Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o pomoc s odstraněním malware - Yeabests.cc

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Invite1
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 zář 2016 17:05

Prosím o pomoc s odstraněním malware - Yeabests.cc

#1 Příspěvek od Invite1 »

Dobrý den,

prosím o pomoc s odstraněním malware Yeabests.cc

15.9. jsem instaloval program, který měl v sobě i malware. Od té doby jsem se snažil vyčistit NB pomocí UnhackMe a Malwarebytes, ale minimálně problém s Yeabests.cc odstraněn nebyl. UnhackMe hlásí nalezení odkazů na Yeabests.cc v linkách na Firefox a Chrome a také v samotných firefox.exe a chrome.exe. Fixnutí s UnhackMe spočívá v tom, že odstraní jak linky tak exe soubory. Nicméně po reinstalování firefoxu a chromu se odkazy na Yabests.cc objevují znovu a to i když Firefox ani Chrome nespustím.

Taky si nejsem jistý, jestli tam nazůstaly i další části nějakého malware.

Níže posílám txt log z RSIT.

Děkuji za pomoc.

LOG:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2016-09-28 11:17:24
Microsoft Windows 10 Home
System drive C: has 84 GB (29%) free of 292 GB
Total RAM: 3583 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:26, on 28. 9. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
C:\Program Files\EMET 5.5\EMET_Agent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\UnHackMe\UnHackMe.exe
C:\Program Files\UnHackMe\reanimator.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Users\Michal\Downloads\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Michal\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATILQE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-610 Series"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?')
O4 - HKUS\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?')
O4 - HKUS\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avwebg7.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: CryptoPlus XME Engine Service (xmengine service) - Monet+, a.s. - C:\Windows\system32\xmesrv.exe

--
End of file - 10766 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ Invitation {6A653731-49CD-4528-B955-D80D32A60268}.job - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE /EXE:"{6A653731-49CD-4528-B955-D80D32A60268}" /F:"Invitation"
C:\WINDOWS\tasks\ Invitation {FAE15893-2F17-410F-8540-54360B0B7FCB}.job - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE /EXE:"{FAE15893-2F17-410F-8540-54360B0B7FCB}" /F:"Invitation"
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\EPSON XP-610 Series Invitation {387E95B3-64D8-4A2C-A354-544BAED01062}.job - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE /EXE:"{387E95B3-64D8-4A2C-A354-544BAED01062}" /F:"Invitation"
C:\WINDOWS\tasks\EPSON XP-610 Series Invitation {FAED7BA1-FFB1-4FD8-8B6C-5D038F46AEDD}.job - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE /EXE:"{FAED7BA1-FFB1-4FD8-8B6C-5D038F46AEDD}" /F:"Invitation"
C:\WINDOWS\tasks\EPSON XP-610 Series Update {387E95B3-64D8-4A2C-A354-544BAED01062}.job - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE /EXE:"{387E95B3-64D8-4A2C-A354-544BAED01062}" /F:"Update"
C:\WINDOWS\tasks\EPSON XP-610 Series Update {6A653731-49CD-4528-B955-D80D32A60268}.job - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE /EXE:"{6A653731-49CD-4528-B955-D80D32A60268}" /F:"Update"
C:\WINDOWS\tasks\EPSON XP-610 Series Update {FAE15893-2F17-410F-8540-54360B0B7FCB}.job - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE /EXE:"{FAE15893-2F17-410F-8540-54360B0B7FCB}" /F:"Update"
C:\WINDOWS\tasks\EPSON XP-610 Series Update {FAED7BA1-FFB1-4FD8-8B6C-5D038F46AEDD}.job - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE /EXE:"{FAED7BA1-FFB1-4FD8-8B6C-5D038F46AEDD}" /F:"Update"
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\a33wbcbw.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:blank"

"e-webprint@epson.com"=C:\Program Files\Epson Software\E-Web Print\Firefox Add-on


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.162 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}]
E-Web Print - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31 351728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31 351728]
{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - E-Web Print - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2015-11-10 14476048]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2015-10-27 2980072]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"WrtMon.exe"=C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [2007-07-18 20480]
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"SDTray"=C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]
"avgnt"=C:\Program Files\Avira\Antivirus\avgnt.exe [2016-09-19 830064]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-08-19 60136]
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2016-08-29 1009632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2016-08-17 29544576]
"EPLTarget\P0000000000000000"=C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATILQE.EXE [2013-01-24 260160]
"OneDrive"=C:\Users\Michal\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-09-16 633024]
"EPLTarget\P0000000000000001"=C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATILQE.EXE [2013-01-24 260160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon]
SDWinLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.cvid"=iccvid.dll
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.iv41"=ir41_32.ax

