Preventívne - bitcoin miner

[Linux]

Zdravím,

Včera som spustil kompletný scan systému cez AV. Po dokončení som ostal prekvapený, našlo nejaký bitcoin miner. Presunul som ho do karantény ale pre istotu sem dávam log pre konktoru, ak by niečo.

Kód: Vybrat vše

Begin scan in 'C:\'
C:\Windows\SysWOW64\lcpmncbdva.exe
  [DETECTION] Is the TR/BitCoinMiner.Gen Trojan

Vopred Ďakujem.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2015-06-14 22:50:46
Microsoft Windows 8.1 Pro
System drive C: has 18 GB (15%) free of 122 GB
Total RAM: 4093 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:47, on 14.6.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Peter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [reg_svr] "C:\Windows\SysWoW64\regsvr32.exe" /s "
O4 - HKCU\..\Run: [GSplay.exe] I:\GSplay.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADU Service (Nokia Software Recovery Tool) (ADUServiceNSRT) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @oem27.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10486 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
dashost.exe {a86be3ca-8347-4954-b05b78577c7359f0}
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_0000074c
"C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\skydrive.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Windows\system32\GWX\GWX.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Steam\Steam.exe"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Users\Peter\AppData\Local\Steam\htmlcache" -steampid 4672 -buildid 1433441724 -steamid "0" --disable-gpu-compositing --disable-gpu --enable-threaded-compositing --disable-pinch-virtual-viewport --process-per-tab --disable-spell-checking --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --enable-pinch --enable-threaded-compositing --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-spell-checking --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=1784 --enable-delegated-renderer --num-raster-threads=2 --disable-gpu-compositing --channel="1784.0.1823403620\359032132" /prefetch:673131151
taskhost.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\calc.exe"

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\RSITx64(1).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\iy9n5o07.default

