Po stažení dokumentu došlo k samovolné instalaci adwaru Mail.ru. HDD jsem již částečně pročistil pomocí MBAM a AdwCleanerem. Přetrvává však změna v nastavení prohlížečů Chrome a IE, kde se mi stále jako výchozí stránka zobrazuje web mail.ru. Níže přikládám kopie logů FRST A RK, které bych prosil překontrolovat.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
Ran by Jiří (administrator) on PC (21-05-2016 22:34:25)
Running from C:\Users\Jiří\Desktop
Loaded Profiles: Jiří (Available Profiles: Jiří)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
-----------------------------------------------------------------------------------------------------------------------
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CompSoft) C:\Program Files (x86)\RimhillEx\RimhillEx.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RimhillEx.lnk [2015-11-03]
ShortcutTarget: RimhillEx.lnk -> C:\Program Files (x86)\RimhillEx\RimhillEx.exe (CompSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{C067CDFC-878A-40FA-94F2-DB38F79D4FF1}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
FireFox:
========
FF ProfilePath: C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Extension: Zoom Page - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\zoompage@DW-dev.xpi [2015-03-13] [not signed]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} [not found]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com [not found]
FF Extension: Adblock Plus - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-01] [not signed]
Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=802811"
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BA238B4D9-A676-4B6C-A505-A14F9BB39C25%7D&gp=802821
CHR DefaultSearchKeyword: Default -> go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Profile: C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-24]
CHR Extension: (Dokumenty Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-24]
CHR Extension: (Disk Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Mail.Ru) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgcifljfapbhgiehkjlckfjmgeojijcb [2016-05-21]
CHR Extension: (YouTube) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (uBlock) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2015-06-25]
CHR Extension: (Tabulky Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbjjfiihgfegniolckphpnfaokdkbmdm [2016-05-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2016-05-21]
CHR Extension: (Gmail) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: "hxxp://www.google.cz/"
OPR Extension: (uBlock Origin) - C:\Users\Jiří\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-05-21]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2013-06-17] (ABBYY InfoPoisk LLC)
R2 Ghostery Storage Server; C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe [346624 2016-05-21] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-27] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-25] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 22:34 - 2016-05-21 22:34 - 00011532 _____ C:\Users\Jiří\Desktop\FRST.txt
2016-05-21 22:29 - 2016-05-21 22:34 - 00000000 ____D C:\FRST
2016-05-21 22:28 - 2016-05-21 22:28 - 00004448 _____ C:\Users\Jiří\Desktop\RK.txt
2016-05-21 22:25 - 2016-05-21 22:29 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-21 22:24 - 2016-05-21 22:24 - 24085576 _____ C:\Users\Jiří\Desktop\RogueKillerX64.exe
2016-05-21 22:08 - 2016-05-21 22:08 - 02382336 _____ (Farbar) C:\Users\Jiří\Desktop\FRST64.exe
2016-05-21 21:25 - 2016-05-21 22:25 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-21 20:54 - 2016-05-21 20:52 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-05-21 20:52 - 2016-05-21 20:52 - 00000000 ____D C:\zoek_backup
2016-05-21 19:37 - 2016-05-21 21:31 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Amigo
2016-05-21 18:55 - 2016-05-21 18:55 - 00000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Unity
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\Local\Unity
2016-05-17 19:21 - 2016-05-17 19:21 - 03728153 _____ C:\Users\Jiří\Desktop\jbl_m2_soundandrecording_1214.pdf
2016-05-14 14:12 - 2016-05-14 14:12 - 00286030 _____ C:\Users\Jiří\Desktop\casopis_music_store_-_teoreticke_minimum_o_signalech_pro_systemove_inzenyry_-_1._cast_-_2014-01-27.pdf
2016-05-12 21:46 - 2016-05-12 21:46 - 00633393 _____ C:\Users\Jiří\Desktop\AKUSTICKÁ MĚŘENÍ V REÁLNÉM PROSTŘEDÍ.pdf
2016-05-12 14:47 - 2016-05-12 14:47 - 00666326 _____ C:\Users\Jiří\Desktop\zaklady_akustiky_matucha.pdf
2016-05-09 01:04 - 2016-05-09 01:04 - 00000000 ____D C:\Users\Jiří\AppData\Local\Video Enhancer
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 22:32 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 22:32 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 22:28 - 2014-12-28 03:49 - 00668768 _____ C:\Windows\system32\perfh005.dat
2016-05-21 22:28 - 2014-12-28 03:49 - 00141428 _____ C:\Windows\system32\perfc005.dat
2016-05-21 22:28 - 2009-07-14 07:13 - 01584138 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-21 22:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-21 22:24 - 2015-03-24 02:16 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-21 22:24 - 2014-12-27 19:35 - 00000000 __SHD C:\Users\Jiří\IntelGraphicsProfiles
2016-05-21 22:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-21 22:02 - 2015-03-24 02:16 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 21:05 - 2014-12-28 00:05 - 00000000 ____D C:\Users\Jiří\Desktop\Torrents
2016-05-21 20:34 - 2015-04-07 15:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-21 20:34 - 2015-01-26 20:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-05-21 17:15 - 2015-02-27 20:18 - 00000000 ____D C:\Users\Jiří\Desktop\HiFi
2016-05-21 00:08 - 2014-12-27 23:37 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\foobar2000
2016-05-13 02:03 - 2015-03-24 02:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 02:03 - 2015-03-24 02:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-11 19:55 - 2015-04-18 17:19 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429370367
2016-05-11 19:55 - 2015-04-18 17:19 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-11 00:57 - 2015-03-24 02:16 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 00:57 - 2015-03-24 02:16 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 23:06 - 2015-02-28 01:20 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Adblock Plus for IE
2016-04-24 02:14 - 2016-03-20 23:34 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\CUE Tools
2016-04-21 15:05 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Jiří\AppData\Roaming\BYAIAMUF
2015-03-15 04:25 - 2015-04-25 16:21 - 0007644 _____ () C:\Users\Jiří\AppData\Local\resmon.resmoncfg
2015-04-18 14:50 - 2015-04-18 14:51 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4141B537-A8C7-492A-9C25-8EE723551956}
2015-09-24 14:21 - 2015-09-24 14:21 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4852063D-1C32-4B24-9BE1-3E56E68EB444}
2015-04-19 00:37 - 2015-04-19 01:03 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-12-27 19:10 - 2014-12-27 19:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Jiří\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jiří\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jiří\AppData\Local\Temp\proxy_vole7997592111591506299.dll
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-18 15:13
==================== End of FRST.txt ============================
-----------------------------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-05-2016
Ran by Jiří (2016-05-21 22:34:35)
Running from C:\Users\Jiří\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-12-27 16:53:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2789862122-2855940618-1815203127-500 - Administrator - Disabled)
Guest (S-1-5-21-2789862122-2855940618-1815203127-501 - Limited - Disabled)
Jiří (S-1-5-21-2789862122-2855940618-1815203127-1000 - Administrator - Enabled) => C:\Users\Jiří
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.194 - ABBYY Production LLC)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{26D488C3-89E9-455C-B96A-1ADF65A26C54}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ASUS Xonar Essence ST Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
calibre 64bit (HKLM\...\{277F0069-2F86-48DA-976A-2C86D2B6345A}) (Version: 2.42.0 - Kovid Goyal)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
eMule (HKLM-x32\...\eMule) (Version: - )
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MKVToolNix 7.8.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.8.0 - Moritz Bunkus)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{173C15BC-8C06-4A7A-9E6E-6FDFD5E59C77}) (Version: 8.5.4.11 - Nitro)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 37.0.2178.43 (HKLM-x32\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Kakao Corp.)