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-09-28 11:13:04 ----D---- C:\Program Files\trend micro
2016-09-28 11:13:03 ----D---- C:\rsit
2016-09-25 02:31:50 ----D---- C:\Users\Michal\AppData\Roaming\7kfans.com
2016-09-25 02:06:37 ----A---- C:\WINDOWS\VDM4FDA.tmp
2016-09-25 02:06:28 ----A---- C:\WINDOWS\VDM2CB1.tmp
2016-09-25 02:04:58 ----A---- C:\WINDOWS\VDMCD2F.tmp
2016-09-25 02:04:50 ----D---- C:\WINDOWS\_ISTMP0.DIR
2016-09-25 01:11:50 ----D---- C:\XPSHARED
2016-09-24 23:30:37 ----D---- C:\Program Files\Microprose
2016-09-24 22:59:42 ----A---- C:\WINDOWS\system32\drivers\VBoxDrv.sys
2016-09-24 22:59:35 ----A---- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2016-09-24 22:59:24 ----D---- C:\Program Files\Oracle
2016-09-24 21:55:25 ----HD---- C:\OneDriveTemp
2016-09-24 20:05:07 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2016-09-24 20:05:07 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2016-09-24 20:05:07 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2016-09-24 20:05:06 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2016-09-24 20:05:06 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2016-09-24 20:05:06 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2016-09-24 20:05:05 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2016-09-24 20:05:04 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2016-09-24 20:05:04 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2016-09-24 20:05:04 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2016-09-24 20:05:02 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2016-09-24 20:05:02 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2016-09-24 20:05:00 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2016-09-24 20:05:00 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2016-09-24 20:05:00 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2016-09-24 20:05:00 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2016-09-24 20:04:59 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2016-09-24 20:04:58 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2016-09-24 20:04:58 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2016-09-24 20:04:57 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2016-09-24 20:04:57 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2016-09-24 20:04:55 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2016-09-24 20:04:55 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2016-09-24 20:04:54 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2016-09-24 20:04:54 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2016-09-24 20:04:54 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2016-09-24 20:04:54 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2016-09-24 20:04:52 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2016-09-24 20:04:52 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2016-09-24 20:04:50 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2016-09-24 20:04:50 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2016-09-24 20:04:49 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2016-09-24 20:04:49 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2016-09-24 20:04:49 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2016-09-24 20:04:47 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2016-09-24 20:04:46 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2016-09-24 20:04:46 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2016-09-24 20:04:45 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2016-09-24 20:04:45 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2016-09-24 20:04:44 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2016-09-24 20:04:43 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2016-09-24 20:04:42 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2016-09-24 20:04:42 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2016-09-24 20:04:41 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2016-09-24 20:04:41 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2016-09-24 20:04:39 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2016-09-24 20:04:39 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2016-09-24 20:04:38 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2016-09-24 20:04:37 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2016-09-24 20:04:37 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2016-09-24 20:04:36 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2016-09-24 20:04:36 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2016-09-24 20:04:35 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2016-09-24 20:04:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2016-09-24 20:04:33 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2016-09-24 20:04:32 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2016-09-24 20:04:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2016-09-24 20:04:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2016-09-24 20:04:30 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2016-09-24 20:04:29 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2016-09-24 20:04:28 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2016-09-24 20:04:28 ----A---- C:\WINDOWS\system32\d3dx10.dll
2016-09-24 20:04:26 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2016-09-24 20:04:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2016-09-24 20:04:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2016-09-24 20:04:25 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2016-09-24 20:04:23 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2016-09-24 20:04:22 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2016-09-24 20:04:22 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2016-09-24 20:04:22 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2016-09-24 20:04:01 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2016-09-24 20:04:01 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2016-09-24 20:04:01 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2016-09-24 20:04:00 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2016-09-24 20:04:00 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2016-09-24 20:03:59 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2016-09-24 20:03:59 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2016-09-24 20:03:58 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2016-09-24 20:03:57 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2016-09-24 03:18:41 ----D---- C:\SIERRA
2016-09-24 03:18:23 ----D---- C:\WINDOWS\solcache
2016-09-24 03:18:23 ----A---- C:\WINDOWS\system32\SNWValid.dll
2016-09-24 03:18:23 ----A---- C:\WINDOWS\system32\SierraNW.dll
2016-09-24 03:13:26 ----D---- C:\WINDOWS\Temporary Internet Files
2016-09-24 03:13:26 ----D---- C:\WINDOWS\History
2016-09-24 03:13:26 ----D---- C:\WINDOWS\COOKIES
2016-09-24 02:39:57 ----D---- C:\Users\Michal\AppData\Roaming\DivX