prefs.js - "browser.startup.homepage" - "https://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, quickdrag@mozilla.ktechcomputing.com:2.0.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.188 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.188 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.0.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.0.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre8\bin\ssv.dll [2014-05-29 553368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-05-29 210840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25 728840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25 617736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX3800 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE [2005-02-08 98304]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-10-25 5299320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2015-06-04 2892992]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2015-03-18 911032]
"reg_svr"=C:\Windows\SysWoW64\regsvr32.exe [2014-10-29 16384]
"GSplay.exe"=I:\GSplay.exe []
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25 31682144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"=C:\Program Files (x86)\ASUS\EPU\EPU.exe [2010-03-16 5309056]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2015-06-11 705840]
"MSStp"=C:\Windows\inf\msstp.vbe [2014-03-05 1584]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-03-04 224128]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2015-06-14 22:50:40 ----A---- C:\RSITx64(1).exe
2015-06-11 11:38:40 ----D---- C:\Program Files\Common Files\AV
2015-06-02 16:55:18 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-06-01 18:58:39 ----A---- C:\Windows\system32\UtcResources.dll
2015-06-01 18:58:39 ----A---- C:\Windows\system32\diagtrack.dll
2015-06-01 16:09:45 ----A---- C:\Windows\SYSWOW64\rascfg.dll
2015-06-01 16:09:45 ----A---- C:\Windows\system32\rascfg.dll
2015-06-01 16:09:45 ----A---- C:\Windows\system32\drivers\wanarp.sys
2015-06-01 16:09:45 ----A---- C:\Windows\system32\drivers\ndproxy.sys
2015-06-01 16:09:43 ----A---- C:\Windows\system32\UIAutomationCore.dll
2015-06-01 16:09:42 ----A---- C:\Windows\SYSWOW64\UIAutomationCore.dll
2015-06-01 16:09:42 ----A---- C:\Windows\SYSWOW64\tquery.dll
2015-06-01 16:09:42 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2015-06-01 16:09:42 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2015-06-01 16:09:42 ----A---- C:\Windows\SYSWOW64\rastapi.dll
2015-06-01 16:09:42 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2015-06-01 16:09:42 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2015-06-01 16:09:42 ----A---- C:\Windows\SYSWOW64\mssph.dll
2015-06-01 16:09:42 ----A---- C:\Windows\SYSWOW64\msftedit.dll
2015-06-01 16:09:42 ----A---- C:\Windows\system32\tquery.dll
2015-06-01 16:09:42 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2015-06-01 16:09:42 ----A---- C:\Windows\system32\SearchIndexer.exe
2015-06-01 16:09:42 ----A---- C:\Windows\system32\rastapi.dll
2015-06-01 16:09:42 ----A---- C:\Windows\system32\mssvp.dll
2015-06-01 16:09:42 ----A---- C:\Windows\system32\mssrch.dll
2015-06-01 16:09:42 ----A---- C:\Windows\system32\mssphtb.dll
2015-06-01 16:09:42 ----A---- C:\Windows\system32\mssph.dll
2015-06-01 16:09:42 ----A---- C:\Windows\system32\msftedit.dll
2015-06-01 16:09:41 ----AC---- C:\Windows\system32\drivers\USBXHCI.SYS
2015-06-01 16:09:41 ----A---- C:\Windows\SYSWOW64\rgb9rast.dll
2015-06-01 16:09:41 ----A---- C:\Windows\SYSWOW64\puiobj.dll
2015-06-01 16:09:41 ----A---- C:\Windows\SYSWOW64\authz.dll
2015-06-01 16:09:41 ----A---- C:\Windows\system32\puiobj.dll
2015-06-01 16:09:41 ----A---- C:\Windows\system32\localspl.dll
2015-06-01 16:09:41 ----A---- C:\Windows\system32\compstui.dll
2015-06-01 16:09:41 ----A---- C:\Windows\system32\authz.dll
2015-06-01 16:05:16 ----D---- C:\Windows\system32\appraiser
2015-06-01 16:05:13 ----SD---- C:\Windows\SYSWOW64\GWX
2015-06-01 16:05:13 ----SD---- C:\Windows\system32\GWX
2015-06-01 16:05:13 ----D---- C:\Windows\Migration
2015-06-01 16:02:02 ----D---- C:\Users\Peter\AppData\Roaming\Skype
2015-06-01 16:01:57 ----RD---- C:\Program Files (x86)\Skype
2015-06-01 16:01:55 ----D---- C:\ProgramData\Skype
2015-06-01 15:59:48 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-01 15:59:48 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-01 15:55:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-06-01 15:55:09 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-06-01 15:55:09 ----A---- C:\Windows\system32\iepeers.dll
2015-06-01 15:55:08 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-06-01 15:55:08 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-06-01 15:55:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-06-01 15:55:08 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-06-01 15:55:08 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-06-01 15:55:08 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-06-01 15:55:08 ----A---- C:\Windows\system32\ie4uinit.exe
2015-06-01 15:55:07 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-06-01 15:55:07 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-06-01 15:55:07 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-06-01 15:55:07 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-06-01 15:55:07 ----A---- C:\Windows\system32\vbscript.dll
2015-06-01 15:55:07 ----A---- C:\Windows\system32\urlmon.dll
2015-06-01 15:55:07 ----A---- C:\Windows\system32\msfeeds.dll
2015-06-01 15:55:07 ----A---- C:\Windows\system32\iedkcs32.dll
2015-06-01 15:55:07 ----A---- C:\Windows\system32\dxtrans.dll
2015-06-01 15:55:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-06-01 15:55:06 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-06-01 15:55:06 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-06-01 15:55:06 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-06-01 15:55:06 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-06-01 15:55:06 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-06-01 15:55:06 ----A---- C:\Windows\system32\jscript.dll
2015-06-01 15:55:06 ----A---- C:\Windows\system32\iertutil.dll
2015-06-01 15:55:06 ----A---- C:\Windows\system32\dxtmsft.dll
2015-06-01 15:55:05 ----A---- C:\Windows\system32\webcheck.dll
2015-06-01 15:55:05 ----A---- C:\Windows\system32\mshtmled.dll
2015-06-01 15:55:05 ----A---- C:\Windows\system32\jscript9diag.dll
2015-06-01 15:55:05 ----A---- C:\Windows\system32\jscript9.dll
2015-06-01 15:55:05 ----A---- C:\Windows\system32\ieframe.dll
2015-06-01 15:55:05 ----A---- C:\Windows\system32\ieapfltr.dll
2015-06-01 15:55:04 ----A---- C:\Windows\system32\wininet.dll
2015-06-01 15:55:04 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-06-01 15:55:04 ----A---- C:\Windows\system32\mshtml.dll
2015-06-01 15:55:04 ----A---- C:\Windows\system32\inetcomm.dll
2015-06-01 15:55:03 ----A---- C:\Windows\system32\inseng.dll
2015-06-01 15:55:03 ----A---- C:\Windows\system32\ieui.dll
2015-06-01 15:55:03 ----A---- C:\Windows\system32\actxprxy.dll
2015-06-01 15:49:47 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-06-01 15:49:47 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-06-01 15:49:47 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-06-01 15:49:47 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-06-01 15:49:47 ----A---- C:\Windows\system32\wow64cpu.dll
2015-06-01 15:49:47 ----A---- C:\Windows\system32\wow64.dll
2015-06-01 15:49:47 ----A---- C:\Windows\system32\tracerpt.exe
2015-06-01 15:49:47 ----A---- C:\Windows\system32\tdh.dll
2015-06-01 15:49:47 ----A---- C:\Windows\system32\sechost.dll
2015-06-01 15:49:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-06-01 15:49:47 ----A---- C:\Windows\system32\ntdll.dll
2015-06-01 15:49:47 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2015-06-01 15:49:13 ----A---- C:\Windows\SYSWOW64\SHCore.dll
2015-06-01 15:49:13 ----A---- C:\Windows\system32\SHCore.dll
2015-06-01 15:47:55 ----A---- C:\Windows\system32\win32k.sys
2015-06-01 15:47:55 ----A---- C:\Windows\system32\DWrite.dll
2015-06-01 15:47:54 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-06-01 15:47:54 ----A---- C:\Windows\system32\FntCache.dll
2015-06-01 15:47:51 ----A---- C:\Windows\SYSWOW64\winshfhc.dll
2015-06-01 15:47:51 ----A---- C:\Windows\system32\winshfhc.dll
2015-06-01 15:47:51 ----A---- C:\Windows\system32\drivers\WdNisDrv.sys
2015-06-01 15:47:51 ----A---- C:\Windows\system32\drivers\WdFilter.sys
2015-06-01 15:47:51 ----A---- C:\Windows\system32\drivers\WdBoot.sys
2015-06-01 15:46:38 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-06-01 15:46:38 ----A---- C:\Windows\system32\msctf.dll
2015-06-01 15:46:35 ----AC---- C:\Windows\system32\drivers\USBHUB3.SYS
2015-06-01 15:46:35 ----AC---- C:\Windows\system32\drivers\bthhfenum.sys
2015-06-01 15:46:35 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-06-01 15:46:35 ----A---- C:\Windows\SYSWOW64\calc.exe
2015-06-01 15:46:35 ----A---- C:\Windows\system32\schannel.dll
2015-06-01 15:46:35 ----A---- C:\Windows\system32\SettingsHandlers.dll
2015-06-01 15:46:35 ----A---- C:\Windows\system32\calc.exe
2015-06-01 15:46:30 ----A---- C:\Windows\SYSWOW64\dwmcore.dll
2015-06-01 15:46:30 ----A---- C:\Windows\system32\dwmcore.dll
2015-06-01 15:46:26 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-06-01 15:46:26 ----A---- C:\Windows\system32\oleaut32.dll
2015-06-01 15:46:24 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-06-01 15:46:24 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-06-01 15:46:24 ----A---- C:\Windows\system32\atmlib.dll
2015-06-01 15:46:24 ----A---- C:\Windows\system32\atmfd.dll
2015-06-01 15:46:23 ----A---- C:\Windows\SYSWOW64\dbghelp.dll
2015-06-01 15:46:23 ----A---- C:\Windows\SYSWOW64\dbgeng.dll
2015-06-01 15:46:23 ----A---- C:\Windows\system32\dbghelp.dll
2015-06-01 15:46:23 ----A---- C:\Windows\system32\dbgeng.dll
2015-06-01 15:46:16 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2015-06-01 15:46:16 ----A---- C:\Windows\system32\mfc42u.dll
2015-06-01 15:46:16 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2015-06-01 15:46:15 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2015-06-01 15:46:15 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2015-06-01 15:46:15 ----A---- C:\Windows\SYSWOW64\atlthunk.dll
2015-06-01 15:46:15 ----A---- C:\Windows\system32\mfc42.dll
2015-06-01 15:46:10 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-06-01 15:46:10 ----A---- C:\Windows\system32\scesrv.dll
2015-06-01 15:46:09 ----A---- C:\Windows\SYSWOW64\Windows.UI.Input.Inking.dll
2015-06-01 15:46:09 ----A---- C:\Windows\SYSWOW64\photowiz.dll
2015-06-01 15:46:09 ----A---- C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-06-01 15:46:09 ----A---- C:\Windows\system32\photowiz.dll
2015-06-01 15:46:08 ----A---- C:\Windows\system32\drivers\ahcache.sys
2015-06-01 15:46:06 ----A---- C:\Windows\SYSWOW64\SRH.dll
2015-06-01 15:46:06 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-06-01 15:46:06 ----A---- C:\Windows\SYSWOW64\PhotoMetadataHandler.dll
2015-06-01 15:46:06 ----A---- C:\Windows\system32\win32spl.dll
2015-06-01 15:46:06 ----A---- C:\Windows\system32\SRH.dll
2015-06-01 15:46:06 ----A---- C:\Windows\system32\sdbinst.exe
2015-06-01 15:46:06 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2015-06-01 15:46:06 ----A---- C:\Windows\system32\lsm.dll
2015-06-01 15:46:05 ----AC---- C:\Windows\system32\drivers\hidbth.sys
2015-06-01 15:46:05 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-06-01 15:45:46 ----A---- C:\Windows\system32\drivers\udfs.sys
2015-06-01 15:45:15 ----A---- C:\Windows\system32\wevtsvc.dll
2015-06-01 15:45:15 ----A---- C:\Windows\system32\services.exe
2015-06-01 15:45:14 ----AC---- C:\Windows\system32\drivers\sdbus.sys
2015-06-01 15:45:14 ----AC---- C:\Windows\system32\drivers\dumpsd.sys
2015-06-01 15:45:14 ----A---- C:\Windows\SYSWOW64\pku2u.dll
2015-06-01 15:45:14 ----A---- C:\Windows\system32\pku2u.dll
2015-06-01 15:45:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-06-01 15:45:14 ----A---- C:\Windows\system32\dpapisrv.dll
2015-06-01 15:45:13 ----A---- C:\Windows\SYSWOW64\WSShared.dll
2015-06-01 15:45:13 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-01 15:45:13 ----A---- C:\Windows\SYSWOW64\eapphost.dll
2015-06-01 15:45:13 ----A---- C:\Windows\SYSWOW64\eappgnui.dll
2015-06-01 15:45:13 ----A---- C:\Windows\SYSWOW64\eappcfg.dll
2015-06-01 15:45:13 ----A---- C:\Windows\SYSWOW64\eapp3hst.dll
2015-06-01 15:45:13 ----A---- C:\Windows\system32\WSShared.dll
2015-06-01 15:45:13 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-01 15:45:13 ----A---- C:\Windows\system32\rdpcorets.dll
2015-06-01 15:45:13 ----A---- C:\Windows\system32\eapphost.dll
2015-06-01 15:45:13 ----A---- C:\Windows\system32\eappgnui.dll
2015-06-01 15:45:13 ----A---- C:\Windows\system32\eappcfg.dll
2015-06-01 15:45:13 ----A---- C:\Windows\system32\eapp3hst.dll
2015-06-01 15:45:12 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-06-01 15:45:12 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-06-01 15:45:12 ----A---- C:\Windows\system32\ubpm.dll
2015-06-01 15:45:12 ----A---- C:\Windows\system32\shell32.dll
2015-06-01 15:45:12 ----A---- C:\Windows\system32\rdpudd.dll
2015-06-01 15:45:11 ----A---- C:\Windows\SYSWOW64\StorageContextHandler.dll
2015-06-01 15:45:11 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-06-01 15:45:11 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-06-01 15:45:11 ----A---- C:\Windows\system32\StorageContextHandler.dll
2015-06-01 15:45:11 ----A---- C:\Windows\system32\authui.dll
2015-06-01 15:45:10 ----A---- C:\Windows\system32\sppobjs.dll
2015-06-01 15:45:09 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-06-01 15:45:09 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-06-01 15:45:09 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-06-01 15:45:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-06-01 15:45:09 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wuwebv.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wups2.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wups.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wudriver.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wucltux.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wuaueng.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wuauclt.exe
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wuapp.exe
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wuapi.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-06-01 15:45:09 ----A---- C:\Windows\system32\storewuauth.dll
2015-06-01 15:45:08 ----A---- C:\Windows\system32\drivers\http.sys
2015-06-01 15:44:17 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-06-01 15:44:17 ----A---- C:\Windows\system32\lsasrv.dll
2015-06-01 15:44:17 ----A---- C:\Windows\system32\drivers\cng.sys
2015-06-01 15:44:17 ----A---- C:\Windows\system32\certcli.dll
2015-06-01 15:44:16 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-06-01 15:44:16 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-06-01 15:44:16 ----A---- C:\Windows\system32\WMPhoto.dll
2015-06-01 15:44:16 ----A---- C:\Windows\system32\drivers\clfs.sys
2015-06-01 15:44:16 ----A---- C:\Windows\system32\clfsw32.dll
2015-06-01 15:44:15 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-06-01 15:44:15 ----A---- C:\Windows\system32\wpdshext.dll
2015-06-01 15:44:15 ----A---- C:\Windows\explorer.exe
2015-06-01 15:44:14 ----A---- C:\Windows\SYSWOW64\MrmCoreR.dll
2015-06-01 15:44:14 ----A---- C:\Windows\SYSWOW64\explorer.exe
2015-06-01 15:44:14 ----A---- C:\Windows\system32\MrmCoreR.dll
2015-06-01 15:44:14 ----A---- C:\Windows\system32\LockScreenContentServer.exe
2015-06-01 15:43:32 ----A---- C:\Windows\system32\invagent.dll
2015-06-01 15:43:32 ----A---- C:\Windows\system32\generaltel.dll
2015-06-01 15:43:32 ----A---- C:\Windows\system32\devinv.dll
2015-06-01 15:43:32 ----A---- C:\Windows\system32\appraiser.dll
2015-06-01 15:43:32 ----A---- C:\Windows\system32\aepic.dll
2015-06-01 15:43:32 ----A---- C:\Windows\system32\aepdu.dll
2015-06-01 15:43:32 ----A---- C:\Windows\system32\aeinv.dll
2015-06-01 15:43:32 ----A---- C:\Windows\system32\acmigration.dll
2015-05-24 13:59:46 ----D---- C:\Program Files (x86)\Sapphire TRIXX
2015-05-21 16:39:31 ----D---- C:\.jagex_cache_32
2015-05-15 16:55:22 ----D---- C:\ProgramData\Steam
2015-05-15 16:55:22 ----D---- C:\ProgramData\Socialclub
2015-05-15 16:52:45 ----D---- C:\Program Files\Rockstar Games
2015-05-15 16:52:45 ----D---- C:\Program Files (x86)\Rockstar Games