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
RimhillEx 1.04 (HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\...\RimhillEx_is1) (Version: - CompSoft)
Sonic Radar (HKLM\...\{0E2BE1E8-F087-45D6-8D29-5CB305643B78}) (Version: 1.0.001 - ASUSTeKcomputer.Inc)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Ulož.to File Manager verze 1.7 (HKLM-x32\...\{8190420D-F4BA-4744-8940-A466F81AF89C}_is1) (Version: 1.7 - Nodus Technologies s.r.o.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.68 - NCH Software)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XMedia Recode version 3.2.6.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.6.0 - XMedia Recode)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {37598D6D-F3D2-4DBA-BEE5-83E3CB24EE37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {37EB5717-65E7-4C2E-8095-A1D7AD752CCE} - System32\Tasks\{12426F1D-3927-4F33-BF54-DFD93CFED1AE} => pcalua.exe -a C:\Users\Jiří\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {4565D649-3069-44D1-904C-BC2E9DC5BD8B} - System32\Tasks\Opera scheduled Autoupdate 1429370367 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-09] (Opera Software)
Task: {73392F08-0DFD-4AB5-8CF0-9019FA742DC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {852DCB09-D1D4-4684-A322-79965D244A91} - System32\Tasks\{844E29D7-7A9B-4308-8563-3ACF0F4A37FE} => C:\Windows\system\HsMgr64.exe [2008-07-11] ()
Task: {A2B6C0E6-464D-439F-B539-1B6ABBA70552} - System32\Tasks\{169D3321-319B-4FAC-84C2-15C95D8D6B95} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lig ... tError=404
Task: {C3A8E176-37E7-4137-8057-2C926C074F56} - System32\Tasks\{941CC844-4B2D-4C63-B1EA-3066D8B292F3} => C:\Windows\system\HsMgr64.exe [2008-07-11] ()
Task: {C7791E79-6767-4467-89F2-F34C7E9B351D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CC2D7DA8-BFA1-41BE-B26E-C5AAD61E48DD} - System32\Tasks\{4C4D49D8-4F3D-43CE-95AE-286B15631B91} => C:\Windows\system\HsMgr64.exe [2008-07-11] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\BYAIAMUF.job => C:\Users\Ji��\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: C:\Windows\Tasks\GNOK.job => C:\Users\Ji��\AppData\Roaming\GNOK.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-05-21 18:55 - 2016-05-21 18:55 - 00346624 _____ () C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe
2014-12-27 20:09 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\VmixP8.dll
2014-12-27 19:11 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:2E7127D2 [144]
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E [135]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: ABBYY.Licensing.FineReader.Professional.11.0 => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke
MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C40F5CEF-68CA-466A-86C0-2431344322DA}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{32607B1F-A9FC-43BC-ACB2-2F68A778CA37}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3FF4414A-5C79-44B7-906D-51F25E323258}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{301055DC-ED8A-470F-A8A6-6DAC0742028A}C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe
FirewallRules: [UDP Query User{6937DC64-2CFA-4EEB-9C97-C5958F6D2239}C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe
FirewallRules: [TCP Query User{924C18CF-6FA7-49D6-92A7-7DB7D6012D35}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{47DDE40B-526C-4632-90B6-287EC04A9E80}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{3CC938F9-E94E-4812-A323-9ED485B4A881}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{5C436236-5DD5-4CB6-9AD5-94E5DAB2AA27}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [TCP Query User{A03404F7-9342-48B9-B141-4403B9EEC7DF}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{6B75FB2C-33DA-4B70-A0AB-9CF522CC9AF3}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{4D3CC76D-AE0F-4974-9639-B397D4CAC90A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
21-05-2016 20:53:44 zoek.exe restore point
21-05-2016 21:54:27 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/21/2016 10:24:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/21/2016 10:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.
