "-367878226-1473397166-15257684165653559481177565581154098011-1448621316-1887120977
taskeng.exe {ED08DCE5-1612-480D-A03A-292CF659D4AC}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2620
"taskhost.exe"
C:\Windows\System32\alg.exe
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"
"C:/Users/Keramont/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
taskeng.exe {65E01C43-D438-4A46-B9C4-B882E71551E2}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Connectify\Connectify.exe" connectify://show
"C:\Program Files (x86)\Connectify\ConnectifyService.exe"
"ConnectifyD.exe"
\??\C:\Windows\system32\conhost.exe "1438525760-20385460-141057299112471919911157129921-886332437-1535737341298953930
"H:\Program Files User\ACAD\AutoCAD 2012 - English\acad.exe"
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
"C:\Program Files\Common Files\Autodesk Shared\WSCommCntr3\lib\\WSCommCntr3.exe" -Embedding
"C:\Program Files\Common Files\Autodesk Shared\AcHelp2.exe" /Automation -Embedding
4556;0000000000030602
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "K:\Fairy tail\Fairy Tail\Fairy Tail - 81.mkv"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3512.14760ae0.2084225460 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3512 "\\.\pipe\gecko-crash-server-pipe.3512" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe" --proxy-stub-channel=Flash2636.5AA63FA8.8344 --host-broker-channel=Flash2636.5AA63FA8.5579 --host-pid=2636 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe" --channel=1844.0018F3A4.1309032645 --proxy-stub-channel=Flash2636.5AA63FA8.8344 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll" --host-npapi-version=27 --type=renderer
C:\Windows\system32\wbem\wmiprvse.exe
"ConnectifyNetServices.exe" -v -i C:\ProgramData\Connectify\cache\ConnectifyNetServices.ini -s C:\ProgramData\Connectify\cache\ConnectifyNetServices.state -l C:\ProgramData\Connectify\logs
\??\C:\Windows\system32\conhost.exe "-1916249100-18339501371415478711-12209602431570166345-1526055539908641871827439496
"G:\DOWNLOAD\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1200702374-1131186070-1473926133-1002Core.job - C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1200702374-1131186070-1473926133-1002UA.job - C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForKeramont.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForKeramont (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš

"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=C:\Program Files\IMPI\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš\extensions\
trash