======List of files/folders modified in the last 1 month======

2015-06-14 22:50:46 ----D---- C:\Windows\Temp
2015-06-14 22:50:46 ----D---- C:\Program Files\trend micro
2015-06-14 22:50:45 ----D---- C:\Windows\Prefetch
2015-06-14 22:00:00 ----D---- C:\Windows\system32\sru
2015-06-14 20:51:51 ----D---- C:\Program Files (x86)\Steam
2015-06-14 19:54:49 ----D---- C:\Windows\SysWOW64
2015-06-14 19:54:48 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2015-06-14 18:03:27 ----D---- C:\Windows\Microsoft.NET
2015-06-14 13:37:06 ----SHD---- C:\System Volume Information
2015-06-14 12:17:43 ----D---- C:\Program Files\Kerbal Space Program
2015-06-14 10:20:52 ----RD---- C:\Windows\System32
2015-06-14 10:20:52 ----D---- C:\Windows\Inf
2015-06-14 10:20:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-12 20:37:33 ----D---- C:\Windows\system32\config
2015-06-12 15:40:45 ----D---- C:\Windows\CbsTemp
2015-06-12 15:40:44 ----D---- C:\Windows\system32\catroot2
2015-06-12 15:40:39 ----D---- C:\Windows\WinSxS
2015-06-12 15:35:02 ----D---- C:\Windows
2015-06-11 15:45:15 ----D---- C:\Users\Peter\AppData\Roaming\Media Player Classic
2015-06-11 11:38:40 ----D---- C:\Program Files\Common Files
2015-06-11 11:38:26 ----D---- C:\Windows\system32\drivers
2015-06-10 16:24:56 ----HD---- C:\Program Files\WindowsApps
2015-06-10 16:24:56 ----D---- C:\Windows\AppReadiness
2015-06-04 18:51:43 ----D---- C:\Users\Peter\AppData\Roaming\gleam
2015-06-02 20:11:42 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 19:38:21 ----RD---- C:\Program Files (x86)
2015-06-02 19:05:53 ----D---- C:\Program Files (x86)\Hearthstone
2015-06-02 19:04:41 ----D---- C:\Program Files (x86)\Battle.net
2015-06-02 17:33:52 ----D---- C:\Windows\rescache
2015-06-02 17:26:41 ----D---- C:\Windows\system32\DriverStore
2015-06-02 15:54:44 ----RSD---- C:\Windows\assembly
2015-06-02 15:24:59 ----D---- C:\Windows\Logs
2015-06-02 15:24:53 ----D---- C:\Windows\AppCompat
2015-06-01 16:10:23 ----RD---- C:\Windows\ToastData
2015-06-01 16:05:17 ----SD---- C:\Windows\system32\CompatTel
2015-06-01 16:05:17 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-06-01 16:05:17 ----D---- C:\Windows\system32\sk-SK
2015-06-01 16:05:17 ----D---- C:\Program Files\Internet Explorer
2015-06-01 16:05:17 ----D---- C:\Program Files (x86)\Internet Explorer
2015-06-01 16:05:16 ----SD---- C:\ProgramData\Microsoft
2015-06-01 16:05:16 ----D---- C:\Windows\system32\wbem
2015-06-01 16:05:16 ----D---- C:\Windows\PolicyDefinitions
2015-06-01 16:05:16 ----D---- C:\Windows\apppatch
2015-06-01 16:05:16 ----D---- C:\Program Files\Windows Defender
2015-06-01 16:05:16 ----D---- C:\Program Files (x86)\Windows Defender
2015-06-01 16:05:15 ----RD---- C:\Windows\ImmersiveControlPanel
2015-06-01 16:05:14 ----RSD---- C:\Windows\Fonts
2015-06-01 16:05:14 ----D---- C:\Windows\system32\en-US
2015-06-01 16:05:14 ----D---- C:\Windows\system32\AdvancedInstallers
2015-06-01 16:05:13 ----D---- C:\Windows\WinStore
2015-06-01 16:03:02 ----SHD---- C:\Windows\Installer
2015-06-01 16:03:00 ----D---- C:\ProgramData\Microsoft Help
2015-06-01 16:01:57 ----D---- C:\Program Files (x86)\Common Files
2015-06-01 16:01:55 ----HD---- C:\ProgramData
2015-06-01 15:58:31 ----A---- C:\Windows\win.ini
2015-06-01 15:56:07 ----D---- C:\Program Files\Windows Journal
2015-05-26 18:30:21 ----D---- C:\Program Files (x86)\Warcraft III
2015-05-19 21:22:57 ----D---- C:\Windows\Tasks
2015-05-17 18:18:07 ----D---- C:\Windows\system32\Tasks
2015-05-15 16:52:45 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-08-04 13440]
R1 avfwot;avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [2013-10-10 141376]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2015-06-11 132656]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2013-10-10 28600]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2015-06-11 153256]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2015-02-12 43576]
R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2007-01-15 14112]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-08-12 15961088]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-08-12 557056]
R3 AtiHDAudioService;@oem6.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWB6.sys [2013-06-22 138240]
R3 avfwim;@oem10.inf,%avfw_9MP_Desc%;AvFw Packet Filter Miniport; C:\Windows\system32\DRIVERS\avfwim.sys [2013-10-10 114608]
R3 MTsensor;@oem2.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2013-05-17 17280]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 VIAHdAudAddService;@oem27.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2012-10-22 2206864]
S0 amdkmafd;@oem4.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter; C:\Windows\System32\drivers\amdkmafd.sys [2012-09-23 21160]
S2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys []
S3 ggflt;@oem96.inf,%SvcFltDesc%;SOMC USB Flash Driver Filter; C:\Windows\System32\drivers\ggflt.sys [2014-11-22 16088]
S3 ggsomc;@oem96.inf,%SvcDesc%;SOMC USB Flash Driver; C:\Windows\System32\drivers\ggsomc.sys [2014-11-22 30424]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 USBAAPL64;@oem95.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-15 54784]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-12-13 121088]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-08-22 44544]
S3 WDC_SAM;@oem91.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-04-30 23200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 ADUServiceNSRT;ADU Service (Nokia Software Recovery Tool); C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe [2015-03-02 94832]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-08-12 239616]
R2 AntiVirFirewallService;Avira FireWall; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2015-06-11 1044728]
R2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2015-06-11 806192]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2015-06-11 448304]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2015-06-11 448304]
R2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2015-06-11 996600]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 IviRegMgr;IviRegMgr; c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2010-05-20 110736]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-01-07 76888]
R2 VIAKaraokeService;@oem27.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-10-22 27768]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-06-04 837312]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-01 268464]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-11-09 1357104]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13 107912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-02 148080]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]