Kontext: aplikace Windows
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4700} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (05/21/2016 10:01:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
%%1056
Error: (05/21/2016 10:00:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (05/21/2016 10:00:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-1073473535, specifickou pro službu.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) PROSet Monitoring Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/21/2016 09:04:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Capability Licensing Service Interface byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 31%
Total physical RAM: 8063.9 MB
Available physical RAM: 5520.34 MB
Total Virtual: 16426.01 MB
Available Virtual: 14623.53 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:108.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A910D718)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
-----------------------------------------------------------------------------------------------------------------------
RogueKiller V12.2.1.0 (x64) [May 16 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Ji?í [Práva správce]
Started from : C:\Users\Ji?í\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 05/21/2016 22:27:55
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT256MX100SSD1 ATA Device +++++
--- User ---
[MBR] 26b47446ac3259315164f797629ab7ac
[BSP] 7c1cb365c6cba495c3590460c5f55d8a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Zdravim 
Rad bych videl novy log z ADWCleaneru
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Rad bych videl novy log z ADWCleaneru
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Zdravím též. Problém s prohlížeči se zdá být (po probdělé noci) a za pomocí utility Chrome Cleanup Tool a RogueKiller vyřešen. Požadované logy přikládám. Vyskytl se však další problém, a to v podobě detekce viru při scanu MWAV. MWAV hlasí detekci malwaru, avšak (ve free verzi) ho není schopen smazat (resp. "vyléčit"). Zde bych tedy poprosil o radu, co s tím. Výtah z logu MWAV (celý log je příliš velký) přikládám níže.
# AdwCleaner v5.117 - Log soubor vytvořen 22/05/2016 o 14:00:04
# Aktualizováno 15/05/2016 by Xplode
# Databáze : 2016-05-15.2 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Jméno uživatele : Jiří - PC
# Spuštěno z : C:\Users\Jiří\Desktop\adwcleaner_5.117.exe
# Volba : Skenovat
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
***** [ Registr ] *****
***** [ Webové prohlížeče ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [680 bytes] - [22/05/2016 14:00:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [752 bytes] ##########
-----------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Update, 22.5.2016 13:58, SYSTEM, PC, Manual, Domain Database, 2016.5.21.1, 2016.5.22.3,
Update, 22.5.2016 13:58, SYSTEM, PC, Manual, Malware Database, 2016.5.21.3, 2016.5.22.3,
Scan, 22.5.2016 14:25, SYSTEM, PC, Manual, Začátek: 22.5.2016 14:03, Doba trvání: 21 min 53 sekund, Vlastní sken, Dokončeno, Detekce malwaru 0, Detekce jiných hrozeb 0,
(end)
-----------------------------------------------------------------------------------------------------------------------
22 5 2016 03:21:01 - eScan Anti Virus & Spyware Toolkit Utility.
22 5 2016 03:21:01 - Copyright © MicroWorld Technologies
22 5 2016 03:21:01 - **********************************************************
22 5 2016 03:21:01 - Source: C:\Users\Jiří\Desktop\mwav.exe
22 5 2016 03:21:01 - Version 11.0.86 (C:\USERS\JIří\APPDATA\LOCAL\TEMP\MEXE.COM)
22 5 2016 03:21:01 - Log File: C:\Users\Jiří\AppData\Local\Temp\MWAV.LOG
22 5 2016 03:21:01 - Last Scan Date and Time: 25.04.2015 19:20:51
22 5 2016 03:21:01 - MWAV Registered: FALSE
22 5 2016 03:21:01 - User Account: Jiří (Administrator Mode)
22 5 2016 03:21:01 - OS Type: Windows Workstation
22 5 2016 03:21:01 - OS: Windows Vista 64-Bit
22 5 2016 03:21:01 - Ver: Professional Service Pack 1 (Build 7601)
22 5 2016 03:21:01 - System Up Time: 24 Minutes, 29 Seconds
22 5 2016 03:21:01 - Parent Process Name : C:\Users\Jiří\Desktop\mwav.exe
22 5 2016 03:21:01 - Windows Root Folder: C:\Windows
22 5 2016 03:21:01 - Windows Sys32 Folder: C:\Windows\system32
22 5 2016 03:21:01 - DHCP NameServer: 213.46.172.37 213.46.172.36
22 5 2016 03:21:01 - Interface0 DHCPNameServer: 213.46.172.37 213.46.172.36
22 5 2016 03:21:01 - Local Fixed Drives: c:\
22 5 2016 03:21:01 - MWAV Mode: Only Scan files
22 5 2016 03:21:01 - [CREATED ZIP FILE: C:\Users\Jiří\AppData\Local\Temp\pinfect.zip]
22 5 2016 03:41:10 - Testování souboru C:\ProgramData\Oracle\Java\javapath\java.exe
22 5 2016 03:41:10 - Soubor C:\ProgramData\Oracle\Java\javapath\java.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!
22 5 2016 03:41:10 - Testování souboru C:\ProgramData\Oracle\Java\javapath\javaw.exe
22 5 2016 03:41:10 - Soubor C:\ProgramData\Oracle\Java\javapath\javaw.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
22 5 2016 03:41:10 - Testování souboru C:\ProgramData\Oracle\Java\javapath\javaws.exe
22 5 2016 03:41:10 - Soubor C:\ProgramData\Oracle\Java\javapath\javaws.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!
22 5 2016 04:02:31 - ***** Test dokončen *****
22 5 2016 04:02:31 - Testovaných objektů: 144874
22 5 2016 04:02:31 - Kritických objektů: 1
22 5 2016 04:02:31 - Celkem vyléčených objektů: 0
22 5 2016 04:02:31 - Celkem přejmenováno: 0
22 5 2016 04:02:31 - Smazaných objektů: 0
22 5 2016 04:02:31 - Celkem chyb: 0
22 5 2016 04:02:31 - Uplynulý čas: 00:22:17
22 5 2016 04:02:31 - Datum vydání databáze: 06 Nov 2009
22 5 2016 04:02:31 - Verze virové databáze: 4481875
22 5 2016 04:02:31 - Test je dokončen
# AdwCleaner v5.117 - Log soubor vytvořen 22/05/2016 o 14:00:04
# Aktualizováno 15/05/2016 by Xplode
# Databáze : 2016-05-15.2 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Jméno uživatele : Jiří - PC
# Spuštěno z : C:\Users\Jiří\Desktop\adwcleaner_5.117.exe
# Volba : Skenovat
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
***** [ Registr ] *****
***** [ Webové prohlížeče ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [680 bytes] - [22/05/2016 14:00:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [752 bytes] ##########
-----------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Update, 22.5.2016 13:58, SYSTEM, PC, Manual, Domain Database, 2016.5.21.1, 2016.5.22.3,
Update, 22.5.2016 13:58, SYSTEM, PC, Manual, Malware Database, 2016.5.21.3, 2016.5.22.3,
Scan, 22.5.2016 14:25, SYSTEM, PC, Manual, Začátek: 22.5.2016 14:03, Doba trvání: 21 min 53 sekund, Vlastní sken, Dokončeno, Detekce malwaru 0, Detekce jiných hrozeb 0,
(end)
-----------------------------------------------------------------------------------------------------------------------
22 5 2016 03:21:01 - eScan Anti Virus & Spyware Toolkit Utility.