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-25 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21 6270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-25 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-14 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-07-07 157680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-06-10 2799912]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-12-17 525312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=C:\Users\Keramont\AppData\Local\Akamai\netsession_win.exe [2014-04-17 4672920]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2013-02-05 1081224]
"Facebook Update"=C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-27 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-06-14 795808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2011-04-08 586808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-06-13 336440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPQuickWebProxy]
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-06-27 168504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBox Price Watch]
C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2010-10-28 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefault]
C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-06-27 42808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-05 336384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe [2013-05-26 1043536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]
C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe /min []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"3200 Scan2PC"=C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [2010-05-18 1989120]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-10-25 16:34:47 ----RD---- C:\Program Files (x86)\Skype
2014-10-25 12:10:00 ----D---- C:\AdwCleaner
2014-10-25 11:37:25 ----D---- C:\rsit
2014-10-16 22:26:41 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2014-10-16 22:26:41 ----A---- C:\Windows\system32\drmv2clt.dll
2014-10-16 22:26:41 ----A---- C:\Windows\system32\blackbox.dll
2014-10-16 22:26:39 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2014-10-16 22:26:36 ----A---- C:\Windows\system32\wmp.dll
2014-10-16 22:26:34 ----A---- C:\Windows\system32\mf.dll
2014-10-16 22:26:33 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2014-10-16 22:26:33 ----A---- C:\Windows\system32\wmdrmsdk.dll
2014-10-16 22:26:31 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-10-16 22:26:30 ----A---- C:\Windows\SYSWOW64\wmp.dll
2014-10-16 22:26:27 ----A---- C:\Windows\SYSWOW64\mf.dll
2014-10-16 22:26:27 ----A---- C:\Windows\system32\drmmgrtn.dll
2014-10-16 22:26:26 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2014-10-16 22:26:26 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2014-10-16 22:26:26 ----A---- C:\Windows\system32\ci.dll
2014-10-16 22:26:25 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-10-16 22:26:21 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-10-16 22:26:21 ----A---- C:\Windows\system32\winresume.exe
2014-10-16 22:26:21 ----A---- C:\Windows\system32\winload.exe
2014-10-16 22:26:21 ----A---- C:\Windows\system32\quartz.dll
2014-10-16 22:26:21 ----A---- C:\Windows\system32\AudioEng.dll
2014-10-16 22:26:20 ----A---- C:\Windows\system32\wintrust.dll
2014-10-16 22:26:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-10-16 22:26:20 ----A---- C:\Windows\system32\cryptsvc.dll
2014-10-16 22:26:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-10-16 22:26:19 ----A---- C:\Windows\system32\evr.dll
2014-10-16 22:26:19 ----A---- C:\Windows\system32\EncDump.dll
2014-10-16 22:26:18 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2014-10-16 22:26:18 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2014-10-16 22:26:18 ----A---- C:\Windows\system32\cryptui.dll
2014-10-16 22:26:18 ----A---- C:\Windows\system32\crypt32.dll
2014-10-16 22:26:18 ----A---- C:\Windows\system32\AudioSes.dll
2014-10-16 22:26:17 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-10-16 22:26:17 ----A---- C:\Windows\SYSWOW64\evr.dll
2014-10-16 22:26:17 ----A---- C:\Windows\system32\audiosrv.dll
2014-10-16 22:26:16 ----A---- C:\Windows\SYSWOW64\quartz.dll
2014-10-16 22:26:16 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-10-16 22:26:16 ----A---- C:\Windows\system32\mfplat.dll
2014-10-16 22:26:15 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2014-10-16 22:26:15 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2014-10-16 22:26:15 ----A---- C:\Windows\system32\srcore.dll
2014-10-16 22:26:15 ----A---- C:\Windows\system32\pcasvc.dll
2014-10-16 22:26:14 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2014-10-16 22:26:14 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-10-16 22:26:14 ----A---- C:\Windows\system32\msscp.dll
2014-10-16 22:26:14 ----A---- C:\Windows\system32\cryptsp.dll
2014-10-16 22:26:13 ----A---- C:\Windows\SYSWOW64\msscp.dll
2014-10-16 22:26:13 ----A---- C:\Windows\system32\rstrui.exe
2014-10-16 22:26:13 ----A---- C:\Windows\system32\msnetobj.dll
2014-10-16 22:26:13 ----A---- C:\Windows\system32\appidsvc.dll
2014-10-16 22:26:13 ----A---- C:\Windows\system32\appidapi.dll
2014-10-16 22:26:12 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2014-10-16 22:26:12 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2014-10-16 22:26:12 ----A---- C:\Windows\SYSWOW64\mfps.dll
2014-10-16 22:26:12 ----A---- C:\Windows\system32\rrinstaller.exe
2014-10-16 22:26:12 ----A---- C:\Windows\system32\mfps.dll
2014-10-16 22:26:12 ----A---- C:\Windows\system32\drivers\appid.sys
2014-10-16 22:26:12 ----A---- C:\Windows\system32\audiodg.exe
2014-10-16 22:26:11 ----A---- C:\Windows\SYSWOW64\srclient.dll
2014-10-16 22:26:11 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2014-10-16 22:26:11 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2014-10-16 22:26:11 ----A---- C:\Windows\system32\srclient.dll
2014-10-16 22:26:11 ----A---- C:\Windows\system32\setbcdlocale.dll
2014-10-16 22:26:11 ----A---- C:\Windows\system32\mfpmp.exe
2014-10-16 22:26:11 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 22:26:11 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\mferror.dll
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2014-10-16 22:26:10 ----A---- C:\Windows\system32\wmploc.DLL
2014-10-16 22:26:10 ----A---- C:\Windows\system32\spwmp.dll
2014-10-16 22:26:10 ----A---- C:\Windows\system32\mferror.dll
2014-10-16 22:26:10 ----A---- C:\Windows\system32\dxmasf.dll
2014-10-16 13:00:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-10-16 13:00:24 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-10-16 13:00:24 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\iernonce.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-16 13:00:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-10-16 13:00:20 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-10-16 13:00:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-10-16 13:00:20 ----A---- C:\Windows\system32\urlmon.dll
2014-10-16 13:00:20 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-10-16 13:00:19 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-16 13:00:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 13:00:19 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-16 13:00:19 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-16 13:00:18 ----A---- C:\Windows\system32\iesetup.dll
2014-10-16 13:00:17 ----A---- C:\Windows\system32\iertutil.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-10-16 13:00:15 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-16 13:00:14 ----A---- C:\Windows\system32\ieui.dll
2014-10-16 13:00:14 ----A---- C:\Windows\system32\ieframe.dll
2014-10-16 13:00:14 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-16 13:00:13 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-16 13:00:13 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-16 13:00:12 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-16 13:00:12 ----A---- C:\Windows\system32\jscript9.dll
2014-10-16 13:00:12 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-16 13:00:11 ----A---- C:\Windows\system32\wininet.dll
2014-10-16 13:00:11 ----A---- C:\Windows\system32\vbscript.dll
2014-10-16 13:00:11 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-16 13:00:10 ----A---- C:\Windows\system32\msrating.dll
2014-10-16 13:00:10 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-16 13:00:09 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 13:00:09 ----A---- C:\Windows\system32\mshtml.dll
2014-10-16 12:55:04 ----A---- C:\Windows\system32\win32k.sys
2014-10-16 12:50:08 ----A---- C:\Windows\SYSWOW64\rastls.dll
2014-10-16 12:50:08 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 12:49:57 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-16 12:49:57 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-16 12:49:57 ----A---- C:\Windows\system32\mscorier.dll
2014-10-16 12:49:57 ----A---- C:\Windows\system32\dfshim.dll
2014-10-16 12:49:56 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-16 12:49:56 ----A---- C:\Windows\system32\mscories.dll
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDRU.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-10-16 12:44:39 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-10-16 12:44:39 ----A---- C:\Windows\system32\msi.dll
2014-10-16 12:44:21 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-10-16 12:44:21 ----A---- C:\Windows\system32\termsrv.dll
2014-10-16 12:44:21 ----A---- C:\Windows\system32\mstscax.dll
2014-10-16 12:44:21 ----A---- C:\Windows\system32\mstsc.exe
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\winsta.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\winlogon.exe
2014-10-16 12:44:20 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-16 12:44:20 ----A---- C:\Windows\system32\credssp.dll
2014-10-16 12:44:19 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-16 12:44:01 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-10-16 12:44:01 ----A---- C:\Windows\system32\packager.dll
2014-10-12 16:56:07 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-10-12 16:55:47 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 16:55:47 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-10-12 16:55:47 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-10-11 22:00:29 ----D---- C:\ProgramData\ESET
2014-10-11 22:00:29 ----D---- C:\Program Files\ESET
2014-10-11 00:37:32 ----D---- C:\Program Files (x86)\TeamViewer
2014-10-10 13:42:30 ----A---- C:\Windows\system32\drivers\cnnctfy3.sys
2014-10-01 15:55:45 ----D---- C:\Program Files (x86)\Pixia ver. 6
2014-10-01 12:26:27 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2014-10-01 12:26:27 ----A---- C:\Windows\system32\qdvd.dll