-----------------EOF-----------------

[altrok]

Krasny den Vam preju


Antivir BitCoin minera celeho ocividne nedetekuje.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928

• Upozorneni: tento sken zabere od 30 minut po nekolik hodin

[Linux]

Asi ste mal pravdu tu je log.

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 15.6.2015
Čas skenování: 19:39:27
Protokol: Scan MBAM.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.15.05
Databáze rootkitů: v2015.06.15.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Peter

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 771127
Uplynulý čas: 1 hod, 10 min, 48 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 1
Trojan.Agent.SCR, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSStp, C:\Windows\inf\msstp.vbe, , [2fd2506bef9b73c33d9bba740df71ee2]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 4
PUP.Optional.APNToolBar.A, C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe, , [8f72b506e0aa181ee79f560ff70b48b8],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncbdva.exe, , [2dd4b10a52381b1bae6bd6ba778b817f],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncbdva.exe, , [fb067447f199c670987c742d6f93966a],
Trojan.Agent.SCR, C:\Windows\Inf\msstp.vbe, , [2fd2506bef9b73c33d9bba740df71ee2],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[altrok]

Vsechny nalezy smazte/presunte do karanteny.

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[Linux]

ja som okno MBAM zavrel ako ich zmažem? Mám znova spusť scan?

[altrok]

Nalezy smazeme pozdeji. Pokracujte ted AdwCleanerem.

[Linux]

# AdwCleaner v4.206 - Log vytvorený 15/06/2015 at 21:11:40
# Aktualizované 01/06/2015 by Xplode
# Databáza : 2015-06-14.1 [Server]
# Operačný systém : Windows 8.1 Pro (x64)
# Uživateľské meno : Peter - PETER
# Spustené z : C:\Users\Peter\Desktop\adwcleaner_4.206.exe
# Nastavenia : Čistenie

***** [ Služby ] *****


***** [ Súbory / Priečinky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupcovia ] *****


***** [ Registre ] *****

Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

***** [ Webové prehliadače ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.5 (x86 sk)


*************************

AdwCleaner[R0].txt - [960 bajtov] - [15/06/2015 21:10:18]
AdwCleaner[S0].txt - [877 bajtov] - [15/06/2015 21:11:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [936 bajtov] ##########

[altrok]