22 5 2016 03:21:01 - Copyright © MicroWorld Technologies
22 5 2016 03:21:01 - **********************************************************
22 5 2016 03:21:01 - Source: C:\Users\Jiří\Desktop\mwav.exe
22 5 2016 03:21:01 - Version 11.0.86 (C:\USERS\JIří\APPDATA\LOCAL\TEMP\MEXE.COM)
22 5 2016 03:21:01 - Log File: C:\Users\Jiří\AppData\Local\Temp\MWAV.LOG
22 5 2016 03:21:01 - Last Scan Date and Time: 25.04.2015 19:20:51
22 5 2016 03:21:01 - MWAV Registered: FALSE
22 5 2016 03:21:01 - User Account: Jiří (Administrator Mode)
22 5 2016 03:21:01 - OS Type: Windows Workstation
22 5 2016 03:21:01 - OS: Windows Vista 64-Bit
22 5 2016 03:21:01 - Ver: Professional Service Pack 1 (Build 7601)
22 5 2016 03:21:01 - System Up Time: 24 Minutes, 29 Seconds
22 5 2016 03:21:01 - Parent Process Name : C:\Users\Jiří\Desktop\mwav.exe
22 5 2016 03:21:01 - Windows Root Folder: C:\Windows
22 5 2016 03:21:01 - Windows Sys32 Folder: C:\Windows\system32
22 5 2016 03:21:01 - DHCP NameServer: 213.46.172.37 213.46.172.36
22 5 2016 03:21:01 - Interface0 DHCPNameServer: 213.46.172.37 213.46.172.36
22 5 2016 03:21:01 - Local Fixed Drives: c:\
22 5 2016 03:21:01 - MWAV Mode: Only Scan files
22 5 2016 03:21:01 - [CREATED ZIP FILE: C:\Users\Jiří\AppData\Local\Temp\pinfect.zip]
22 5 2016 03:41:10 - Testování souboru C:\ProgramData\Oracle\Java\javapath\java.exe
22 5 2016 03:41:10 - Soubor C:\ProgramData\Oracle\Java\javapath\java.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!
22 5 2016 03:41:10 - Testování souboru C:\ProgramData\Oracle\Java\javapath\javaw.exe
22 5 2016 03:41:10 - Soubor C:\ProgramData\Oracle\Java\javapath\javaw.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
22 5 2016 03:41:10 - Testování souboru C:\ProgramData\Oracle\Java\javapath\javaws.exe
22 5 2016 03:41:10 - Soubor C:\ProgramData\Oracle\Java\javapath\javaws.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!
22 5 2016 04:02:31 - ***** Test dokončen *****
22 5 2016 04:02:31 - Testovaných objektů: 144874
22 5 2016 04:02:31 - Kritických objektů: 1
22 5 2016 04:02:31 - Celkem vyléčených objektů: 0
22 5 2016 04:02:31 - Celkem přejmenováno: 0
22 5 2016 04:02:31 - Smazaných objektů: 0
22 5 2016 04:02:31 - Celkem chyb: 0
22 5 2016 04:02:31 - Uplynulý čas: 00:22:17
22 5 2016 04:02:31 - Datum vydání databáze: 06 Nov 2009
22 5 2016 04:02:31 - Verze virové databáze: 4481875
22 5 2016 04:02:31 - Test je dokončen
Re: Prosím o kontrolu logu
MWAV odinstalujte a pustte tam MBAM.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
MWAV odinstalován, log z dalšího scanu MBAM přikládám. Nemůže být ta výše zmíněná detekce viru MWAV falešná ?
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 22.5.2016
Čas skenování: 16:58
Protokol: log1.txt
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.05.22.03
Databáze rootkitů: v2016.05.20.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Jiří
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 415566
Uplynulý čas: 22 min, 31 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 22.5.2016
Čas skenování: 16:58
Protokol: log1.txt
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.05.22.03
Databáze rootkitů: v2016.05.20.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Jiří
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 415566
Uplynulý čas: 22 min, 31 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Re: Prosím o kontrolu logu
Muze, proverime to.House43 píše:Nemůže být ta výše zmíněná detekce viru MWAV falešná ?
Najdete tento soubor C:\ProgramData\Oracle\Java\javapath\java.exe a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Name: java.exe
Size: 172.41kB (176,552 bytes)
Type: PE32 executable (console) Intel 80386, for MS Windows
First seen: October 15, 2014 at 5:47:30 PM GMT+2
MD5: aa3520fb0133a56bee1db34d74dbef64
SHA1: 9008ad1609461e9b8a0520f8ea5fcaac3619a859
Status: Scan finished. 1/19 scanners reported malware.
Scan taken on: May 22, 2016 at 6:14:56 PM GMT+2
------------------------------------------------------------------------------------------------------------------------
This file was last analysed by VirusTotal on 2016-04-06 00:24:58 UTC (1 měsíc, 2 týdnyago) it was first analysed by VirusTotal on 2014-10-15 11:23:44 UTC.
Detection ratio: 0/57
You can take a look at the last analysis or analyse it again now.
Size: 172.41kB (176,552 bytes)
Type: PE32 executable (console) Intel 80386, for MS Windows
First seen: October 15, 2014 at 5:47:30 PM GMT+2
MD5: aa3520fb0133a56bee1db34d74dbef64
SHA1: 9008ad1609461e9b8a0520f8ea5fcaac3619a859
Status: Scan finished. 1/19 scanners reported malware.