======List of files/folders modified in the last 1 month======

2014-10-26 14:45:55 ----D---- C:\Windows\temp
2014-10-26 14:45:55 ----D---- C:\Program Files\trend micro
2014-10-26 13:11:52 ----D---- C:\Users\Keramont\AppData\Roaming\vlc
2014-10-26 12:30:50 ----D---- C:\Windows\system32\config
2014-10-26 12:18:10 ----D---- C:\Windows\Prefetch
2014-10-26 12:17:23 ----D---- C:\Windows\System32
2014-10-26 12:17:23 ----D---- C:\Windows\inf
2014-10-26 12:17:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-26 01:25:52 ----D---- C:\Users\Keramont\AppData\Roaming\Skype
2014-10-25 16:35:23 ----SHD---- C:\Windows\Installer
2014-10-25 16:34:56 ----D---- C:\ProgramData\Skype
2014-10-25 16:34:50 ----D---- C:\Program Files (x86)\Common Files
2014-10-25 16:34:47 ----D---- C:\Program Files (x86)
2014-10-25 16:31:46 ----SHD---- C:\System Volume Information
2014-10-25 13:38:37 ----D---- C:\The KMPlayer
2014-10-25 12:14:32 ----D---- C:\Windows
2014-10-25 12:13:34 ----D---- C:\ProgramData
2014-10-18 18:59:31 ----D---- C:\Windows\rescache
2014-10-18 18:36:23 ----D---- C:\Windows\Microsoft.NET
2014-10-17 16:53:36 ----RSD---- C:\Windows\assembly
2014-10-17 10:54:07 ----D---- C:\Windows\system32\catroot2
2014-10-17 10:46:53 ----D---- C:\Windows\winsxs
2014-10-17 10:42:36 ----D---- C:\Windows\SysWOW64
2014-10-17 10:42:30 ----RSD---- C:\Windows\Fonts
2014-10-17 10:42:20 ----D---- C:\Program Files\Windows Media Player
2014-10-17 10:42:19 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-10-17 10:42:19 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-17 10:42:18 ----D---- C:\Windows\SYSWOW64\Dism
2014-10-17 10:42:14 ----D---- C:\Windows\system32\drivers
2014-10-17 10:42:14 ----D---- C:\Windows\system32\Dism
2014-10-17 10:42:13 ----D---- C:\Windows\system32\sk-SK
2014-10-17 10:42:12 ----D---- C:\Windows\system32\en-US
2014-10-17 10:42:06 ----D---- C:\Windows\system32\Boot
2014-10-17 10:42:05 ----D---- C:\Windows\system32\CodeIntegrity
2014-10-17 10:42:03 ----D---- C:\Program Files\Internet Explorer
2014-10-17 10:42:02 ----D---- C:\Windows\SYSWOW64\en-US
2014-10-17 10:41:54 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 22:56:51 ----D---- C:\ProgramData\Microsoft Help
2014-10-16 22:50:24 ----D---- C:\Windows\system32\MRT
2014-10-16 22:35:06 ----D---- C:\Windows\debug
2014-10-16 22:35:01 ----A---- C:\Windows\system32\MRT.exe
2014-10-16 22:24:52 ----D---- C:\Windows\system32\catroot
2014-10-12 16:55:47 ----D---- C:\ProgramData\Malwarebytes
2014-10-12 11:40:33 ----D---- C:\Program Files (x86)\Connectify
2014-10-12 00:16:52 ----D---- C:\Windows\system32\Tasks
2014-10-11 23:34:48 ----D---- C:\Program Files\IMPI
2014-10-11 22:00:55 ----D---- C:\Windows\system32\DriverStore
2014-10-11 22:00:29 ----RD---- C:\Program Files
2014-10-11 21:43:48 ----D---- C:\ProgramData\Norton
2014-10-11 21:32:14 ----D---- C:\Program Files\Common Files
2014-10-11 00:37:38 ----D---- C:\Users\Keramont\AppData\Roaming\TeamViewer
2014-10-10 13:54:12 ----D---- C:\Program Files (x86)\Virtual Router
2014-10-02 22:01:09 ----D---- C:\Windows\system32\wdi
2014-10-01 15:56:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-07-03 198944]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-02 834544]
R1 cnnctfy3;Connectify LightWeight Filter; C:\Windows\system32\DRIVERS\cnnctfy3.sys [2014-10-10 42152]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-07 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-04-21 2727424]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-06-14 30368]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-12-17 520192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-06-10 1451056]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-06-14 36000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-06-14 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-06-14 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-06-14 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-06-14 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-06-14 280992]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-06-14 496800]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-05-01 20568]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 63704]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\Windows\system32\DRIVERS\silabenm.sys [2011-08-08 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2011-08-08 70656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-04-24 42184]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-06 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-14 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-06-14 97952]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2011-06-20 73728]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-12-17 276992]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R3 Connectify;Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [2014-10-01 487936]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-05-08 1471352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-03-14 994176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-25 114288]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-06 1255736]
S4 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119547
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu, naliehavý prípad...

#6 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Users\Keramont\AppData\Local\Akamai
C:\Program Files (x86)\Skype\Toolbars
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1200702374-1131186070-1473926133-1002Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1200702374-1131186070-1473926133-1002UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-

:services
c2cautoupdatesvc
c2cpnrsvc

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
godfather13
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 26 lis 2008 10:42

Re: Prosím o kontrolu, naliehavý prípad...

#7 Příspěvek od godfather13 »

Log z OTM:
All processes killed
========== FILES ==========
C:\Users\Keramont\AppData\Local\Akamai\Logs\dump folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Logs folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Languages folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Cache\download.autodesk.com\esd\dwgtrueview\2014 folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Cache\download.autodesk.com\esd\dwgtrueview folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Cache\download.autodesk.com\esd\designreview\2013\adr\en-us folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Cache\download.autodesk.com\esd\designreview\2013\adr folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Cache\download.autodesk.com\esd\designreview\2013 folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Cache\download.autodesk.com\esd\designreview folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Cache\download.autodesk.com\esd folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Cache\download.autodesk.com folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai\Cache folder moved successfully.
C:\Users\Keramont\AppData\Local\Akamai folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\Shared x64 folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\Shared folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\PNRSvc folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64 folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\FirefoxAddOn folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars folder moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1200702374-1131186070-1473926133-1002Core.job moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1200702374-1131186070-1473926133-1002UA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
========== SERVICES/DRIVERS ==========
Service c2cautoupdatesvc stopped successfully!
Service c2cautoupdatesvc deleted successfully!
Service c2cpnrsvc stopped successfully!
Service c2cpnrsvc deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dub_cm_auto

User: Keramont
->Temp folder emptied: 26612087 bytes
->Temporary Internet Files folder emptied: 20714640 bytes
->Java cache emptied: 367049 bytes
->FireFox cache emptied: 370087666 bytes
->Google Chrome cache emptied: 6626346 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 6177 bytes

User: Metro
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19758663 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 188958 bytes

Total Files Cleaned = 424,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: dub_cm_auto

User: Keramont
->Flash cache emptied: 0 bytes

User: Metro

User: Public

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 10262014_214909

Files moved on Reboot...
C:\Users\Keramont\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Keramont\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...