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[Linux]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Peter (administrator) on PETER on 15-06-2015 21:35:06
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter & EL)
Platform: Windows 8.1 Pro (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM-x32\...\Run: [Six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [705840 2015-06-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MSStp] => C:\Windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "
HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-35905321-3609379053-2231656201-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-05-29] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-05-29] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\iy9n5o07.default
FF Homepage: https://www.google.sk/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-01] ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-05-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-05-29] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: QuickDrag - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\iy9n5o07.default\Extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2013-09-21]
FF Extension: Adblock Plus - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\iy9n5o07.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe [94832 2015-03-02] ()
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044728 2015-06-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-06-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [448304 2015-06-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [448304 2015-06-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [996600 2015-06-11] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-07] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 avfwim; C:\Windows\system32\DRIVERS\avfwim.sys [114608 2013-10-10] (Avira GmbH)
R1 avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [141376 2013-10-10] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-11-22] (Sony Mobile Communications)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 TRIXX; \??\C:\Users\Peter\AppData\Local\Temp\TRIXX.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 21:18 - 2015-06-15 21:18 - 00013222 _____ C:\Users\Peter\Desktop\FRST.txt
2015-06-15 21:17 - 2015-06-15 21:18 - 00000000 ____D C:\FRST
2015-06-15 21:17 - 2015-06-15 21:16 - 02109952 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2015-06-15 21:12 - 2015-06-15 21:12 - 00000376 _____ C:\Windows\PFRO.log
2015-06-15 21:10 - 2015-06-15 21:11 - 00000000 ____D C:\AdwCleaner
2015-06-15 21:09 - 2015-06-15 21:08 - 02231296 _____ C:\Users\Peter\Desktop\adwcleaner_4.206.exe
2015-06-15 20:51 - 2015-06-15 21:09 - 00001642 _____ C:\Scan MBAM.txt
2015-06-15 19:37 - 2015-06-15 21:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 19:37 - 2015-06-15 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-15 19:37 - 2015-06-15 19:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-15 19:37 - 2015-06-15 19:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-15 19:37 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-15 19:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-15 19:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-14 22:50 - 2015-01-29 18:06 - 01222144 _____ C:\RSITx64(1).exe
2015-06-12 15:35 - 2015-06-15 21:12 - 00001688 _____ C:\Windows\setupact.log
2015-06-12 15:35 - 2015-06-12 15:35 - 00000000 _____ C:\Windows\setuperr.log
2015-06-11 11:38 - 2015-06-11 11:38 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-10 16:17 - 2015-06-10 16:17 - 00000000 ____D C:\Users\EL\Documents\My Games
2015-06-10 16:14 - 2015-06-10 16:14 - 00000000 ____D C:\Users\EL\AppData\Local\GWX
2015-06-06 15:15 - 2015-06-12 17:07 - 00000000 ____D C:\Users\Peter\Documents\Hlody
2015-06-05 16:24 - 2015-06-05 16:24 - 00000000 ____D C:\Users\Peter\AppData\Local\PackageStaging
2015-06-05 16:23 - 2015-06-05 16:23 - 00016602 _____ C:\Users\Peter\Documents\cc_20150605_162259.reg
2015-06-02 20:12 - 2015-06-02 20:12 - 00000000 ____D C:\Users\Peter\AppData\Local\GWX
2015-06-02 16:55 - 2015-06-02 20:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 18:58 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-01 18:58 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-01 16:09 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-01 16:09 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-01 16:09 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-01 16:09 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-01 16:09 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-01 16:09 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-01 16:09 - 2015-04-09 00:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-01 16:09 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-01 16:09 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-01 16:09 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-01 16:09 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-01 16:09 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-01 16:09 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-01 16:09 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-01 16:09 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-01 16:09 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-01 16:09 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-01 16:09 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-01 16:09 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-01 16:09 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-01 16:09 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-01 16:09 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-01 16:09 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-01 16:09 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-01 16:09 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-01 16:09 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-01 16:09 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-01 16:09 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-01 16:09 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-06-01 16:09 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-06-01 16:09 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-06-01 16:09 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-06-01 16:05 - 2015-06-01 16:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-01 16:05 - 2015-06-01 16:05 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-01 16:05 - 2015-06-01 16:05 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-01 16:02 - 2015-06-01 16:11 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2015-06-01 16:02 - 2015-06-01 16:02 - 00000000 ____D C:\Users\Peter\AppData\Local\Skype
2015-06-01 16:01 - 2015-06-01 16:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-01 16:01 - 2015-06-01 16:01 - 00000000 ____D C:\ProgramData\Skype
2015-06-01 16:01 - 2015-06-01 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-01 15:59 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-01 15:59 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-01 15:55 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-01 15:55 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-01 15:55 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-01 15:55 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-01 15:55 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-01 15:55 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-01 15:55 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-01 15:55 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-01 15:55 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-06-01 15:55 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-01 15:55 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-01 15:55 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-01 15:55 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-01 15:55 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-01 15:55 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-01 15:55 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-01 15:55 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-01 15:55 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-01 15:55 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-01 15:55 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-01 15:55 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-01 15:55 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-01 15:55 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-01 15:55 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-01 15:55 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-01 15:55 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-01 15:55 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-01 15:55 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-01 15:55 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-06-01 15:55 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-01 15:55 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-01 15:55 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-01 15:55 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-01 15:55 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-01 15:55 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-01 15:55 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-01 15:55 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-01 15:55 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-01 15:55 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-01 15:55 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-01 15:55 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-01 15:55 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-01 15:55 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-01 15:55 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-01 15:55 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-01 15:49 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-01 15:49 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-01 15:49 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-01 15:49 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-01 15:49 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-01 15:49 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-06-01 15:49 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-01 15:49 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-01 15:49 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-01 15:49 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-01 15:49 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-01 15:49 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-01 15:49 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-06-01 15:49 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-06-01 15:47 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-01 15:47 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-01 15:47 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-01 15:47 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-01 15:47 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-06-01 15:47 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-06-01 15:47 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-06-01 15:47 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-06-01 15:47 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-06-01 15:46 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-01 15:46 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-01 15:46 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-01 15:46 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-01 15:46 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-06-01 15:46 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-06-01 15:46 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-06-01 15:46 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-06-01 15:46 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-06-01 15:46 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-06-01 15:46 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-06-01 15:46 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-06-01 15:46 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-01 15:46 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-01 15:46 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-06-01 15:46 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-06-01 15:46 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-01 15:46 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-01 15:46 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-06-01 15:46 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-06-01 15:46 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-01 15:46 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-06-01 15:46 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-01 15:46 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-01 15:46 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-06-01 15:46 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-06-01 15:46 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-06-01 15:46 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-06-01 15:46 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-06-01 15:46 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-06-01 15:46 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-06-01 15:46 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-06-01 15:46 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-06-01 15:46 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-06-01 15:46 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-06-01 15:46 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-06-01 15:46 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-06-01 15:46 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-06-01 15:46 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-01 15:46 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-06-01 15:46 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-06-01 15:46 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-01 15:46 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-06-01 15:46 - 2014-12-13 23:28 - 00513488 _____ C:\Windows\SysWOW64\locale.nls
2015-06-01 15:46 - 2014-12-13 23:28 - 00513488 _____ C:\Windows\system32\locale.nls
2015-06-01 15:46 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-06-01 15:46 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-01 15:45 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-01 15:45 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-01 15:45 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-01 15:45 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-01 15:45 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-01 15:45 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-01 15:45 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-01 15:45 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-01 15:45 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-01 15:45 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-01 15:45 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-06-01 15:45 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-06-01 15:45 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-01 15:45 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-01 15:45 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-01 15:45 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-01 15:45 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-01 15:45 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-01 15:45 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-01 15:45 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-06-01 15:45 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-06-01 15:45 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-01 15:45 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-06-01 15:45 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-06-01 15:45 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-06-01 15:45 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-01 15:45 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-06-01 15:45 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-01 15:45 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-01 15:45 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-01 15:45 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-06-01 15:45 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-06-01 15:45 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-06-01 15:45 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-06-01 15:45 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-06-01 15:45 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-06-01 15:45 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-06-01 15:45 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-06-01 15:45 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-01 15:45 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-06-01 15:45 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-01 15:45 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-01 15:45 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-01 15:45 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-06-01 15:45 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-06-01 15:45 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-06-01 15:45 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-06-01 15:45 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-06-01 15:45 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-01 15:45 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-01 15:45 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-06-01 15:45 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-01 15:44 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-01 15:44 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-01 15:44 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-01 15:44 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-01 15:44 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-01 15:44 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-01 15:44 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-06-01 15:44 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-01 15:44 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-01 15:44 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-06-01 15:44 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-06-01 15:44 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-01 15:44 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-06-01 15:44 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-06-01 15:44 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-06-01 15:44 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-06-01 15:43 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-01 15:43 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-01 15:43 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-01 15:43 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-01 15:43 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-01 15:43 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-01 15:43 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-01 15:43 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-24 13:59 - 2015-05-24 13:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX
2015-05-24 13:59 - 2015-05-24 13:59 - 00000000 ____D C:\Program Files (x86)\Sapphire TRIXX
2015-05-21 16:39 - 2015-05-29 13:02 - 00000024 _____ C:\Users\EL\random.dat
2015-05-21 16:39 - 2015-05-29 11:51 - 00000023 _____ C:\Users\EL\jagexappletviewer.preferences
2015-05-21 16:39 - 2015-05-29 09:50 - 00000041 _____ C:\Users\EL\jagex_cl_oldschool_LIVE.dat
2015-05-21 16:39 - 2015-05-21 16:39 - 00000000 ____D C:\.jagex_cache_32
2015-05-21 16:35 - 2015-05-21 16:39 - 00000000 ____D C:\Users\EL\jagexcache
2015-05-21 16:35 - 2015-05-21 16:35 - 00002086 _____ C:\Users\EL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk
2015-05-21 16:35 - 2015-05-21 16:35 - 00002056 _____ C:\Users\EL\Desktop\OldSchool RuneScape.lnk
2015-05-21 16:35 - 2015-05-21 16:35 - 00000000 ____D C:\Users\EL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2015-05-21 16:34 - 2015-05-21 16:34 - 24018944 _____ C:\Users\EL\Desktop\OldSchool.msi
2015-05-21 16:32 - 2015-05-25 21:39 - 00000016 _____ C:\Users\EL\Desktop\Nový textový dokument.BAT
2015-05-21 16:31 - 2015-05-21 16:31 - 00000000 _____ C:\Users\EL\Desktop\Nový textový dokument.txt
2015-05-17 18:18 - 2015-05-17 18:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 21:17 - 2013-09-21 21:28 - 00047512 _____ C:\Windows\system32\perfh01B.dat
2015-06-15 21:17 - 2013-09-21 21:28 - 00011800 _____ C:\Windows\system32\perfc01B.dat
2015-06-15 21:17 - 2013-09-21 19:16 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-35905321-3609379053-2231656201-1001
2015-06-15 21:17 - 2013-09-21 19:11 - 00907186 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-15 21:13 - 2013-09-21 19:12 - 00000000 __RDO C:\Users\Peter\SkyDrive
2015-06-15 21:12 - 2014-10-13 18:07 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 21:12 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-15 21:12 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-15 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-15 20:59 - 2014-10-23 20:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-15 20:27 - 2014-10-13 18:07 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 08:30 - 2015-01-18 18:02 - 01406220 _____ C:\Windows\WindowsUpdate.log
2015-06-15 08:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-14 23:00 - 2013-09-22 10:16 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-14 22:50 - 2014-06-22 12:39 - 00000000 ____D C:\Program Files\trend micro
2015-06-14 19:54 - 2014-01-08 16:38 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-06-14 19:54 - 2014-01-06 23:25 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-06-14 15:25 - 2014-01-06 23:25 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-06-14 12:17 - 2015-04-29 14:43 - 00000000 ____D C:\Program Files\Kerbal Space Program
2015-06-12 16:57 - 2013-09-22 09:53 - 01556992 ___SH C:\Users\Peter\Desktop\Thumbs.db
2015-06-12 15:40 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-11 15:45 - 2013-11-17 14:50 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Media Player Classic
2015-06-11 15:23 - 2014-11-28 23:22 - 00000000 ____D C:\Users\Peter\AppData\Local\JDownloader 2.0
2015-06-11 11:34 - 2013-10-27 14:38 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-11 11:34 - 2013-10-27 14:38 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-10 16:29 - 2014-07-14 16:02 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-35905321-3609379053-2231656201-1021
2015-06-10 16:13 - 2014-07-14 15:58 - 00000000 ___DO C:\Users\EL\OneDrive
2015-06-05 16:24 - 2013-09-21 19:11 - 00000000 ____D C:\Users\Peter\AppData\Local\Packages
2015-06-04 20:05 - 2013-12-04 15:28 - 00518144 ___SH C:\Users\Peter\Documents\Thumbs.db
2015-06-04 18:51 - 2014-09-28 10:32 - 00000000 ____D C:\Users\Peter\AppData\Roaming\gleam
2015-06-02 20:11 - 2013-09-21 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 19:24 - 2015-04-19 09:26 - 00000000 ____D C:\Users\Peter\AppData\Local\Battle.net
2015-06-02 19:05 - 2015-04-19 09:28 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-02 19:04 - 2015-04-19 09:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-02 17:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-02 15:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
2015-06-01 16:10 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-01 16:06 - 2013-08-22 16:44 - 00527976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 16:05 - 2015-02-09 17:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sk-SK
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-01 16:05 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-01 16:05 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-01 16:03 - 2013-09-22 10:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-01 15:58 - 2013-08-22 15:25 - 00000167 _____ C:\Windows\win.ini
2015-06-01 15:56 - 2013-08-23 00:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-01 15:39 - 2013-09-21 20:12 - 00000000 ____D C:\Users\Peter\AppData\Local\Adobe
2015-06-01 15:32 - 2014-10-23 20:56 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-26 18:30 - 2013-09-22 23:02 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2015-05-21 19:55 - 2015-04-08 20:38 - 00013824 ___SH C:\Users\Peter\Downloads\Thumbs.db
2015-05-21 16:39 - 2014-07-14 15:54 - 00000000 ____D C:\Users\EL
2015-05-19 21:22 - 2014-10-13 18:07 - 00003928 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 21:22 - 2014-10-13 18:07 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 18:18 - 2013-09-21 22:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2013-11-08 19:36 - 2014-12-28 20:09 - 0011776 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-03 12:26 - 2015-03-24 16:42 - 0012546 _____ () C:\Users\Peter\AppData\Local\MRDownloader.err
2014-03-02 23:29 - 2015-03-24 16:42 - 0001480 _____ () C:\Users\Peter\AppData\Local\MRDownloader.nast
2014-06-15 14:04 - 2014-06-15 14:04 - 0000017 _____ () C:\Users\Peter\AppData\Local\resmon.resmoncfg
2013-11-13 02:03 - 2013-11-13 02:03 - 0000460 _____ () C:\Users\Peter\AppData\Local\SRDownloader.err
2013-09-25 21:08 - 2013-12-18 09:47 - 0001080 _____ () C:\Users\Peter\AppData\Local\SRDownloader.nast