Scan taken on: May 22, 2016 at 6:14:56 PM GMT+2
------------------------------------------------------------------------------------------------------------------------
This file was last analysed by VirusTotal on 2016-04-06 00:24:58 UTC (1 měsíc, 2 týdnyago) it was first analysed by VirusTotal on 2014-10-15 11:23:44 UTC.
Detection ratio: 0/57
You can take a look at the last analysis or analyse it again now.
Re: Prosím o kontrolu logu
Zkuste virustotal jeste jednou, ale kliknete pak na Reanalyze. Zobrazily se se vam vysledky posledniho testu souboru stejneho nazvu, ale to neni ten vas.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
SHA256: 880d13740c105a1a110ff17da025f597690e6062a7ed2da17b215150b449aae3
File name: java.exe
Detection ratio: 0/56
Analysis date: 2016-05-22 17:58:19 UTC ( 1 minuta ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
File name: java.exe
Detection ratio: 0/56
Analysis date: 2016-05-22 17:58:19 UTC ( 1 minuta ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Re: Prosím o kontrolu logu
Vypada to opravdu na falesny poplach.
Dejte nove logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
Dejte nove logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
Ran by Jiří (administrator) on PC (23-05-2016 13:01:33)
Running from C:\Users\Jiří\Desktop
Loaded Profiles: Jiří (Available Profiles: Jiří)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CompSoft) C:\Program Files (x86)\RimhillEx\RimhillEx.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RimhillEx.lnk [2015-11-03]
ShortcutTarget: RimhillEx.lnk -> C:\Program Files (x86)\RimhillEx\RimhillEx.exe (CompSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{C067CDFC-878A-40FA-94F2-DB38F79D4FF1}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF ProfilePath: C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Extension: Zoom Page - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\zoompage@DW-dev.xpi [2015-03-13] [not signed]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} [not found]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com [not found]
FF Extension: Adblock Plus - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-01] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-22]
CHR Extension: (Dokumenty Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-22]
CHR Extension: (Disk Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-22]
CHR Extension: (YouTube) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-22]
CHR Extension: (uBlock Origin) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-05-22]
CHR Extension: (Tabulky Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-22]
CHR Extension: (Gmail) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-22]
Opera:
=======
OPR StartupUrls: "hxxp://www.google.cz/"
OPR Extension: (uBlock Origin) - C:\Users\Jiří\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-05-21]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2013-06-17] (ABBYY InfoPoisk LLC)
R2 Ghostery Storage Server; C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe [346624 2016-05-21] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-27] (Nitro PDF Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-25] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-23 13:01 - 2016-05-23 13:01 - 00009884 _____ C:\Users\Jiří\Desktop\FRST.txt
2016-05-23 13:01 - 2016-05-23 13:01 - 00000000 ____D C:\FRST
2016-05-23 12:54 - 2016-05-23 12:54 - 02383360 _____ (Farbar) C:\Users\Jiří\Desktop\FRST64.exe
2016-05-22 20:07 - 2016-05-22 20:07 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\QuickScan
2016-05-22 18:04 - 2016-05-22 20:14 - 00000324 _____ C:\DelFix.txt
2016-05-22 17:36 - 2015-11-19 16:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-05-22 16:49 - 2016-01-07 19:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-05-22 16:48 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-22 16:48 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-22 16:48 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-22 16:48 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-22 16:48 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-22 16:48 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-22 16:48 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-22 16:48 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-22 16:48 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-22 16:48 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-22 16:48 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-22 16:48 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-22 16:48 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-22 16:48 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-22 16:48 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-22 16:48 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-22 16:48 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-22 16:48 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-22 16:48 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-22 16:48 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-22 16:48 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-22 16:48 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-22 16:48 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-22 16:48 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-22 16:48 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-22 16:48 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-22 16:48 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-22 16:48 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-22 16:48 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-22 16:48 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-22 16:48 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-22 16:48 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-22 16:48 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-22 16:48 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-22 16:48 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-22 16:48 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-22 16:48 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-22 16:48 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-22 16:48 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-22 16:48 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-22 16:48 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-22 16:48 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-22 16:48 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-22 16:48 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-22 16:48 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-22 16:48 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-22 16:48 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-22 16:48 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-22 16:48 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-22 16:48 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-22 16:48 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-22 16:48 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-22 16:48 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-22 16:48 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-22 16:48 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-22 16:48 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-22 16:48 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-22 16:48 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-22 16:48 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-22 16:48 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-22 16:48 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-22 16:48 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-22 16:48 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-22 16:48 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-22 16:48 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-22 16:48 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-22 16:48 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-22 16:48 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-22 16:48 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-05-22 16:48 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-05-22 16:48 - 2015-12-08 23:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-05-22 16:48 - 2015-12-08 23:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-05-22 16:48 - 2015-12-08 23:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-05-22 16:48 - 2015-12-08 23:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-05-22 16:48 - 2015-12-08 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-05-22 16:48 - 2015-12-08 21:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-05-22 16:48 - 2015-12-08 21:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-05-22 16:48 - 2015-12-08 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-05-22 16:48 - 2015-12-08 21:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-05-22 16:48 - 2015-12-08 20:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-05-22 16:48 - 2015-12-08 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-05-22 16:48 - 2015-12-08 20:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-05-22 16:48 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-22 04:19 - 2016-05-22 13:51 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2016-05-22 04:17 - 2016-05-22 04:17 - 00000000 ____D C:\@RestoreQuarantine