2016-09-24 02:39:16 ----D---- C:\Program Files\Common Files\DivX Shared
2016-09-24 02:38:21 ----D---- C:\Program Files\DivX
2016-09-24 02:37:44 ----D---- C:\ProgramData\DivX
2016-09-23 23:56:22 ----A---- C:\WINDOWS\uninst.exe
2016-09-23 23:55:14 ----D---- C:\Program Files\Sierra On-Line
2016-09-23 23:52:39 ----A---- C:\WINDOWS\SIERRA.INI
2016-09-23 23:19:37 ----A---- C:\WINDOWS\system32\drivers\SECDRV.SYS
2016-09-20 22:57:32 ----A---- C:\WINDOWS\system32\chml.exe
2016-09-19 23:15:05 ----D---- C:\Program Files\EMET 5.5
2016-09-19 18:07:39 ----D---- C:\ProgramData\Package Cache
2016-09-19 18:07:14 ----D---- C:\Users\Michal\AppData\Roaming\Avira
2016-09-19 18:03:06 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2016-09-19 18:03:04 ----A---- C:\WINDOWS\system32\drivers\avnetflt.sys
2016-09-19 18:03:04 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2016-09-19 18:03:04 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2016-09-19 18:03:04 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2016-09-19 18:02:59 ----D---- C:\Program Files\Avira
2016-09-19 15:47:45 ----D---- C:\Program Files\Common Files\AV
2016-09-19 15:38:42 ----A---- C:\WINDOWS\system32\sdnclean.exe
2016-09-19 15:38:40 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-09-19 15:38:35 ----AD---- C:\Program Files\Spybot - Search & Destroy 2
2016-09-19 13:35:08 ----D---- C:\ProgramData\CPInstall
2016-09-19 11:04:32 ----D---- C:\@RestoreQuarantine
2016-09-19 10:34:46 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2016-09-19 10:33:57 ----D---- C:\ProgramData\Malwarebytes
2016-09-19 10:33:57 ----AD---- C:\Program Files\Malwarebytes Anti-Malware
2016-09-19 10:33:57 ----A---- C:\WINDOWS\system32\drivers\mwac.sys
2016-09-19 10:33:57 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2016-09-19 10:33:57 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\NmaDirect.dll
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\nativemap.dll
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\MosStorage.dll
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\moshostcore.dll
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\MosHostClient.dll
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\moshost.dll
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\mapsupdatetask.dll
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\mapstoasttask.dll
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\MapsCSP.dll
2016-09-17 08:48:11 ----A---- C:\WINDOWS\system32\MapsBtSvc.dll
2016-09-17 08:48:10 ----A---- C:\WINDOWS\system32\PhoneutilRes.dll
2016-09-17 08:48:10 ----A---- C:\WINDOWS\system32\msxml6r.dll
2016-09-17 08:48:10 ----A---- C:\WINDOWS\system32\MapControlStringsRes.dll
2016-09-17 08:48:10 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2016-09-17 08:48:10 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2016-09-17 08:48:10 ----A---- C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-09-17 08:48:09 ----A---- C:\WINDOWS\system32\tzres.dll
2016-09-17 08:48:09 ----A---- C:\WINDOWS\system32\MapsStore.dll
2016-09-17 08:48:09 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2016-09-17 08:48:08 ----A---- C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-09-17 08:48:08 ----A---- C:\WINDOWS\system32\BingMaps.dll
2016-09-17 08:48:07 ----A---- C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-09-17 08:48:07 ----A---- C:\WINDOWS\system32\POSyncServices.dll
2016-09-17 08:48:07 ----A---- C:\WINDOWS\system32\Phoneutil.dll
2016-09-17 08:48:07 ----A---- C:\WINDOWS\system32\PhoneServiceRes.dll
2016-09-17 08:48:07 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2016-09-17 08:48:06 ----A---- C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-09-17 08:48:06 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2016-09-17 08:48:06 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2016-09-17 08:48:05 ----A---- C:\WINDOWS\system32\vbscript.dll
2016-09-17 08:48:05 ----A---- C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-09-17 08:48:05 ----A---- C:\WINDOWS\system32\PhoneProviders.dll
2016-09-17 08:48:04 ----A---- C:\WINDOWS\system32\VCardParser.dll
2016-09-17 08:48:04 ----A---- C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-09-17 08:48:04 ----A---- C:\WINDOWS\system32\UserDataAccessRes.dll
2016-09-17 08:48:04 ----A---- C:\WINDOWS\system32\MapRouter.dll
2016-09-17 08:48:03 ----A---- C:\WINDOWS\system32\NMAA.dll
2016-09-17 08:48:03 ----A---- C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-09-17 08:48:03 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2016-09-17 08:48:02 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-09-17 08:48:01 ----A---- C:\WINDOWS\system32\PhoneService.dll
2016-09-17 08:47:59 ----A---- C:\WINDOWS\system32\mos.dll
2016-09-17 08:47:57 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-09-17 08:47:56 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-17 08:47:55 ----A---- C:\WINDOWS\system32\jsproxy.dll
2016-09-17 08:47:54 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-09-17 08:47:53 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-09-17 08:47:46 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-09-17 08:47:41 ----A---- C:\WINDOWS\system32\mshtmled.dll
2016-09-17 08:47:41 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2016-09-17 08:47:40 ----A---- C:\WINDOWS\system32\msxml6.dll
2016-09-17 08:47:37 ----A---- C:\WINDOWS\system32\wininet.dll
2016-09-17 08:47:35 ----A---- C:\WINDOWS\system32\MosResource.dll
2016-09-17 08:47:31 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-09-17 08:47:26 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-09-17 08:47:17 ----A---- C:\WINDOWS\system32\DbgModel.dll
2016-09-17 08:47:16 ----A---- C:\WINDOWS\system32\dbgeng.dll
2016-09-17 08:47:13 ----A---- C:\WINDOWS\system32\Chakrathunk.dll
2016-09-17 08:47:12 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-09-17 08:47:03 ----A---- C:\WINDOWS\system32\windows.storage.dll
2016-09-17 08:47:01 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2016-09-17 08:47:00 ----A---- C:\WINDOWS\system32\aadtb.dll
2016-09-17 08:46:59 ----A---- C:\WINDOWS\system32\sppsvc.exe
2016-09-17 08:46:58 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-17 08:46:57 ----A---- C:\WINDOWS\system32\wifitask.exe
2016-09-17 08:46:56 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2016-09-17 08:46:56 ----A---- C:\WINDOWS\system32\wificonnapi.dll
2016-09-17 08:46:56 ----A---- C:\WINDOWS\system32\drivers\ClipSp.sys
2016-09-17 08:46:55 ----A---- C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-09-17 08:46:55 ----A---- C:\WINDOWS\system32\SensorDataService.exe
2016-09-17 08:46:55 ----A---- C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-09-17 08:46:52 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-09-17 08:46:52 ----A---- C:\WINDOWS\system32\kerberos.dll
2016-09-17 08:46:49 ----A---- C:\WINDOWS\system32\shell32.dll