Files to move or delete:
====================
C:\Users\Peter\Uninstal.exe


Some files in TEMP:
====================
C:\Users\EL\AppData\Local\Temp\avgnt.exe
C:\Users\Peter\AppData\Local\Temp\avgnt.exe
C:\Users\Peter\AppData\Local\Temp\proxy_vole9136526455854477980.dll
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-14 13:05

==================== End of log ============================

[Linux]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Peter at 2015-06-15 21:35:36
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-35905321-3609379053-2231656201-500 - Administrator - Disabled)
EL (S-1-5-21-35905321-3609379053-2231656201-1021 - Limited - Enabled) => C:\Users\EL
Guest (S-1-5-21-35905321-3609379053-2231656201-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-35905321-3609379053-2231656201-1003 - Limited - Enabled)
Peter (S-1-5-21-35905321-3609379053-2231656201-1001 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Enabled) {753F9273-B322-2907-AC37-03D0F1702F22}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{B169ACBB-219A-4517-94C1-05973FE15263}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AMD Catalyst Install Manager (HKLM\...\{5A53DBA6-9B15-450F-EDF3-C01E12E9C61F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.11.376 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Corel WinDVD Pro 11 (HKLM-x32\...\_{EF13E6B7-86D2-4E2C-82FB-375654407D4F}) (Version: 11.5.1.3 - Corel Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike 1.6 Non-Steam 1.0 (HKLM-x32\...\Counter-Strike 1.6 Non-Steam 1.0) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Emergency Download Driver (HKLM-x32\...\{05DBF996-83D0-4C40-8D3A-A6850800BC88}) (Version: 1.1.7.1439 - Nokia)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.02.20 - )
Eurobattle.net (HKLM-x32\...\Eurobattle.net1.26a) (Version: 1.26a - Eurobattle.net)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Flash Update Installer (x32 Version: 5.0.7 - Microsoft) Hidden
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.18.4 - Androxyde)
Fuse Installer (x32 Version: 5.0.7 - Nokia) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version: - SlavaSoft Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
ICA (x32 Version: 11.5.1.3 - Corel Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
IPM (x32 Version: 11.5 - Corel Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kerbal Space Program (HKLM-x32\...\Kerbal Space Program_is1) (Version: - )
Kerbal Space Program Demo (HKLM-x32\...\Steam App 231410) (Version: - Squad)
K-Lite Codec Pack 9.4.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Lumia Software Recovery Tool 5.0.7 (HKLM-x32\...\{2ec04fd8-3cde-4e6d-ae52-f6c3c1cda8d8}) (Version: 5.0.7 - Microsoft)
Lumia Software Recovery Tool 5.0.7 (x32 Version: 5.0.7 - Microsoft) Hidden
Lumia UEFI Blue Driver (HKLM-x32\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)
Malwarebytes Anti-Malware verze 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector, 64-bitová verzia (HKLM\...\{95140000-0081-041B-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 CSY (HKLM\...\{0A8A841B-29C4-4947-BF59-241216B4D904}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
Movie Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 38.0.5 (x86 sk) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 sk)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero 9 (HKLM-x32\...\{a75a7055-8c27-41a7-bd4b-d1b3bed06454}) (Version: - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
OldSchool RuneScape Launcher 1.2.5 (HKLM-x32\...\{375893B6-C8DB-42B0-9547-6E4437542C33}) (Version: 1.2.5 - Jagex Ltd)
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Product API Installer (x32 Version: 5.0.7 - Microsoft) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Setup (x32 Version: 11.5.1.3 - Corel Inc.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.5.201504081732 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.11.4 (HKLM\...\Stellarium_is1) (Version: 0.11.4 - Stellarium team)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Twinstar-Launcher (HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\c8c75cfa6b8b223c) (Version: 1.0.0.49 - Twinstar)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\Warcraft III) (Version: - )
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinDVD (x32 Version: 11.5.1.3 - Corel Inc.) Hidden
WinRAR 5.01 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)
Zoner Callisto 5 FREE (HKLM-x32\...\ZonerCallisto5_CZ_is1) (Version: 5.0.5000.16 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-35905321-3609379053-2231656201-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File