2016-05-22 04:11 - 2016-05-22 04:24 - 00000000 ____D C:\ProgramData\RegRun
2016-05-22 04:06 - 2016-05-22 04:24 - 00000000 ____D C:\Users\Jiří\Documents\RegRun2
2016-05-22 04:06 - 2016-05-22 04:06 - 00000002 RSHOT C:\Windows\winstart.bat
2016-05-22 04:06 - 2016-05-22 04:06 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-05-22 04:06 - 2016-05-22 04:06 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-05-22 03:28 - 2016-05-22 04:04 - 00060536 _____ C:\Users\Jiří\Documents\pinfect.zip
2016-05-22 03:21 - 2016-05-22 03:21 - 00000000 ____D C:\ProgramData\MicroWorld
2016-05-22 03:21 - 2005-09-22 23:22 - 00000522 _____ C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest
2016-05-21 21:25 - 2016-05-22 02:52 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-21 20:54 - 2016-05-21 20:52 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-05-21 19:37 - 2016-05-21 21:31 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Amigo
2016-05-21 18:55 - 2016-05-21 18:55 - 00000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Unity
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\Local\Unity
2016-05-17 19:21 - 2016-05-17 19:21 - 03728153 _____ C:\Users\Jiří\Desktop\jbl_m2_soundandrecording_1214.pdf
2016-05-14 14:12 - 2016-05-14 14:12 - 00286030 _____ C:\Users\Jiří\Desktop\casopis_music_store_-_teoreticke_minimum_o_signalech_pro_systemove_inzenyry_-_1._cast_-_2014-01-27.pdf
2016-05-12 21:46 - 2016-05-12 21:46 - 00633393 _____ C:\Users\Jiří\Desktop\AKUSTICKÁ MĚŘENÍ V REÁLNÉM PROSTŘEDÍ.pdf
2016-05-12 14:47 - 2016-05-12 14:47 - 00666326 _____ C:\Users\Jiří\Desktop\zaklady_akustiky_matucha.pdf
2016-05-09 01:04 - 2016-05-09 01:04 - 00000000 ____D C:\Users\Jiří\AppData\Local\Video Enhancer
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-23 13:00 - 2015-03-24 02:16 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-23 13:00 - 2014-12-27 19:35 - 00000000 __SHD C:\Users\Jiří\IntelGraphicsProfiles
2016-05-23 13:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-23 12:49 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-23 12:49 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-23 12:45 - 2014-12-28 03:49 - 00668768 _____ C:\Windows\system32\perfh005.dat
2016-05-23 12:45 - 2014-12-28 03:49 - 00141428 _____ C:\Windows\system32\perfc005.dat
2016-05-23 12:45 - 2009-07-14 07:13 - 01584138 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-23 12:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-23 04:02 - 2015-03-24 02:16 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-23 02:46 - 2014-12-28 00:05 - 00000000 ____D C:\Users\Jiří\Desktop\Torrents
2016-05-22 21:42 - 2014-12-27 23:37 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\foobar2000
2016-05-22 20:07 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-05-22 16:58 - 2015-01-26 20:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-22 16:31 - 2014-12-27 19:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-22 16:30 - 2015-02-28 01:20 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Adblock Plus for IE
2016-05-22 04:04 - 2015-04-25 19:08 - 00000054 _____ C:\Windows\Lic.xxx
2016-05-21 20:34 - 2015-04-07 15:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-05-21 17:15 - 2015-02-27 20:18 - 00000000 ____D C:\Users\Jiří\Desktop\HiFi
2016-05-13 02:03 - 2015-03-24 02:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 02:03 - 2015-03-24 02:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-11 19:55 - 2015-04-18 17:19 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429370367
2016-05-11 19:55 - 2015-04-18 17:19 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-11 00:57 - 2015-03-24 02:16 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 00:57 - 2015-03-24 02:16 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-24 02:14 - 2016-03-20 23:34 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\CUE Tools
==================== Files in the root of some directories =======
2015-03-15 04:25 - 2015-04-25 16:21 - 0007644 _____ () C:\Users\Jiří\AppData\Local\resmon.resmoncfg
2015-04-18 14:50 - 2015-04-18 14:51 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4141B537-A8C7-492A-9C25-8EE723551956}
2015-09-24 14:21 - 2015-09-24 14:21 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4852063D-1C32-4B24-9BE1-3E56E68EB444}
2015-04-19 00:37 - 2015-04-19 01:03 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-12-27 19:10 - 2014-12-27 19:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-18 15:13
==================== End of FRST.txt ============================
Ran by Jiří (administrator) on PC (23-05-2016 13:01:33)
Running from C:\Users\Jiří\Desktop
Loaded Profiles: Jiří (Available Profiles: Jiří)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CompSoft) C:\Program Files (x86)\RimhillEx\RimhillEx.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RimhillEx.lnk [2015-11-03]
ShortcutTarget: RimhillEx.lnk -> C:\Program Files (x86)\RimhillEx\RimhillEx.exe (CompSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{C067CDFC-878A-40FA-94F2-DB38F79D4FF1}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF ProfilePath: C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Extension: Zoom Page - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\zoompage@DW-dev.xpi [2015-03-13] [not signed]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} [not found]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com [not found]
FF Extension: Adblock Plus - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-01] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-22]
CHR Extension: (Dokumenty Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-22]
CHR Extension: (Disk Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-22]
CHR Extension: (YouTube) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-22]
CHR Extension: (uBlock Origin) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-05-22]
CHR Extension: (Tabulky Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-22]
CHR Extension: (Gmail) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-22]
Opera:
=======
OPR StartupUrls: "hxxp://www.google.cz/"
OPR Extension: (uBlock Origin) - C:\Users\Jiří\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-05-21]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2013-06-17] (ABBYY InfoPoisk LLC)
R2 Ghostery Storage Server; C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe [346624 2016-05-21] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-27] (Nitro PDF Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-25] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-23 13:01 - 2016-05-23 13:01 - 00009884 _____ C:\Users\Jiří\Desktop\FRST.txt
2016-05-23 13:01 - 2016-05-23 13:01 - 00000000 ____D C:\FRST
2016-05-23 12:54 - 2016-05-23 12:54 - 02383360 _____ (Farbar) C:\Users\Jiří\Desktop\FRST64.exe
2016-05-22 20:07 - 2016-05-22 20:07 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\QuickScan
2016-05-22 18:04 - 2016-05-22 20:14 - 00000324 _____ C:\DelFix.txt
2016-05-22 17:36 - 2015-11-19 16:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-05-22 17:36 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-05-22 16:49 - 2016-01-07 19:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-05-22 16:48 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-22 16:48 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-22 16:48 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-22 16:48 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-22 16:48 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-22 16:48 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-22 16:48 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-22 16:48 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-22 16:48 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-22 16:48 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-22 16:48 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-22 16:48 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-22 16:48 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-22 16:48 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-22 16:48 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-22 16:48 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-22 16:48 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-22 16:48 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-22 16:48 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-22 16:48 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-22 16:48 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-22 16:48 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-22 16:48 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-22 16:48 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-22 16:48 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-22 16:48 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-22 16:48 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-22 16:48 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-22 16:48 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-22 16:48 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-22 16:48 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-22 