Log z RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Keramont at 2014-10-26 22:11:47
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 12 GB (17%) free of 74 GB
Total RAM: 5611 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:11:49, on 26. 10. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Keramont.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [3200 Scan2PC] "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\ConnectifyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11673 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 26302432
\??\C:\Windows\system32\conhost.exe "173798641-1234738225-1108733794-159050044-877794442-865243740-1536068340655837816
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2580
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"taskhost.exe"
taskeng.exe {AC244510-839C-47F2-A64F-A322C255B799}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {0C3FCC04-6A4A-4DE3-8D3B-8DE9FA342982}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\10262014_214909.log
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"
"C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"G:\DOWNLOAD\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForKeramont.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForKeramont (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš

"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=C:\Program Files\IMPI\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš\extensions\
trash

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-25 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-25 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-14 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-07-07 157680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-06-10 2799912]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-12-17 525312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2013-02-05 1081224]
"Facebook Update"=C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-27 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-06-14 795808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2011-04-08 586808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-06-13 336440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPQuickWebProxy]
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-06-27 168504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBox Price Watch]
C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2010-10-28 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefault]
C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-06-27 42808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-05 336384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe [2013-05-26 1043536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]
C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe /min []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"3200 Scan2PC"=C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [2010-05-18 1989120]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-10-26 21:49:09 ----D---- C:\_OTM
2014-10-25 16:34:47 ----RD---- C:\Program Files (x86)\Skype
2014-10-25 12:10:00 ----D---- C:\AdwCleaner
2014-10-25 11:37:25 ----D---- C:\rsit
2014-10-16 22:26:41 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2014-10-16 22:26:41 ----A---- C:\Windows\system32\drmv2clt.dll
2014-10-16 22:26:41 ----A---- C:\Windows\system32\blackbox.dll
2014-10-16 22:26:39 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2014-10-16 22:26:36 ----A---- C:\Windows\system32\wmp.dll
2014-10-16 22:26:34 ----A---- C:\Windows\system32\mf.dll
2014-10-16 22:26:33 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2014-10-16 22:26:33 ----A---- C:\Windows\system32\wmdrmsdk.dll
2014-10-16 22:26:31 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-10-16 22:26:30 ----A---- C:\Windows\SYSWOW64\wmp.dll
2014-10-16 22:26:27 ----A---- C:\Windows\SYSWOW64\mf.dll
2014-10-16 22:26:27 ----A---- C:\Windows\system32\drmmgrtn.dll
2014-10-16 22:26:26 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2014-10-16 22:26:26 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2014-10-16 22:26:26 ----A---- C:\Windows\system32\ci.dll
2014-10-16 22:26:25 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-10-16 22:26:21 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-10-16 22:26:21 ----A---- C:\Windows\system32\winresume.exe
2014-10-16 22:26:21 ----A---- C:\Windows\system32\winload.exe
2014-10-16 22:26:21 ----A---- C:\Windows\system32\quartz.dll
2014-10-16 22:26:21 ----A---- C:\Windows\system32\AudioEng.dll
2014-10-16 22:26:20 ----A---- C:\Windows\system32\wintrust.dll
2014-10-16 22:26:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-10-16 22:26:20 ----A---- C:\Windows\system32\cryptsvc.dll
2014-10-16 22:26:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-10-16 22:26:19 ----A---- C:\Windows\system32\evr.dll
2014-10-16 22:26:19 ----A---- C:\Windows\system32\EncDump.dll
2014-10-16 22:26:18 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2014-10-16 22:26:18 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2014-10-16 22:26:18 ----A---- C:\Windows\system32\cryptui.dll
2014-10-16 22:26:18 ----A---- C:\Windows\system32\crypt32.dll
2014-10-16 22:26:18 ----A---- C:\Windows\system32\AudioSes.dll
2014-10-16 22:26:17 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-10-16 22:26:17 ----A---- C:\Windows\SYSWOW64\evr.dll
2014-10-16 22:26:17 ----A---- C:\Windows\system32\audiosrv.dll
2014-10-16 22:26:16 ----A---- C:\Windows\SYSWOW64\quartz.dll
2014-10-16 22:26:16 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-10-16 22:26:16 ----A---- C:\Windows\system32\mfplat.dll
2014-10-16 22:26:15 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2014-10-16 22:26:15 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2014-10-16 22:26:15 ----A---- C:\Windows\system32\srcore.dll
2014-10-16 22:26:15 ----A---- C:\Windows\system32\pcasvc.dll
2014-10-16 22:26:14 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2014-10-16 22:26:14 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-10-16 22:26:14 ----A---- C:\Windows\system32\msscp.dll
2014-10-16 22:26:14 ----A---- C:\Windows\system32\cryptsp.dll
2014-10-16 22:26:13 ----A---- C:\Windows\SYSWOW64\msscp.dll
2014-10-16 22:26:13 ----A---- C:\Windows\system32\rstrui.exe
2014-10-16 22:26:13 ----A---- C:\Windows\system32\msnetobj.dll
2014-10-16 22:26:13 ----A---- C:\Windows\system32\appidsvc.dll
2014-10-16 22:26:13 ----A---- C:\Windows\system32\appidapi.dll
2014-10-16 22:26:12 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2014-10-16 22:26:12 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2014-10-16 22:26:12 ----A---- C:\Windows\SYSWOW64\mfps.dll
2014-10-16 22:26:12 ----A---- C:\Windows\system32\rrinstaller.exe
2014-10-16 22:26:12 ----A---- C:\Windows\system32\mfps.dll
2014-10-16 22:26:12 ----A---- C:\Windows\system32\drivers\appid.sys
2014-10-16 22:26:12 ----A---- C:\Windows\system32\audiodg.exe
2014-10-16 22:26:11 ----A---- C:\Windows\SYSWOW64\srclient.dll
2014-10-16 22:26:11 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2014-10-16 22:26:11 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2014-10-16 22:26:11 ----A---- C:\Windows\system32\srclient.dll
2014-10-16 22:26:11 ----A---- C:\Windows\system32\setbcdlocale.dll
2014-10-16 22:26:11 ----A---- C:\Windows\system32\mfpmp.exe
2014-10-16 22:26:11 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 22:26:11 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\mferror.dll
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2014-10-16 22:26:10 ----A---- C:\Windows\system32\wmploc.DLL
2014-10-16 22:26:10 ----A---- C:\Windows\system32\spwmp.dll
2014-10-16 22:26:10 ----A---- C:\Windows\system32\mferror.dll
2014-10-16 22:26:10 ----A---- C:\Windows\system32\dxmasf.dll
2014-10-16 13:00:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-10-16 13:00:24 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-10-16 13:00:24 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\iernonce.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-16 13:00:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-10-16 13:00:20 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-10-16 13:00:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-10-16 13:00:20 ----A---- C:\Windows\system32\urlmon.dll
2014-10-16 13:00:20 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-10-16 13:00:19 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-16 13:00:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 13:00:19 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-16 13:00:19 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-16 13:00:18 ----A---- C:\Windows\system32\iesetup.dll
2014-10-16 13:00:17 ----A---- C:\Windows\system32\iertutil.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-10-16 13:00:15 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-16 13:00:14 ----A---- C:\Windows\system32\ieui.dll
2014-10-16 13:00:14 ----A---- C:\Windows\system32\ieframe.dll
2014-10-16 13:00:14 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-16 13:00:13 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-16 13:00:13 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-16 13:00:12 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-16 13:00:12 ----A---- C:\Windows\system32\jscript9.dll
2014-10-16 13:00:12 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-16 13:00:11 ----A---- C:\Windows\system32\wininet.dll
2014-10-16 13:00:11 ----A---- C:\Windows\system32\vbscript.dll
2014-10-16 13:00:11 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-16 13:00:10 ----A---- C:\Windows\system32\msrating.dll
2014-10-16 13:00:10 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-16 13:00:09 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 13:00:09 ----A---- C:\Windows\system32\mshtml.dll
2014-10-16 12:55:04 ----A---- C:\Windows\system32\win32k.sys
2014-10-16 12:50:08 ----A---- C:\Windows\SYSWOW64\rastls.dll
2014-10-16 12:50:08 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 12:49:57 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-16 12:49:57 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-16 12:49:57 ----A---- C:\Windows\system32\mscorier.dll
2014-10-16 12:49:57 ----A---- C:\Windows\system32\dfshim.dll
2014-10-16 12:49:56 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-16 12:49:56 ----A---- C:\Windows\system32\mscories.dll
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDRU.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-10-16 12:44:39 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-10-16 12:44:39 ----A---- C:\Windows\system32\msi.dll
2014-10-16 12:44:21 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-10-16 12:44:21 ----A---- C:\Windows\system32\termsrv.dll
2014-10-16 12:44:21 ----A---- C:\Windows\system32\mstscax.dll
2014-10-16 12:44:21 ----A---- C:\Windows\system32\mstsc.exe
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\winsta.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\winlogon.exe
2014-10-16 12:44:20 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-16 12:44:20 ----A---- C:\Windows\system32\credssp.dll
2014-10-16 12:44:19 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-16 12:44:01 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-10-16 12:44:01 ----A---- C:\Windows\system32\packager.dll
2014-10-12 16:56:07 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-10-12 16:55:47 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 16:55:47 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-10-12 16:55:47 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-10-11 22:00:29 ----D---- C:\ProgramData\ESET
2014-10-11 22:00:29 ----D---- C:\Program Files\ESET
2014-10-11 00:37:32 ----D---- C:\Program Files (x86)\TeamViewer
2014-10-10 13:42:30 ----A---- C:\Windows\system32\drivers\cnnctfy3.sys
2014-10-01 15:55:45 ----D---- C:\Program Files (x86)\Pixia ver. 6
2014-10-01 12:26:27 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2014-10-01 12:26:27 ----A---- C:\Windows\system32\qdvd.dll