==================== Restore Points =========================

14-06-2015 13:37:01 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A17249C-CCB0-438E-AC60-34A4ACB270E0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {374F168C-8E8B-4DBB-BED6-8DFEB7D3BBD2} - System32\Tasks\{463BF9F4-2F21-4E37-98F5-28A9F33BA814} => pcalua.exe -a "F:\Call of Duty 2\call of duty2\CoD2SP_s.exe" -d "F:\Call of Duty 2\call of duty2"
Task: {44231983-9173-44AD-89D0-8371ECD57756} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4445D117-6A0B-449D-B09B-87E9871BDF2E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6B89F584-D319-4FB2-8B0F-31E32C40FA00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {9C6973CC-507C-4E16-8334-0F039D0A75D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-01] (Adobe Systems Incorporated)
Task: {A0F53799-BE29-4E17-9CA6-5E7FA8E3B612} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {A63D7BD1-EFCF-4130-A46B-A5E70E9566FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {C948E648-1BBD-44DD-815B-267F00013587} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D85078EA-FB0D-4826-B80F-DAFE55FBC581} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-21 21:22 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-02 12:46 - 2015-03-02 12:46 - 00094832 _____ () C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
2014-01-06 23:25 - 2014-01-07 21:48 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-21 20:30 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2013-09-21 20:30 - 2010-01-08 17:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2013-09-21 20:30 - 2010-01-08 17:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\EL\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Peter\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-35905321-3609379053-2231656201-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\Documents\Zemňe.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "HDAudDeck"
HKLM\...\StartupApproved\Run32: => "CleanSetup"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "MSStp"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "NUSB3MON"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\StartupApproved\Run: => "reg_svr"
HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-35905321-3609379053-2231656201-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{A08BD6BF-C5DA-442B-8D43-ABEF3A9A37B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7EA40615-BCD0-4661-991D-328984EFCE7B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D7707CEA-6CBD-455C-8EDB-F57CE1B0D4C8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{3EE6499A-08CE-41B2-ADF5-1766787ACD06}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{C5316F3D-AA11-482A-896C-3D0310AD3A2A}] => (Allow) c:\Program Files (x86)\sMedio\WinDVD11\\WinDVD.exe
FirewallRules: [{9FBE0D8B-3111-46F7-935A-2F2A6C3DC9D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C3D13C39-A2F7-461B-A0D6-73E3D6F351DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6C5CC982-E871-48C4-8E8A-96C609773140}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{24B05503-7341-4306-9A6D-42F9AD8344A3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F73A650E-17AD-4AD6-9F97-2125713911C3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F6FC0933-9CE9-45F2-AC14-4E56B9ADA599}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{74E1D8E9-98A1-44AF-9B5B-5E66E7DD48DF}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{5FB0BACF-BFC8-4701-8515-4D74992C5617}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{EC94EE82-2FAF-4E64-8B1F-79AC987125A5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F33C8A8E-543C-4217-B5E2-BBD551473654}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D0A8CEA3-46B4-4BFB-8080-765F2CC1FF4C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D6456E8C-DAC6-4DF3-AAAB-CC0DB386D0D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2B2CC708-F48E-475F-B0CA-125A80CE86C8}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{C35B5947-7098-4A01-B65A-E49C5153DA63}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7B7DF2B7-7EAD-4BF8-8060-AAA5A0FEF9F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAA67F5A-E0A1-421E-A1C3-154F960D90D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6D14ED2-3C70-476D-BEA9-7BDB4B98397E}] => (Allow) D:\SteamLibrary\steamapps\common\Kerbal Space Program Demo\KSP.exe
FirewallRules: [{F5D2C513-A573-459E-9DCE-429636194626}] => (Allow) D:\SteamLibrary\steamapps\common\Kerbal Space Program Demo\KSP.exe
FirewallRules: [{6F0A475A-B77B-4711-AD65-C1EF48292489}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{AE5EB2B9-E098-4E65-A021-FD88390235C2}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{144FAF36-B99F-4B7A-84A9-1E13ABA3F533}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{7F19C0FF-F5B2-4207-8344-1728649AF936}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2015 07:54:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GTA5.exe version 1.0.350.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b14

Start Time: 01d0a6cb1e10d141

Termination Time: 4294967295

Application Path: D:\Hry\Grand Theft Auto V\GTA5.exe

Report Id: 6bd9ee5a-12be-11e5-860c-485b39c9689c

Faulting package full name:

Faulting package-relative application ID:

Error: (06/14/2015 01:48:56 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (5836) Instance: Database recovery/restore failed with unexpected error -1032.

Error: (06/14/2015 01:48:56 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5836) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\edb.log" for read / write access failed with system error 32 (0x00000020): "Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2015 01:48:46 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5836) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" for read / write access failed with system error 32 (0x00000020): "Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2015 01:48:36 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5836) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" for read / write access failed with system error 32 (0x00000020): "Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2015 01:48:26 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5836) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" for read / write access failed with system error 32 (0x00000020): "Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2015 01:48:16 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5836) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" for read / write access failed with system error 32 (0x00000020): "Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2015 01:48:06 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5836) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" for read / write access failed with system error 32 (0x00000020): "Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2015 01:47:56 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5836) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" for read / write access failed with system error 32 (0x00000020): "Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2015 01:47:46 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5836) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" for read / write access failed with system error 32 (0x00000020): "Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces. ". The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (06/15/2015 09:12:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby AODDriver4.2.0 zlyhalo kvôli nasledujúcej chybe:
%%3

Error: (06/15/2015 09:11:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Nero BackItUp Scheduler 4.0 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 2 krát. O 500 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (06/15/2015 09:11:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Mail Protection sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 2 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (06/15/2015 09:11:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba sieťového zdieľania pre prehrávač Windows Media Player sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (06/15/2015 09:11:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Office Software Protection Platform sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (06/15/2015 09:11:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (06/15/2015 09:11:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Mail Protection sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (06/15/2015 09:11:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (06/15/2015 09:11:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (06/15/2015 09:11:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Nero BackItUp Scheduler 4.0 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 500 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


Microsoft Office:
=========================
Error: (06/14/2015 07:54:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: GTA5.exe1.0.350.1b1401d0a6cb1e10d1414294967295D:\Hry\Grand Theft Auto V\GTA5.exe6bd9ee5a-12be-11e5-860c-485b39c9689c

Error: (06/14/2015 01:48:56 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost5836Instance: -1032

Error: (06/14/2015 01:48:56 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost5836Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-1032 (0xfffffbf8)32 (0x00000020)Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.

Error: (06/14/2015 01:48:46 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost5836Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.

Error: (06/14/2015 01:48:36 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost5836Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.