2016-09-17 08:46:45 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2016-09-17 08:46:44 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-09-17 08:46:44 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-09-17 08:46:43 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2016-09-17 08:46:38 ----A---- C:\WINDOWS\system32\twinui.dll
2016-09-17 08:46:35 ----A---- C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-17 08:46:34 ----A---- C:\WINDOWS\system32\Windows.Web.Http.dll
2016-09-17 08:46:34 ----A---- C:\WINDOWS\system32\Windows.Networking.dll
2016-09-17 08:46:33 ----A---- C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-09-17 08:46:31 ----A---- C:\WINDOWS\system32\drivers\mrxsmb10.sys
2016-09-17 08:46:30 ----A---- C:\WINDOWS\system32\drivers\srvnet.sys
2016-09-17 08:46:30 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2016-09-17 08:46:30 ----A---- C:\WINDOWS\system32\drivers\srv.sys
2016-09-17 08:46:28 ----A---- C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-09-17 08:46:27 ----A---- C:\WINDOWS\system32\combase.dll
2016-09-17 08:46:25 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-09-17 08:46:23 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-09-17 08:46:20 ----A---- C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-09-17 08:46:20 ----A---- C:\WINDOWS\system32\ContactActivation.dll
2016-09-17 08:46:19 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-09-17 08:46:19 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-09-17 08:46:18 ----A---- C:\WINDOWS\system32\AddressParser.dll
2016-09-17 08:46:17 ----A---- C:\WINDOWS\system32\wmp.dll
2016-09-17 08:46:13 ----A---- C:\WINDOWS\system32\dwmcore.dll
2016-09-17 08:46:06 ----A---- C:\WINDOWS\system32\mfcore.dll
2016-09-17 08:46:05 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2016-09-17 08:46:05 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2016-09-17 08:46:03 ----A---- C:\WINDOWS\system32\ExSMime.dll
2016-09-17 08:45:57 ----A---- C:\WINDOWS\system32\dosvc.dll
2016-09-17 08:45:56 ----A---- C:\WINDOWS\system32\cdd.dll
2016-09-17 08:45:54 ----A---- C:\WINDOWS\system32\WWAHost.exe
2016-09-17 08:45:54 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-09-17 08:45:53 ----A---- C:\WINDOWS\system32\wwansvc.dll
2016-09-17 08:45:53 ----A---- C:\WINDOWS\system32\CredProvDataModel.dll
2016-09-17 08:45:48 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-17 08:45:48 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-17 08:45:48 ----A---- C:\WINDOWS\system32\AppointmentActivation.dll
2016-09-17 08:45:45 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-09-17 08:45:44 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-09-17 08:45:39 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-09-17 08:45:38 ----A---- C:\WINDOWS\system32\MSAJApi.dll
2016-09-17 08:45:37 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-09-17 08:45:36 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2016-09-17 08:45:36 ----A---- C:\WINDOWS\system32\oleaut32.dll
2016-09-17 08:45:35 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2016-09-17 08:45:34 ----A---- C:\WINDOWS\system32\bisrv.dll
2016-09-17 08:45:33 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-17 08:45:32 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2016-09-17 08:45:31 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2016-09-17 08:45:29 ----A---- C:\WINDOWS\system32\setupugc.exe
2016-09-17 08:45:28 ----A---- C:\WINDOWS\system32\mfsvr.dll
2016-09-17 08:45:26 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-09-17 08:45:25 ----A---- C:\WINDOWS\system32\msctf.dll
2016-09-17 08:45:24 ----A---- C:\WINDOWS\system32\wsp_fs.dll
2016-09-17 08:45:22 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-09-17 08:45:21 ----A---- C:\WINDOWS\system32\KernelBase.dll
2016-09-17 08:45:18 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2016-09-17 08:45:17 ----A---- C:\WINDOWS\system32\winmde.dll
2016-09-17 08:45:17 ----A---- C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-09-17 08:45:12 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2016-09-17 08:45:10 ----A---- C:\WINDOWS\system32\mfplat.dll
2016-09-17 08:45:08 ----A---- C:\WINDOWS\system32\mf.dll
2016-09-17 08:45:06 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-09-17 08:45:04 ----A---- C:\WINDOWS\system32\mstscax.dll
2016-09-17 08:44:51 ----A---- C:\WINDOWS\system32\LockAppHost.exe
2016-09-17 08:44:50 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2016-09-17 08:44:49 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-17 08:44:46 ----A---- C:\WINDOWS\system32\wmpmde.dll
2016-09-17 08:44:45 ----A---- C:\WINDOWS\system32\drivers\mrxsmb20.sys
2016-09-17 08:44:44 ----A---- C:\WINDOWS\system32\hevcdecoder.dll
2016-09-17 08:44:42 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2016-09-17 08:44:41 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-09-17 08:44:40 ----A---- C:\WINDOWS\system32\winload.exe
2016-09-17 08:44:40 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-09-17 08:44:38 ----A---- C:\WINDOWS\system32\winresume.exe
2016-09-17 08:44:37 ----A---- C:\WINDOWS\system32\wsp_health.dll
2016-09-17 08:44:37 ----A---- C:\WINDOWS\system32\LogonController.dll
2016-09-17 08:44:37 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2016-09-17 08:44:36 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-09-17 08:44:35 ----A---- C:\WINDOWS\system32\sspicli.dll
2016-09-17 08:44:35 ----A---- C:\WINDOWS\system32\pnidui.dll
2016-09-17 08:44:34 ----A---- C:\WINDOWS\system32\generaltel.dll
2016-09-17 08:44:33 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2016-09-17 08:44:32 ----A---- C:\WINDOWS\system32\CPFilters.dll
2016-09-17 08:44:31 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-09-17 08:44:31 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2016-09-17 08:44:30 ----A---- C:\WINDOWS\system32\ResetEngine.dll
2016-09-17 08:44:30 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-09-17 08:44:27 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-09-17 08:44:27 ----A---- C:\WINDOWS\system32\audiosrv.dll
2016-09-17 08:44:26 ----A---- C:\WINDOWS\system32\aclui.dll
2016-09-17 08:44:25 ----A---- C:\WINDOWS\system32\DMRServer.dll
2016-09-17 08:44:24 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-09-17 08:44:24 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-17 08:44:24 ----A---- C:\WINDOWS\system32\aeinv.dll
2016-09-17 08:44:23 ----A---- C:\WINDOWS\system32\WinTypes.dll
2016-09-17 08:44:23 ----A---- C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-09-17 08:44:22 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2016-09-17 08:44:22 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2016-09-17 08:44:21 ----A---- C:\WINDOWS\system32\drivers\Classpnp.sys
2016-09-17 08:44:21 ----A---- C:\WINDOWS\system32\authui.dll
2016-09-17 08:44:19 ----A---- C:\WINDOWS\system32\ole32.dll
2016-09-17 08:44:18 ----A---- C:\WINDOWS\system32\usercpl.dll
2016-09-17 08:44:18 ----A---- C:\WINDOWS\system32\lsass.exe
2016-09-17 08:44:18 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys
2016-09-17 08:44:17 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-09-17 08:44:17 ----A---- C:\WINDOWS\system32\devinv.dll
2016-09-17 08:44:16 ----A---- C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-17 08:44:16 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-09-17 08:44:16 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-09-17 08:44:15 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-17 08:44:15 ----A---- C:\WINDOWS\system32\win32u.dll
2016-09-17 08:44:15 ----A---- C:\WINDOWS\system32\invagent.dll
2016-09-17 08:44:15 ----A---- C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
2016-09-17 08:44:14 ----A---- C:\WINDOWS\system32\wuauclt.exe
2016-09-17 08:44:13 ----A---- C:\WINDOWS\system32\InputService.dll
2016-09-17 08:44:13 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-09-17 08:44:12 ----A---- C:\WINDOWS\system32\wwanconn.dll
2016-09-17 08:44:12 ----A---- C:\WINDOWS\system32\AudioSes.dll
2016-09-17 08:44:10 ----A---- C:\WINDOWS\system32\csrsrv.dll
2016-09-17 08:44:09 ----A---- C:\WINDOWS\system32\mstsc.exe
2016-09-17 08:44:06 ----A---- C:\WINDOWS\system32\WMPDMC.exe
2016-09-17 08:44:05 ----A---- C:\WINDOWS\system32\MiracastReceiver.dll
2016-09-17 08:44:03 ----A---- C:\WINDOWS\system32\WebcamUi.dll
2016-09-17 08:44:03 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-09-17 08:44:01 ----A---- C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-09-17 08:44:01 ----A---- C:\WINDOWS\system32\ClipboardServer.dll
2016-09-17 08:44:01 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-09-17 08:44:00 ----A---- C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-17 08:44:00 ----A---- C:\WINDOWS\system32\shutdownux.dll
2016-09-17 08:43:59 ----A---- C:\WINDOWS\system32\wwanmm.dll
2016-09-17 08:43:59 ----A---- C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-17 08:43:59 ----A---- C:\WINDOWS\system32\clusapi.dll
2016-09-17 08:43:57 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2016-09-17 08:43:57 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-09-17 08:43:57 ----A---- C:\WINDOWS\system32\SettingSync.dll
2016-09-17 08:43:56 ----A---- C:\WINDOWS\system32\reseteng.dll
2016-09-17 08:43:55 ----A---- C:\WINDOWS\system32\PlayToDevice.dll
2016-09-17 08:43:55 ----A---- C:\WINDOWS\system32\dlnashext.dll
2016-09-17 08:43:54 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-09-17 08:43:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2016-09-17 08:43:52 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-09-17 08:43:52 ----A---- C:\WINDOWS\system32\RTMediaFrame.dll
2016-09-17 08:43:52 ----A---- C:\WINDOWS\system32\qdvd.dll
2016-09-17 08:43:52 ----A---- C:\WINDOWS\system32\PlayToReceiver.dll
2016-09-17 08:43:51 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-17 08:43:51 ----A---- C:\WINDOWS\system32\DscCore.dll
2016-09-17 08:43:49 ----A---- C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-09-17 08:43:49 ----A---- C:\WINDOWS\system32\win32k.sys
2016-09-17 08:43:47 ----A---- C:\WINDOWS\system32\wups2.dll
2016-09-17 08:43:44 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-09-17 08:43:43 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2016-09-17 08:43:43 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2016-09-17 08:43:43 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2016-09-16 12:39:34 ----A---- C:\WINDOWS\system32\drivers\EsgScanner.sys
2016-09-16 10:31:17 ----DC---- C:\WINDOWS\Panther
2016-09-16 10:27:22 ----D---- C:\ProgramData\Microsoft OneDrive
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wwanprotdim.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wpninprc.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wmploc.DLL
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wlansvcpal.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wlansvc.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wlansec.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wlanmsm.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wlanhlp.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wlanapi.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\WiFiConfigSP.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\wfdprov.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\spwmp.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\mfps.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\mfnetcore.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\mfksproxy.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\iesetup.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\iernonce.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\fveapibase.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\fveapi.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\FSClient.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\FrameServer.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\encapi.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\dxmasf.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\drivers\pdc.sys
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\deviceassociation.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\dasHost.exe
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\das.dll
2016-09-16 10:25:25 ----A---- C:\WINDOWS\system32\CloudBackupSettings.dll
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\tsmf.dll
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\provengine.dll
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\mspaint.exe
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\drivers\partmgr.sys
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\ConfigureExpandedStorage.dll
2016-09-16 10:25:20 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-09-16 10:25:19 ----A---- C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-09-16 10:25:19 ----A---- C:\WINDOWS\system32\provtool.exe
2016-09-16 10:25:19 ----A---- C:\WINDOWS\system32\provops.dll
2016-09-16 10:25:19 ----A---- C:\WINDOWS\system32\provdatastore.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\wevtapi.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\w32time.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\usocore.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\tcpipcfg.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\StorSvc.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\StorageUsage.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\ProvPluginEng.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\provisioningcsp.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\provhandlers.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\netiougc.exe
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\KnobsCsp.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\KnobsCore.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\GamePanel.exe
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\domgmt.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\ClipUp.exe
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\C_IS2022.DLL