======List of files/folders modified in the last 1 month======

2014-10-26 22:11:50 ----D---- C:\Windows\Prefetch
2014-10-26 22:11:48 ----D---- C:\Windows\temp
2014-10-26 22:11:48 ----D---- C:\Program Files\trend micro
2014-10-26 22:04:41 ----D---- C:\Windows\System32
2014-10-26 22:04:41 ----D---- C:\Windows\inf
2014-10-26 22:04:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-26 22:00:42 ----D---- C:\Windows\system32\config
2014-10-26 21:49:13 ----D---- C:\Windows\Tasks
2014-10-26 21:36:12 ----SHD---- C:\System Volume Information
2014-10-26 21:06:43 ----D---- C:\Users\Keramont\AppData\Roaming\vlc
2014-10-26 01:25:52 ----D---- C:\Users\Keramont\AppData\Roaming\Skype
2014-10-25 16:35:23 ----SHD---- C:\Windows\Installer
2014-10-25 16:34:56 ----D---- C:\ProgramData\Skype
2014-10-25 16:34:50 ----D---- C:\Program Files (x86)\Common Files
2014-10-25 16:34:47 ----D---- C:\Program Files (x86)
2014-10-25 13:38:37 ----D---- C:\The KMPlayer
2014-10-25 12:14:32 ----D---- C:\Windows
2014-10-25 12:13:34 ----D---- C:\ProgramData
2014-10-18 18:59:31 ----D---- C:\Windows\rescache
2014-10-18 18:36:23 ----D---- C:\Windows\Microsoft.NET
2014-10-17 16:53:36 ----RSD---- C:\Windows\assembly
2014-10-17 10:54:07 ----D---- C:\Windows\system32\catroot2
2014-10-17 10:46:53 ----D---- C:\Windows\winsxs
2014-10-17 10:42:36 ----D---- C:\Windows\SysWOW64
2014-10-17 10:42:30 ----RSD---- C:\Windows\Fonts
2014-10-17 10:42:20 ----D---- C:\Program Files\Windows Media Player
2014-10-17 10:42:19 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-10-17 10:42:19 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-17 10:42:18 ----D---- C:\Windows\SYSWOW64\Dism
2014-10-17 10:42:14 ----D---- C:\Windows\system32\drivers
2014-10-17 10:42:14 ----D---- C:\Windows\system32\Dism
2014-10-17 10:42:13 ----D---- C:\Windows\system32\sk-SK
2014-10-17 10:42:12 ----D---- C:\Windows\system32\en-US
2014-10-17 10:42:06 ----D---- C:\Windows\system32\Boot
2014-10-17 10:42:05 ----D---- C:\Windows\system32\CodeIntegrity
2014-10-17 10:42:03 ----D---- C:\Program Files\Internet Explorer
2014-10-17 10:42:02 ----D---- C:\Windows\SYSWOW64\en-US
2014-10-17 10:41:54 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 22:56:51 ----D---- C:\ProgramData\Microsoft Help
2014-10-16 22:50:24 ----D---- C:\Windows\system32\MRT
2014-10-16 22:35:06 ----D---- C:\Windows\debug
2014-10-16 22:35:01 ----A---- C:\Windows\system32\MRT.exe
2014-10-16 22:24:52 ----D---- C:\Windows\system32\catroot
2014-10-12 16:55:47 ----D---- C:\ProgramData\Malwarebytes
2014-10-12 11:40:33 ----D---- C:\Program Files (x86)\Connectify
2014-10-12 00:16:52 ----D---- C:\Windows\system32\Tasks
2014-10-11 23:34:48 ----D---- C:\Program Files\IMPI
2014-10-11 22:00:55 ----D---- C:\Windows\system32\DriverStore
2014-10-11 22:00:29 ----RD---- C:\Program Files
2014-10-11 21:43:48 ----D---- C:\ProgramData\Norton
2014-10-11 21:32:14 ----D---- C:\Program Files\Common Files
2014-10-11 00:37:38 ----D---- C:\Users\Keramont\AppData\Roaming\TeamViewer
2014-10-10 13:54:12 ----D---- C:\Program Files (x86)\Virtual Router
2014-10-02 22:01:09 ----D---- C:\Windows\system32\wdi
2014-10-01 15:56:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-07-03 198944]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-02 834544]
R1 cnnctfy3;Connectify LightWeight Filter; C:\Windows\system32\DRIVERS\cnnctfy3.sys [2014-10-10 42152]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-07 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-04-21 2727424]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-06-14 30368]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-12-17 520192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-06-10 1451056]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-06-14 36000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-06-14 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-06-14 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-06-14 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-06-14 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-06-14 280992]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-06-14 496800]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-05-01 20568]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 63704]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\Windows\system32\DRIVERS\silabenm.sys [2011-08-08 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2011-08-08 70656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-04-24 42184]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-06 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-14 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-06-14 97952]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2011-06-20 73728]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-12-17 276992]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 Connectify;Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [2014-10-01 487936]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-05-08 1471352]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-03-14 994176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-25 114288]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-06 1255736]
S4 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119547
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu, naliehavý prípad...