Error: (06/14/2015 01:48:26 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost5836Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.

Error: (06/14/2015 01:48:16 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost5836Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.

Error: (06/14/2015 01:48:06 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost5836Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.

Error: (06/14/2015 01:47:56 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost5836Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.

Error: (06/14/2015 01:47:46 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost5836Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.


CodeIntegrity Errors:
===================================
Date: 2014-01-26 16:15:41.427
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\PROGRA~2\PDFCRE~1\PDFSpool.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\PDFCreator\PDFCreator.exe that did not meet the Store signing level requirements.

Date: 2014-01-26 16:14:25.947
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\PROGRA~2\PDFCRE~1\PDFSpool.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\PDFCreator\PDFCreator.exe that did not meet the Store signing level requirements.

Date: 2014-01-26 16:13:39.973
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\PROGRA~2\PDFCRE~1\PDFSpool.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\PDFCreator\PDFCreator.exe that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 32%
Total physical RAM: 4093.16 MB
Available physical RAM: 2763.5 MB
Total Pagefile: 7165.16 MB
Available Pagefile: 5611.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:17.64 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:505.89 GB) NTFS
Drive e: () (Fixed) (Total:31.15 GB) (Free:30.61 GB) NTFS
Drive f: () (Fixed) (Total:434.51 GB) (Free:318.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 13BF13BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=31.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=434.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2B4D3591)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B34D73BB)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End of log ============================

[altrok]

Odinstalujte starou a zranitelnou verzi javy Java 7 Update 51. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit.

Otestujte na virustotal.com C:\Windows\SysWoW64\regsvr32.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  File: C:\Users\Peter\Uninstal.exe
  C:\Windows\SysWOW64\acumncbdva.exe
  C:\Windows\SysWOW64\dcgmncbdva.exe
  C:\Windows\Inf\msstp.vbe
  C:\Windows\Inf\msstp.inf
  HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
  HKLM-x32\...\Run: [MSStp] => C:\Windows\inf\msstp.vbe [1584 2014-03-05] ()
  HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
  
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  
  S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
  S3 TRIXX; \??\C:\Users\Peter\AppData\Local\Temp\TRIXX.sys [X]
  
  2015-06-15 21:18 - 2015-06-15 21:18 - 00013222 _____ C:\Users\Peter\Desktop\FRST.txt
  2015-06-15 21:10 - 2015-06-15 21:11 - 00000000 ____D C:\AdwCleaner
  2015-06-15 21:09 - 2015-06-15 21:08 - 02231296 _____ C:\Users\Peter\Desktop\adwcleaner_4.206.exe
  2015-06-15 20:51 - 2015-06-15 21:09 - 00001642 _____ C:\Scan MBAM.txt
  2015-06-14 22:50 - 2015-01-29 18:06 - 01222144 _____ C:\RSITx64(1).exe
  File: C:\Users\Peter\Uninstal.exe
  
  Task: {374F168C-8E8B-4DBB-BED6-8DFEB7D3BBD2} - System32\Tasks\{463BF9F4-2F21-4E37-98F5-28A9F33BA814} => pcalua.exe -a "F:\Call of Duty 2\call of duty2\CoD2SP_s.exe" -d "F:\Call of Duty 2\call of duty2"
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Hosts:
  EmptyTemp:
  End
  

[Linux]

Analýza súboru: https://www.virustotal.com/cs/file/7ead ... 434399158/

javu mám nainštalovanú aj v8 nechápem, prečo mi stará ostala, každopádne je odinštalovaná

a LOG

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Peter at 2015-06-15 22:13:42 Run:1
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter & EL)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
File: C:\Users\Peter\Uninstal.exe
C:\Windows\SysWOW64\acumncbdva.exe
C:\Windows\SysWOW64\dcgmncbdva.exe
C:\Windows\Inf\msstp.vbe
C:\Windows\Inf\msstp.inf
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [MSStp] => C:\Windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 TRIXX; \??\C:\Users\Peter\AppData\Local\Temp\TRIXX.sys [X]

2015-06-15 21:18 - 2015-06-15 21:18 - 00013222 _____ C:\Users\Peter\Desktop\FRST.txt
2015-06-15 21:10 - 2015-06-15 21:11 - 00000000 ____D C:\AdwCleaner
2015-06-15 21:09 - 2015-06-15 21:08 - 02231296 _____ C:\Users\Peter\Desktop\adwcleaner_4.206.exe
2015-06-15 20:51 - 2015-06-15 21:09 - 00001642 _____ C:\Scan MBAM.txt
2015-06-14 22:50 - 2015-01-29 18:06 - 01222144 _____ C:\RSITx64(1).exe
File: C:\Users\Peter\Uninstal.exe

Task: {374F168C-8E8B-4DBB-BED6-8DFEB7D3BBD2} - System32\Tasks\{463BF9F4-2F21-4E37-98F5-28A9F33BA814} => pcalua.exe -a "F:\Call of Duty 2\call of duty2\CoD2SP_s.exe" -d "F:\Call of Duty 2\call of duty2"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= File: C:\Users\Peter\Uninstal.exe ========================

MD5: 3007C6E983E00094660E9A9A2961A4F9
Creation and modification date: 2013-10-20 12:01 - 2013-10-20 12:01
Size: 0113115
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright$creamod:

====== End of File: ======

C:\Windows\SysWOW64\acumncbdva.exe => moved successfully.
C:\Windows\SysWOW64\dcgmncbdva.exe => moved successfully.
C:\Windows\Inf\msstp.vbe => moved successfully.
"C:\Windows\Inf\msstp.inf" => File/Folder not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MSStp => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
AODDriver4.2.0 => Service removed successfully
TRIXX => Service removed successfully
C:\Users\Peter\Desktop\FRST.txt => moved successfully.
C:\AdwCleaner => moved successfully.
C:\Users\Peter\Desktop\adwcleaner_4.206.exe => moved successfully.
C:\Scan MBAM.txt => moved successfully.
C:\RSITx64(1).exe => moved successfully.

========================= File: C:\Users\Peter\Uninstal.exe ========================

MD5: 3007C6E983E00094660E9A9A2961A4F9
Creation and modification date: 2013-10-20 12:01 - 2013-10-20 12:01
Size: 0113115
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright$creamod:

====== End of File: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{374F168C-8E8B-4DBB-BED6-8DFEB7D3BBD2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{374F168C-8E8B-4DBB-BED6-8DFEB7D3BBD2}" => key removed successfully
C:\Windows\System32\Tasks\{463BF9F4-2F21-4E37-98F5-28A9F33BA814} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{463BF9F4-2F21-4E37-98F5-28A9F33BA814}" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 644.5 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 22:14:04 ====

[altrok]

Vyborne, BitCoin miner byl smazan, takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[Linux]

Ďakujem veľmi pekne, Bol aj aktívny? Vôbec nechápem ako sa mohol dostať do PC

Každopádne som nastavil v AV úlohu, kontroly PC raz týždenne. Aj napriek tomu, že ho nezmazal celý ale aspoň naň upozornil, že sa v sytéme nachádza, tak snáď v budúcnu mi to pomôže takéto hrozby odhaliť skôr.

[altrok]

Mozna jeho cinnost/spusteni Avira blokovala, ale urcite se o tezbu pri kazdem startu PC snazil. Mel byste pozorovat minimalni vytizeni procesoru (v klidu pri nespustene zadne aplikaci v radu jednotek procent).

Konkretne tento druh se do PC casto dostava s warezem - typicky cracky z ulozta apod. Pokud byl aktivni, casto si uzivatele stezuji na vyssi zatizeni procesoru, v dusledku cehoz zbyva mene vykonu na beznou cinnost a pocitac je pomalejsi, a vyssi otacky vetracku (zpusobene prave vypocetnim vykonem na tezbu BitCoinu).