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\c_GSM7.DLL
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\C_G18030.DLL
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\BcastDVRHelper.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-09-16 10:25:18 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\wuuhext.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\wincorlib.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\WinBioDataModel.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\user32.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\systemreset.exe
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\SysResetErr.exe
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\storagewmi_passthru.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\storagewmi.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\sppcext.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\sppc.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\smphost.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\slcext.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\slc.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\schannel.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\samsrv.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\samlib.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\ResetEngine.exe
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\qmgr.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\pidgenx.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\offlinesam.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\offlinelsa.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\MusNotification.exe
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\mispace.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\mfpmp.exe
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\GenValObj.exe
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\facecredentialprovider.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\DscCoreConfProv.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\drivers\dam.sys
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\delegatorprovider.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\dafpos.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\D3D12.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\container.dll
2016-09-16 10:25:15 ----A---- C:\WINDOWS\system32\CastLaunch.dll
2016-09-16 10:25:14 ----A---- C:\WINDOWS\system32\XblAuthManager.dll
2016-09-16 10:25:14 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-16 10:25:14 ----A---- C:\WINDOWS\system32\drivers\xinputhid.sys
2016-09-16 10:25:14 ----A---- C:\WINDOWS\system32\drivers\usbvideo.sys
2016-09-16 10:25:14 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2016-09-16 10:25:14 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2016-09-16 10:25:14 ----A---- C:\WINDOWS\system32\drivers\hidclass.sys
2016-09-16 10:25:14 ----A---- C:\WINDOWS\system32\drivers\acpi.sys
2016-09-16 10:21:49 ----A---- C:\WINDOWS\system32\prm0009.dll
2016-09-16 10:21:49 ----A---- C:\WINDOWS\system32\NlsLexicons0009.dll
2016-09-16 10:21:49 ----A---- C:\WINDOWS\system32\NlsData0009.dll
2016-09-16 10:20:38 ----D---- C:\WINDOWS\system32\Microsoft
2016-09-16 10:17:07 ----D---- C:\WINDOWS\system32\XPSViewer
2016-09-16 10:17:06 ----D---- C:\Program Files\Reference Assemblies
2016-09-16 10:17:05 ----AD---- C:\Program Files\MSBuild
2016-09-16 10:16:26 ----A---- C:\WINDOWS\system32\TsWpfWrp.exe
2016-09-16 10:16:26 ----A---- C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-09-16 10:16:26 ----A---- C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-09-16 10:16:01 ----A---- C:\WINDOWS\system32\drivers\wof.sys
2016-09-16 10:12:28 ----D---- C:\ProgramData\USOShared
2016-09-16 10:12:14 ----SHD---- C:\Recovery
2016-09-16 09:52:26 ----ASH---- C:\hiberfil.sys
2016-09-16 09:40:39 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2016-09-16 09:36:09 ----D---- C:\Program Files\Elantech
2016-09-16 09:36:04 ----D---- C:\ProgramData\NVIDIA
2016-09-16 09:35:57 ----A---- C:\WINDOWS\system32\nvvsvc.exe
2016-09-16 09:35:57 ----A---- C:\WINDOWS\system32\nvshext.dll
2016-09-16 09:35:56 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2016-09-16 09:35:56 ----A---- C:\WINDOWS\system32\nvsvc.dll
2016-09-16 09:35:56 ----A---- C:\WINDOWS\system32\nvmctray.dll
2016-09-16 09:35:56 ----A---- C:\WINDOWS\system32\nvcpl.dll
2016-09-16 09:35:53 ----HD---- C:\Program Files\Uninstall Information
2016-09-16 09:35:38 ----D---- C:\ProgramData\NVIDIA Corporation
2016-09-16 09:35:31 ----D---- C:\Program Files\NVIDIA Corporation
2016-09-16 09:35:07 ----D---- C:\WINDOWS\system32\SRSLabs
2016-09-16 09:35:02 ----D---- C:\Program Files\Realtek
2016-09-16 09:35:01 ----D---- C:\WINDOWS\system32\RTCOM
2016-09-16 09:34:28 ----AS---- C:\WINDOWS\bootstat.dat
2016-09-16 09:33:49 ----D---- C:\WINDOWS\Prefetch
2016-09-16 09:33:04 ----D---- C:\WINDOWS\system32\SleepStudy
2016-09-16 09:33:04 ----D---- C:\WINDOWS\ServiceProfiles
2016-09-16 09:32:43 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-16 08:31:51 ----A---- C:\WINDOWS\system32\drivers\regguard.sys
2016-09-15 23:58:58 ----A---- C:\WINDOWS\is-C2PSL.exe
2016-09-15 23:39:15 ----D---- C:\ProgramData\Canneverbe Limited
2016-09-15 23:39:07 ----D---- C:\Users\Michal\AppData\Roaming\Canneverbe Limited
2016-09-15 23:39:05 ----AD---- C:\Program Files\CDBurnerXP
2016-09-15 21:03:09 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2016-09-15 20:25:44 ----D---- C:\ProgramData\RegRun
2016-09-15 20:24:00 ----RASHOT---- C:\WINDOWS\winstart.bat
2016-09-15 20:24:00 ----A---- C:\WINDOWS\system32\drivers\Partizan.sys
2016-09-15 20:23:21 ----A---- C:\WINDOWS\system32\partizan.exe
2016-09-15 20:23:21 ----A---- C:\WINDOWS\system32\drivers\UnHackMeDrv.sys
2016-09-15 20:23:17 ----AD---- C:\Program Files\UnHackMe
2016-09-15 18:30:49 ----D---- C:\Program Files\żěŃą
2016-09-15 18:26:46 ----D---- C:\ProgramData\Avira
2016-09-15 18:26:43 ----D---- C:\ProgramData\Avg
2016-09-15 18:26:23 ----D---- C:\ProgramData\AVAST Software
2016-09-15 18:22:35 ----D---- C:\Users\Michal\AppData\Roaming\Profiles
2016-09-15 18:09:33 ----D---- C:\Users\Michal\AppData\Roaming\Softlink
2016-09-15 17:52:46 ----A---- C:\Users\Michal\AppData\Roaming\Main.dat
2016-09-15 17:52:46 ----A---- C:\Users\Michal\AppData\Roaming\agent.dat
2016-09-15 17:51:10 ----A---- C:\Users\Michal\AppData\Roaming\Installer.dat
2016-09-15 17:29:38 ----D---- C:\Program Files\Eidos Interactive
2016-09-15 16:46:37 ----D---- C:\Program Files\Zoo Digital Publishing
2016-09-15 15:35:18 ----D---- C:\HRY
2016-09-14 17:18:14 ----D---- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
2016-09-14 17:17:16 ----D---- C:\ProgramData\DAEMON Tools Lite
2016-09-12 18:36:22 ----A---- C:\WINDOWS\system32\drivers\VBoxNetLwf.sys
2016-09-12 18:36:22 ----A---- C:\WINDOWS\system32\drivers\VBoxNetAdp6.sys
2016-09-12 00:07:14 ----D---- C:\Program Files\DOSBox-0.74