16:48 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-22 16:48 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-22 16:48 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-22 16:48 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-22 16:48 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-22 16:48 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-22 16:48 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-22 16:48 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-22 16:48 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-22 16:48 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-22 16:48 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-22 16:48 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-22 16:48 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-22 16:48 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-22 16:48 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-22 16:48 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-22 16:48 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-22 16:48 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-22 16:48 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-22 16:48 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-22 16:48 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-22 16:48 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-22 16:48 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-22 16:48 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-22 16:48 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-22 16:48 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-22 16:48 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-22 16:48 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-22 16:48 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-22 16:48 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-22 16:48 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-22 16:48 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-22 16:48 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-22 16:48 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-22 16:48 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-22 16:48 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-22 16:48 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-22 16:48 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-05-22 16:48 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-05-22 16:48 - 2015-12-08 23:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-05-22 16:48 - 2015-12-08 23:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-05-22 16:48 - 2015-12-08 23:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-05-22 16:48 - 2015-12-08 23:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-05-22 16:48 - 2015-12-08 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-05-22 16:48 - 2015-12-08 23:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-05-22 16:48 - 2015-12-08 23:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-05-22 16:48 - 2015-12-08 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-05-22 16:48 - 2015-12-08 21:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-05-22 16:48 - 2015-12-08 21:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-05-22 16:48 - 2015-12-08 21:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-05-22 16:48 - 2015-12-08 21:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-05-22 16:48 - 2015-12-08 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-05-22 16:48 - 2015-12-08 21:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-05-22 16:48 - 2015-12-08 20:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-05-22 16:48 - 2015-12-08 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-05-22 16:48 - 2015-12-08 20:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-05-22 16:48 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-22 04:19 - 2016-05-22 13:51 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2016-05-22 04:17 - 2016-05-22 04:17 - 00000000 ____D C:\@RestoreQuarantine
2016-05-22 04:11 - 2016-05-22 04:24 - 00000000 ____D C:\ProgramData\RegRun
2016-05-22 04:06 - 2016-05-22 04:24 - 00000000 ____D C:\Users\Jiří\Documents\RegRun2
2016-05-22 04:06 - 2016-05-22 04:06 - 00000002 RSHOT C:\Windows\winstart.bat
2016-05-22 04:06 - 2016-05-22 04:06 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-05-22 04:06 - 2016-05-22 04:06 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-05-22 03:28 - 2016-05-22 04:04 - 00060536 _____ C:\Users\Jiří\Documents\pinfect.zip
2016-05-22 03:21 - 2016-05-22 03:21 - 00000000 ____D C:\ProgramData\MicroWorld
2016-05-22 03:21 - 2005-09-22 23:22 - 00000522 _____ C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest
2016-05-21 21:25 - 2016-05-22 02:52 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-21 20:54 - 2016-05-21 20:52 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-05-21 19:37 - 2016-05-21 21:31 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Amigo
2016-05-21 18:55 - 2016-05-21 18:55 - 00000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Unity
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\Local\Unity
2016-05-17 19:21 - 2016-05-17 19:21 - 03728153 _____ C:\Users\Jiří\Desktop\jbl_m2_soundandrecording_1214.pdf
2016-05-14 14:12 - 2016-05-14 14:12 - 00286030 _____ C:\Users\Jiří\Desktop\casopis_music_store_-_teoreticke_minimum_o_signalech_pro_systemove_inzenyry_-_1._cast_-_2014-01-27.pdf
2016-05-12 21:46 - 2016-05-12 21:46 - 00633393 _____ C:\Users\Jiří\Desktop\AKUSTICKÁ MĚŘENÍ V REÁLNÉM PROSTŘEDÍ.pdf
2016-05-12 14:47 - 2016-05-12 14:47 - 00666326 _____ C:\Users\Jiří\Desktop\zaklady_akustiky_matucha.pdf
2016-05-09 01:04 - 2016-05-09 01:04 - 00000000 ____D C:\Users\Jiří\AppData\Local\Video Enhancer
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-23 13:00 - 2015-03-24 02:16 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-23 13:00 - 2014-12-27 19:35 - 00000000 __SHD C:\Users\Jiří\IntelGraphicsProfiles
2016-05-23 13:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-23 12:49 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-23 12:49 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-23 12:45 - 2014-12-28 03:49 - 00668768 _____ C:\Windows\system32\perfh005.dat
2016-05-23 12:45 - 2014-12-28 03:49 - 00141428 _____ C:\Windows\system32\perfc005.dat
2016-05-23 12:45 - 2009-07-14 07:13 - 01584138 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-23 12:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-23 04:02 - 2015-03-24 02:16 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-23 02:46 - 2014-12-28 00:05 - 00000000 ____D C:\Users\Jiří\Desktop\Torrents
2016-05-22 21:42 - 2014-12-27 23:37 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\foobar2000
2016-05-22 20:07 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-05-22 16:58 - 2015-01-26 20:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-22 16:31 - 2014-12-27 19:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-22 16:30 - 2015-02-28 01:20 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Adblock Plus for IE
2016-05-22 04:04 - 2015-04-25 19:08 - 00000054 _____ C:\Windows\Lic.xxx
2016-05-21 20:34 - 2015-04-07 15:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-05-21 17:15 - 2015-02-27 20:18 - 00000000 ____D C:\Users\Jiří\Desktop\HiFi
2016-05-13 02:03 - 2015-03-24 02:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 02:03 - 2015-03-24 02:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-11 19:55 - 2015-04-18 17:19 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429370367
2016-05-11 19:55 - 2015-04-18 17:19 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-11 00:57 - 2015-03-24 02:16 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 00:57 - 2015-03-24 02:16 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-24 02:14 - 2016-03-20 23:34 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\CUE Tools
==================== Files in the root of some directories =======
2015-03-15 04:25 - 2015-04-25 16:21 - 0007644 _____ () C:\Users\Jiří\AppData\Local\resmon.resmoncfg
2015-04-18 14:50 - 2015-04-18 14:51 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4141B537-A8C7-492A-9C25-8EE723551956}
2015-09-24 14:21 - 2015-09-24 14:21 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4852063D-1C32-4B24-9BE1-3E56E68EB444}
2015-04-19 00:37 - 2015-04-19 01:03 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-12-27 19:10 - 2014-12-27 19:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-18 15:13
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.rar
- (6.88 KiB) Staženo 44 x
Re: Prosím o kontrolu logu
Nevidim tam zadny antivir, pouzivate nejaky? Napiste mi velikost adresare plochy (C:\Users\Jiří\Plocha) Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} [not found]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com [not found]
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:2E7127D2 [144]
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E [135]
Hosts:
EmptyTemp:
Reboot:
EndKliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Rezidentní antivir prozatím žádný nepoužívám. (V rámci bezpečnosti systému mám nainstalovány MBAM a SAS, občas používám online scanner od Esetu). Velikost adresáře Plocha je 103 GB.