#8 Příspěvek od Rudy »

Dvouklikem na soubor C:\Program Files\trend micro\Keramont.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Keramont\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
godfather13
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 26 lis 2008 10:42

Re: Prosím o kontrolu, naliehavý prípad...

#9 Příspěvek od godfather13 »

HijackThis mi vyhodil 3x Error. Screenshot je v prílohe. Prikladám pre istotu ešte log z RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Keramont at 2014-10-26 23:21:01
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 12 GB (17%) free of 74 GB
Total RAM: 5611 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:21:05, on 26. 10. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\trend micro\Keramont.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [3200 Scan2PC] "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\ConnectifyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10621 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 34111504
\??\C:\Windows\system32\conhost.exe "-1820869940-181953486-5032056335452574881533017036875458447-1582748043-1403202635
taskeng.exe {6FCFD575-B792-4424-ABE4-BB34C34B3A1A}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2996
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"
"C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskeng.exe {E28CF87E-1188-48E0-98F4-1EB8AFADB67A}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"G:\DOWNLOAD\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForKeramont.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForKeramont (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš

"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=C:\Program Files\IMPI\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš\extensions\
trash

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-25 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-25 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-14 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-07-07 157680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-06-10 2799912]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-12-17 525312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2013-02-05 1081224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-06-14 795808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2011-04-08 586808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-06-13 336440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPQuickWebProxy]
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-06-27 168504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBox Price Watch]
C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2010-10-28 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefault]
C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-06-27 42808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-05 336384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe [2013-05-26 1043536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]
C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe /min []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"3200 Scan2PC"=C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [2010-05-18 1989120]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-10-26 23:21:01 ----D---- C:\rsit
2014-10-25 16:34:47 ----RD---- C:\Program Files (x86)\Skype
2014-10-25 12:10:00 ----D---- C:\AdwCleaner
2014-10-16 22:26:41 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2014-10-16 22:26:41 ----A---- C:\Windows\system32\drmv2clt.dll
2014-10-16 22:26:41 ----A---- C:\Windows\system32\blackbox.dll
2014-10-16 22:26:39 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2014-10-16 22:26:36 ----A---- C:\Windows\system32\wmp.dll
2014-10-16 22:26:34 ----A---- C:\Windows\system32\mf.dll
2014-10-16 22:26:33 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2014-10-16 22:26:33 ----A---- C:\Windows\system32\wmdrmsdk.dll
2014-10-16 22:26:31 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-10-16 22:26:30 ----A---- C:\Windows\SYSWOW64\wmp.dll
2014-10-16 22:26:27 ----A---- C:\Windows\SYSWOW64\mf.dll
2014-10-16 22:26:27 ----A---- C:\Windows\system32\drmmgrtn.dll
2014-10-16 22:26:26 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2014-10-16 22:26:26 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2014-10-16 22:26:26 ----A---- C:\Windows\system32\ci.dll
2014-10-16 22:26:25 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-10-16 22:26:21 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-10-16 22:26:21 ----A---- C:\Windows\system32\winresume.exe
2014-10-16 22:26:21 ----A---- C:\Windows\system32\winload.exe
2014-10-16 22:26:21 ----A---- C:\Windows\system32\quartz.dll
2014-10-16 22:26:21 ----A---- C:\Windows\system32\AudioEng.dll
2014-10-16 22:26:20 ----A---- C:\Windows\system32\wintrust.dll
2014-10-16 22:26:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-10-16 22:26:20 ----A---- C:\Windows\system32\cryptsvc.dll
2014-10-16 22:26:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-10-16 22:26:19 ----A---- C:\Windows\system32\evr.dll
2014-10-16 22:26:19 ----A---- C:\Windows\system32\EncDump.dll
2014-10-16 22:26:18 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2014-10-16 22:26:18 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2014-10-16 22:26:18 ----A---- C:\Windows\system32\cryptui.dll
2014-10-16 22:26:18 ----A---- C:\Windows\system32\crypt32.dll
2014-10-16 22:26:18 ----A---- C:\Windows\system32\AudioSes.dll
2014-10-16 22:26:17 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-10-16 22:26:17 ----A---- C:\Windows\SYSWOW64\evr.dll
2014-10-16 22:26:17 ----A---- C:\Windows\system32\audiosrv.dll
2014-10-16 22:26:16 ----A---- C:\Windows\SYSWOW64\quartz.dll
2014-10-16 22:26:16 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-10-16 22:26:16 ----A---- C:\Windows\system32\mfplat.dll
2014-10-16 22:26:15 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2014-10-16 22:26:15 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2014-10-16 22:26:15 ----A---- C:\Windows\system32\srcore.dll
2014-10-16 22:26:15 ----A---- C:\Windows\system32\pcasvc.dll
2014-10-16 22:26:14 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2014-10-16 22:26:14 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-10-16 22:26:14 ----A---- C:\Windows\system32\msscp.dll
2014-10-16 22:26:14 ----A---- C:\Windows\system32\cryptsp.dll