======List of files/folders modified in the last 1 month======

2016-09-28 11:16:47 ----D---- C:\WINDOWS\Temp
2016-09-28 11:15:32 ----SHD---- C:\System Volume Information
2016-09-28 11:13:04 ----RD---- C:\Program Files
2016-09-28 11:07:00 ----D---- C:\WINDOWS\system32\sru
2016-09-28 09:41:01 ----HD---- C:\Program Files\WindowsApps
2016-09-28 09:41:01 ----D---- C:\WINDOWS\AppReadiness
2016-09-28 02:41:32 ----RD---- C:\WINDOWS\Microsoft.NET
2016-09-28 02:18:51 ----D---- C:\Program Files\Mozilla Maintenance Service
2016-09-28 02:18:39 ----AD---- C:\Program Files\Mozilla Firefox
2016-09-28 01:58:09 ----D---- C:\WINDOWS\System32
2016-09-28 01:56:22 ----D---- C:\WINDOWS\system32\CatRoot
2016-09-28 01:55:16 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2016-09-28 01:48:34 ----D---- C:\WINDOWS\system32\catroot2
2016-09-27 15:25:02 ----D---- C:\WINDOWS\system32\FxsTmp
2016-09-26 14:20:35 ----HD---- C:\ProgramData
2016-09-25 02:07:31 ----D---- C:\Windows
2016-09-24 23:00:15 ----SHD---- C:\WINDOWS\Installer
2016-09-24 23:00:03 ----D---- C:\WINDOWS\system32\drivers
2016-09-24 23:00:01 ----D---- C:\WINDOWS\system32\DriverStore
2016-09-24 23:00:00 ----D---- C:\WINDOWS\INF
2016-09-24 22:59:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2016-09-24 22:01:06 ----D---- C:\WINDOWS\system32\Tasks
2016-09-24 21:45:54 ----D---- C:\WINDOWS\system32\WDI
2016-09-24 21:16:46 ----D---- C:\WINDOWS\Help
2016-09-24 20:04:22 ----RSD---- C:\WINDOWS\assembly
2016-09-24 20:03:27 ----D---- C:\WINDOWS\Logs
2016-09-24 19:39:10 ----AD---- C:\Program Files\Mozilla Thunderbird
2016-09-24 02:39:16 ----D---- C:\Program Files\Common Files
2016-09-23 19:11:07 ----D---- C:\WINDOWS\system32\config
2016-09-23 11:49:27 ----D---- C:\WINDOWS\WinSxS
2016-09-23 10:13:30 ----D---- C:\WINDOWS\CbsTemp
2016-09-21 06:00:01 ----D---- C:\WINDOWS\system32\LogFiles
2016-09-21 02:32:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-20 19:01:13 ----D---- C:\WINDOWS\Tasks
2016-09-20 06:02:57 ----D---- C:\WINDOWS\rescache
2016-09-19 23:50:45 ----D---- C:\WINDOWS\Speech
2016-09-19 23:50:45 ----D---- C:\WINDOWS\PolicyDefinitions
2016-09-19 23:26:50 ----AC---- C:\WINDOWS\system32\MRT.exe
2016-09-19 23:15:06 ----D---- C:\WINDOWS\apppatch
2016-09-19 20:58:53 ----D---- C:\Program Files\Opera
2016-09-19 20:58:44 ----D---- C:\Users\Michal\AppData\Roaming\Opera Software
2016-09-19 15:38:50 ----SD---- C:\ProgramData\Microsoft
2016-09-19 10:41:16 ----RD---- C:\Users
2016-09-19 09:30:55 ----D---- C:\WINDOWS\debug
2016-09-19 08:30:06 ----D---- C:\ProgramData\Skype
2016-09-19 08:29:56 ----RD---- C:\Program Files\Skype
2016-09-19 08:20:52 ----D---- C:\WINDOWS\system32\zh-TW
2016-09-19 08:20:52 ----D---- C:\WINDOWS\system32\zh-HK
2016-09-19 08:20:52 ----D---- C:\WINDOWS\system32\zh-CN
2016-09-19 08:20:52 ----D---- C:\WINDOWS\system32\uk-UA
2016-09-19 08:20:52 ----D---- C:\WINDOWS\system32\tr-TR
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\th-TH
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\sv-SE
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\sr-Latn-RS
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\sr-Latn-CS
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\sl-SI
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\sk-SK
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\ru-RU
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\ro-RO
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\pt-PT
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\pt-BR
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\pl-PL
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\oobe
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\nl-NL
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\nb-NO
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\lv-LV
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\lt-LT
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\ko-KR
2016-09-19 08:20:51 ----D---- C:\WINDOWS\system32\ja-JP
2016-09-19 08:20:50 ----SD---- C:\WINDOWS\system32\dsc
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\it-IT
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\hu-HU
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\hr-HR
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\he-IL
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\fr-FR
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\fr-CA
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\fi-FI
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\et-EE
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\es-MX
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\es-ES
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\en-US
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\en-GB
2016-09-19 08:20:50 ----D---- C:\WINDOWS\system32\el-GR
2016-09-19 08:20:49 ----D---- C:\WINDOWS\system32\Dism
2016-09-19 08:20:49 ----D---- C:\WINDOWS\system32\de-DE
2016-09-19 08:20:49 ----D---- C:\WINDOWS\system32\da-DK
2016-09-19 08:20:49 ----D---- C:\WINDOWS\system32\cs-CZ
2016-09-19 08:20:49 ----D---- C:\WINDOWS\system32\Boot
2016-09-19 08:20:49 ----D---- C:\WINDOWS\system32\bg-BG
2016-09-19 08:20:49 ----D---- C:\WINDOWS\system32\ar-SA
2016-09-19 08:20:49 ----D---- C:\WINDOWS\system32\appraiser
2016-09-19 08:20:38 ----D---- C:\WINDOWS\ShellExperiences
2016-09-19 08:20:36 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-09-19 08:20:36 ----RD---- C:\Program Files\Windows Defender
2016-09-19 08:20:36 ----D---- C:\WINDOWS\Provisioning
2016-09-19 08:20:36 ----D---- C:\Program Files\Windows Media Player
2016-09-19 08:20:36 ----D---- C:\Program Files\Internet Explorer
2016-09-17 08:30:56 ----D---- C:\WINDOWS\appcompat
2016-09-16 12:30:49 ----D---- C:\Program Files\Google
2016-09-16 11:09:22 ----D---- C:\WINDOWS\system32\restore
2016-09-16 10:26:14 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2016-09-16 10:26:14 ----D---- C:\WINDOWS\system32\migration
2016-09-16 10:17:07 ----D---- C:\WINDOWS\system32\MUI
2016-09-16 10:17:06 ----D---- C:\WINDOWS\System
2016-09-16 10:17:01 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2016-09-16 10:17:01 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2016-09-16 10:17:01 ----A---- C:\WINDOWS\system32\dplayx.dll
2016-09-16 10:17:01 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2016-09-16 10:16:58 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2016-09-16 10:16:58 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2016-09-16 10:16:58 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2016-09-16 10:16:58 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2016-09-16 10:16:58 ----A---- C:\WINDOWS\system32\dpnet.dll
2016-09-16 10:16:58 ----A---- C:\WINDOWS\system32\dpnathlp.dll
2016-09-16 10:16:58 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2016-09-16 10:16:56 ----A---- C:\WINDOWS\system32\typelib.dll
2016-09-16 10:16:56 ----A---- C:\WINDOWS\system32\storage.dll
2016-09-16 10:16:56 ----A---- C:\WINDOWS\system32\ole2nls.dll
2016-09-16 10:16:56 ----A---- C:\WINDOWS\system32\ole2disp.dll
2016-09-16 10:16:56 ----A---- C:\WINDOWS\system32\ole2.dll