Fix result of Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
Ran by Jiří (2016-05-23 21:35:52) Run:1
Running from C:\Users\Jiří\Desktop
Loaded Profiles: Jiří (Available Profiles: Jiří)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} [not found]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com [not found]
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:2E7127D2 [144]
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E [135]
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} => path removed successfully
C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com => path removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\ProgramData\TEMP => ":2E7127D2" ADS removed successfully.
C:\ProgramData\TEMP => ":ECF54A0E" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 44.9 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 21:35:56 ====
Fix result of Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
Ran by Jiří (2016-05-23 21:35:52) Run:1
Running from C:\Users\Jiří\Desktop
Loaded Profiles: Jiří (Available Profiles: Jiří)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} [not found]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com [not found]
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:2E7127D2 [144]
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E [135]
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} => path removed successfully
C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com => path removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\ProgramData\TEMP => ":2E7127D2" ADS removed successfully.
C:\ProgramData\TEMP => ":ECF54A0E" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 44.9 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 21:35:56 ====
Re: Prosím o kontrolu logu
To je chyba.House43 píše:Rezidentní antivir prozatím žádný nepoužívám.
SAS uz davno neni co byval, MBAM obvykle najde i to co SAS. Ale bez stitu je to nedostatecne.House43 píše:V rámci bezpečnosti systému mám nainstalovány MBAM a SAS
House43 píše:Velikost adresáře Plocha je 103 GB
Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku 
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) vyosek píše:
- Stahnete a spustte
- Ponechte zatrzitkou pouze u volby Remove disinfection tools
- Kliknete na Run
Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)
Defragmentujte disk(y) (SSD Disky ne!)Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak napiste, jak to s pc vypada.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
# DelFix v1.013 - Logfile created 24/05/2016 at 14:09:28
# Updated 17/04/2016 by Xplode
# Username : Jiří - PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\Users\Jiří\Desktop\FRST64.exe
########## - EOF - ##########
-----------------------------------------------------------------------------------------------------------------------
PC se zdá být nyní zcela v pořádku. Dlužno dodat, že ani bezprostředně po napadení malwarem Mail.ru se nechoval nijak nestandartně. Pouze se změnilo již výše zmíněné nastavení i-net. prohlížečů a přibyli nějací zástupci na ploše a hlav. panelu. To jsem vyřešil použitím AdwCleaneru a RogueKilleru. Původní (default) nastavení Chrome jsem obnovil pomocí Chrome Cleanup Tool.
Prac. plochu uklidím, už se na to ostatně chystám delší dobu. Je třeba ale říci, že s ohledem na to, že používám SSD, je PC poměrně dosti svižný. Odinstauji také SAS. CCleaner už používám k plné spokojenosti delší dobu. Stejně tak i Revo Uninstaler Pro. Proto mám také systém celkem v pořádku a nic mě nenutí ho rok co rok přeinstalovávat.
Pokud jde o antivir, jeho pořízení již nějakou dobu zvažuji. Mám však určité obavy z výrazného celkového zpomalení systému, které vyplývá z podstaty fungování rezidentního štítu. Ono je to klasicky něco za něco, jak už to tak bývá. Doporučil byste mi příp. nějaký vhodný (klidně i placený) sw, který by rel. minimálně zatěžoval systém (vč. i-net. komunikace) ?
# Updated 17/04/2016 by Xplode
# Username : Jiří - PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\Users\Jiří\Desktop\FRST64.exe
########## - EOF - ##########
-----------------------------------------------------------------------------------------------------------------------
PC se zdá být nyní zcela v pořádku. Dlužno dodat, že ani bezprostředně po napadení malwarem Mail.ru se nechoval nijak nestandartně. Pouze se změnilo již výše zmíněné nastavení i-net. prohlížečů a přibyli nějací zástupci na ploše a hlav. panelu. To jsem vyřešil použitím AdwCleaneru a RogueKilleru. Původní (default) nastavení Chrome jsem obnovil pomocí Chrome Cleanup Tool.
Prac. plochu uklidím, už se na to ostatně chystám delší dobu. Je třeba ale říci, že s ohledem na to, že používám SSD, je PC poměrně dosti svižný.
Odinstauji také SAS. CCleaner už používám k plné spokojenosti delší dobu. Stejně tak i Revo Uninstaler Pro. Proto mám také systém celkem v pořádku a nic mě nenutí ho rok co rok přeinstalovávat.Pokud jde o antivir, jeho pořízení již nějakou dobu zvažuji. Mám však určité obavy z výrazného celkového zpomalení systému, které vyplývá z podstaty fungování rezidentního štítu. Ono je to klasicky něco za něco, jak už to tak bývá. Doporučil byste mi příp. nějaký vhodný (klidně i placený) sw, který by rel. minimálně zatěžoval systém (vč. i-net. komunikace) ?
Přispějete na provoz fóra?