2014-10-16 22:26:13 ----A---- C:\Windows\SYSWOW64\msscp.dll
2014-10-16 22:26:13 ----A---- C:\Windows\system32\rstrui.exe
2014-10-16 22:26:13 ----A---- C:\Windows\system32\msnetobj.dll
2014-10-16 22:26:13 ----A---- C:\Windows\system32\appidsvc.dll
2014-10-16 22:26:13 ----A---- C:\Windows\system32\appidapi.dll
2014-10-16 22:26:12 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2014-10-16 22:26:12 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2014-10-16 22:26:12 ----A---- C:\Windows\SYSWOW64\mfps.dll
2014-10-16 22:26:12 ----A---- C:\Windows\system32\rrinstaller.exe
2014-10-16 22:26:12 ----A---- C:\Windows\system32\mfps.dll
2014-10-16 22:26:12 ----A---- C:\Windows\system32\drivers\appid.sys
2014-10-16 22:26:12 ----A---- C:\Windows\system32\audiodg.exe
2014-10-16 22:26:11 ----A---- C:\Windows\SYSWOW64\srclient.dll
2014-10-16 22:26:11 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2014-10-16 22:26:11 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2014-10-16 22:26:11 ----A---- C:\Windows\system32\srclient.dll
2014-10-16 22:26:11 ----A---- C:\Windows\system32\setbcdlocale.dll
2014-10-16 22:26:11 ----A---- C:\Windows\system32\mfpmp.exe
2014-10-16 22:26:11 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 22:26:11 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\mferror.dll
2014-10-16 22:26:10 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2014-10-16 22:26:10 ----A---- C:\Windows\system32\wmploc.DLL
2014-10-16 22:26:10 ----A---- C:\Windows\system32\spwmp.dll
2014-10-16 22:26:10 ----A---- C:\Windows\system32\mferror.dll
2014-10-16 22:26:10 ----A---- C:\Windows\system32\dxmasf.dll
2014-10-16 13:00:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-10-16 13:00:24 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-10-16 13:00:24 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-10-16 13:00:23 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\iernonce.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-16 13:00:23 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-16 13:00:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-10-16 13:00:20 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-10-16 13:00:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-10-16 13:00:20 ----A---- C:\Windows\system32\urlmon.dll
2014-10-16 13:00:20 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-10-16 13:00:19 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-10-16 13:00:19 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-16 13:00:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 13:00:19 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-16 13:00:19 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-16 13:00:18 ----A---- C:\Windows\system32\iesetup.dll
2014-10-16 13:00:17 ----A---- C:\Windows\system32\iertutil.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-10-16 13:00:16 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-10-16 13:00:15 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-10-16 13:00:15 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-16 13:00:14 ----A---- C:\Windows\system32\ieui.dll
2014-10-16 13:00:14 ----A---- C:\Windows\system32\ieframe.dll
2014-10-16 13:00:14 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-16 13:00:13 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-16 13:00:13 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-16 13:00:12 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-16 13:00:12 ----A---- C:\Windows\system32\jscript9.dll
2014-10-16 13:00:12 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-16 13:00:11 ----A---- C:\Windows\system32\wininet.dll
2014-10-16 13:00:11 ----A---- C:\Windows\system32\vbscript.dll
2014-10-16 13:00:11 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-16 13:00:10 ----A---- C:\Windows\system32\msrating.dll
2014-10-16 13:00:10 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-16 13:00:09 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 13:00:09 ----A---- C:\Windows\system32\mshtml.dll
2014-10-16 12:55:04 ----A---- C:\Windows\system32\win32k.sys
2014-10-16 12:50:08 ----A---- C:\Windows\SYSWOW64\rastls.dll
2014-10-16 12:50:08 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 12:49:57 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-16 12:49:57 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-16 12:49:57 ----A---- C:\Windows\system32\mscorier.dll
2014-10-16 12:49:57 ----A---- C:\Windows\system32\dfshim.dll
2014-10-16 12:49:56 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-16 12:49:56 ----A---- C:\Windows\system32\mscories.dll
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDRU.DLL
2014-10-16 12:49:33 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-10-16 12:44:39 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-10-16 12:44:39 ----A---- C:\Windows\system32\msi.dll
2014-10-16 12:44:21 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-10-16 12:44:21 ----A---- C:\Windows\system32\termsrv.dll
2014-10-16 12:44:21 ----A---- C:\Windows\system32\mstscax.dll
2014-10-16 12:44:21 ----A---- C:\Windows\system32\mstsc.exe
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-10-16 12:44:20 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\winsta.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\winlogon.exe
2014-10-16 12:44:20 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-16 12:44:20 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-16 12:44:20 ----A---- C:\Windows\system32\credssp.dll
2014-10-16 12:44:19 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-16 12:44:01 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-10-16 12:44:01 ----A---- C:\Windows\system32\packager.dll
2014-10-12 16:56:07 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-10-12 16:55:47 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 16:55:47 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-10-12 16:55:47 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-10-11 22:00:29 ----D---- C:\ProgramData\ESET
2014-10-11 22:00:29 ----D---- C:\Program Files\ESET
2014-10-11 00:37:32 ----D---- C:\Program Files (x86)\TeamViewer
2014-10-10 13:42:30 ----A---- C:\Windows\system32\drivers\cnnctfy3.sys
2014-10-01 15:55:45 ----D---- C:\Program Files (x86)\Pixia ver. 6
2014-10-01 12:26:27 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2014-10-01 12:26:27 ----A---- C:\Windows\system32\qdvd.dll

======List of files/folders modified in the last 1 month======

2014-10-26 23:21:03 ----D---- C:\Program Files\trend micro
2014-10-26 23:21:02 ----D---- C:\Windows\temp
2014-10-26 23:19:50 ----D---- C:\Windows\System32
2014-10-26 23:19:50 ----D---- C:\Windows\inf
2014-10-26 23:19:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-26 23:17:53 ----D---- C:\Windows\Prefetch
2014-10-26 23:15:39 ----D---- C:\Windows\system32\config
2014-10-26 23:08:27 ----D---- C:\Users\Keramont\AppData\Roaming\vlc
2014-10-26 21:49:13 ----D---- C:\Windows\Tasks
2014-10-26 21:36:12 ----SHD---- C:\System Volume Information
2014-10-26 01:25:52 ----D---- C:\Users\Keramont\AppData\Roaming\Skype
2014-10-25 16:35:23 ----SHD---- C:\Windows\Installer
2014-10-25 16:34:56 ----D---- C:\ProgramData\Skype
2014-10-25 16:34:50 ----D---- C:\Program Files (x86)\Common Files
2014-10-25 16:34:47 ----D---- C:\Program Files (x86)
2014-10-25 13:38:37 ----D---- C:\The KMPlayer
2014-10-25 12:14:32 ----D---- C:\Windows
2014-10-25 12:13:34 ----D---- C:\ProgramData
2014-10-18 18:59:31 ----D---- C:\Windows\rescache
2014-10-18 18:36:23 ----D---- C:\Windows\Microsoft.NET
2014-10-17 16:53:36 ----RSD---- C:\Windows\assembly
2014-10-17 10:54:07 ----D---- C:\Windows\system32\catroot2
2014-10-17 10:46:53 ----D---- C:\Windows\winsxs
2014-10-17 10:42:36 ----D---- C:\Windows\SysWOW64
2014-10-17 10:42:30 ----RSD---- C:\Windows\Fonts
2014-10-17 10:42:20 ----D---- C:\Program Files\Windows Media Player
2014-10-17 10:42:19 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-10-17 10:42:19 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-17 10:42:18 ----D---- C:\Windows\SYSWOW64\Dism
2014-10-17 10:42:14 ----D---- C:\Windows\system32\drivers
2014-10-17 10:42:14 ----D---- C:\Windows\system32\Dism
2014-10-17 10:42:13 ----D---- C:\Windows\system32\sk-SK
2014-10-17 10:42:12 ----D---- C:\Windows\system32\en-US
2014-10-17 10:42:06 ----D---- C:\Windows\system32\Boot
2014-10-17 10:42:05 ----D---- C:\Windows\system32\CodeIntegrity
2014-10-17 10:42:03 ----D---- C:\Program Files\Internet Explorer
2014-10-17 10:42:02 ----D---- C:\Windows\SYSWOW64\en-US
2014-10-17 10:41:54 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 22:56:51 ----D---- C:\ProgramData\Microsoft Help
2014-10-16 22:50:24 ----D---- C:\Windows\system32\MRT
2014-10-16 22:35:06 ----D---- C:\Windows\debug
2014-10-16 22:35:01 ----A---- C:\Windows\system32\MRT.exe
2014-10-16 22:24:52 ----D---- C:\Windows\system32\catroot
2014-10-12 16:55:47 ----D---- C:\ProgramData\Malwarebytes
2014-10-12 11:40:33 ----D---- C:\Program Files (x86)\Connectify
2014-10-12 00:16:52 ----D---- C:\Windows\system32\Tasks
2014-10-11 23:34:48 ----D---- C:\Program Files\IMPI
2014-10-11 22:00:55 ----D---- C:\Windows\system32\DriverStore
2014-10-11 22:00:29 ----RD---- C:\Program Files
2014-10-11 21:43:48 ----D---- C:\ProgramData\Norton
2014-10-11 21:32:14 ----D---- C:\Program Files\Common Files
2014-10-11 00:37:38 ----D---- C:\Users\Keramont\AppData\Roaming\TeamViewer
2014-10-10 13:54:12 ----D---- C:\Program Files (x86)\Virtual Router
2014-10-02 22:01:09 ----D---- C:\Windows\system32\wdi
2014-10-01 15:56:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-07-03 198944]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-02 834544]
R1 cnnctfy3;Connectify LightWeight Filter; C:\Windows\system32\DRIVERS\cnnctfy3.sys [2014-10-10 42152]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-07 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-04-21 2727424]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-06-14 30368]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-12-17 520192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-06-10 1451056]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-06-14 36000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-06-14 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-06-14 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-06-14 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-06-14 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-06-14 280992]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-06-14 496800]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-05-01 20568]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 63704]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\Windows\system32\DRIVERS\silabenm.sys [2011-08-08 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2011-08-08 70656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-04-24 42184]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-06 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-14 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-06-14 97952]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2011-06-20 73728]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-12-17 276992]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 Connectify;Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [2014-10-01 487936]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-05-08 1471352]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-03-14 994176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-25 114288]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-06 1255736]
S4 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Přílohy
Error z HJT
Error z HJT
error.jpg (169.64 KiB) Zobrazeno 1962 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119547
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu, naliehavý prípad...

#10 Příspěvek od Rudy »

Vše se pofixovat nedá. Je to neškodné, jen to zabírá místo na disku. Log je již OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
godfather13
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 26 lis 2008 10:42

Re: Prosím o kontrolu, naliehavý prípad...

#11 Příspěvek od godfather13 »

NTB šlape ako hodinky :) dokončil som seminárku aj projekt do práce, ďakujem Vám veľmi pekne za pomoc, už tretí krát ste mi zachránili PC. Ste naozaj super ľudia :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119547
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu, naliehavý prípad...

#12 Příspěvek od Rudy »

Vůbec nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“