2016-09-16 10:16:56 ----A---- C:\WINDOWS\system32\compobj.dll
2016-09-16 10:16:54 ----A---- C:\WINDOWS\winhelp.exe
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\win.com
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\WIFEMAN.DLL
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\ver.dll
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\USER.EXE
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\TOOLHELP.DLL
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\sysedit.exe
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\SHELL.DLL
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\pmspl.dll
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\OLESVR.DLL
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\ntvdm.exe
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\mem.exe
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\lzexpand.dll
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\KB16.COM
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\GRAPHICS.COM
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\graftabl.com
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\GDI.EXE
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\edit.com
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\debug.exe
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\DDEML.DLL
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\COMMDLG.DLL
2016-09-16 10:16:54 ----A---- C:\WINDOWS\system32\COMMAND.COM
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\WINNLS.DLL
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\win87em.dll
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\vdmredir.dll
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\setver.exe
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\olecli.dll
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\netapi.dll
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\MMSYSTEM.DLL
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\krnl386.exe
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\exe2bin.exe
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\edlin.exe
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\DRWATSON.EXE
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\dosx.exe
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\ctl3dv2.dll
2016-09-16 10:16:53 ----A---- C:\WINDOWS\system32\append.exe
2016-09-16 10:12:28 ----D---- C:\ProgramData\USOPrivate
2016-09-16 10:12:15 ----D---- C:\Program Files\Windows NT
2016-09-16 10:11:34 ----D---- C:\WINDOWS\SoftwareDistribution
2016-09-16 10:08:59 ----D---- C:\WINDOWS\Registration
2016-09-16 10:08:56 ----RSD---- C:\WINDOWS\Fonts
2016-09-16 10:08:56 ----D---- C:\WINDOWS\system32\WinBioDatabase
2016-09-16 10:08:56 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2016-09-16 10:01:29 ----D---- C:\WINDOWS\Media
2016-09-16 10:01:03 ----D---- C:\WINDOWS\system32\drivers\etc
2016-09-16 09:57:38 ----D---- C:\WINDOWS\system32\wbem
2016-09-16 09:51:22 ----D---- C:\WINDOWS\ShellNew
2016-09-16 09:50:06 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-09-16 09:46:12 ----D---- C:\WINDOWS\twain_32
2016-09-16 09:46:09 ----D---- C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-09-16 09:46:09 ----D---- C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-09-16 09:46:08 ----D---- C:\WINDOWS\system32\spool
2016-09-16 09:46:00 ----D---- C:\WINDOWS\system32\NDF
2016-09-16 09:46:00 ----D---- C:\WINDOWS\system32\Macromed
2016-09-16 09:45:59 ----D---- C:\WINDOWS\system32\InputMethod
2016-09-16 09:45:51 ----D---- C:\WINDOWS\system32\color
2016-09-16 09:45:08 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2016-09-16 09:44:57 ----D---- C:\WINDOWS\OCR
2016-09-16 09:44:54 ----D---- C:\WINDOWS\InputMethod
2016-09-16 09:44:29 ----D---- C:\Program Files\Windows Mail
2016-09-16 09:44:24 ----D---- C:\Program Files\Common Files\System
2016-09-16 09:44:24 ----AD---- C:\Program Files\Common Files\microsoft shared
2016-09-16 09:43:52 ----D---- C:\WINDOWS\system32\Recovery
2016-09-16 09:43:03 ----D---- C:\WINDOWS\system32\CodeIntegrity
2016-09-16 09:39:46 ----D---- C:\WINDOWS\system32\Sysprep
2016-09-16 09:36:52 ----RD---- C:\WINDOWS\PrintDialog
2016-09-16 09:36:51 ----RD---- C:\WINDOWS\MiracastView
2016-09-15 17:30:47 ----HD---- C:\Program Files\InstallShield Installation Information
2016-09-15 17:28:46 ----D---- C:\Program Files\Common Files\InstallShield
2016-09-14 10:04:31 ----D---- C:\WINDOWS\system32\MRT
2016-09-08 16:44:23 ----AD---- C:\eKonto
2016-09-07 18:32:38 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-07-16 38240]
R0 nvstor32;nvstor32; C:\WINDOWS\System32\drivers\nvstor32.sys [2009-07-30 213024]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2016-08-18 149760]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2016-08-18 44208]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 77312]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 7680]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2016-08-18 120968]
R2 avnetflt;avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [2016-08-18 66872]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 58368]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 37376]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2013-04-30 5120]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 62976]
R3 athr;@netathr.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athwn.sys [2016-07-16 3228672]
R3 BazisVirtualCDBus;@oem23.inf,%dev.SVCDESC%;WinCDEmu Virtual Bus Driver; C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys [2015-09-28 121688]
R3 ETD;@oem29.inf,%PS2DeviceDesc%;ELAN Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2015-10-27 407128]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHDA.sys [2015-11-10 3595536]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2016-03-10 24448]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2016-09-28 170200]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2016-03-10 53120]
R3 MTsensor;@oem22.inf,%ATKACPI.DisplayName%;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\drivers\ATKACPI.sys [2007-07-31 7680]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2015-11-20 10715832]
R3 rt640x86;@rt640x86.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x86.sys [2016-07-16 494080]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 89952]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 85856]
S0 Partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys [2016-09-15 40304]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 51552]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 54624]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 26976]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 12800]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 12288]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 8192]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 27648]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-07-16 97280]
S3 EsgScanner;EsgScanner; C:\WINDOWS\system32\DRIVERS\EsgScanner.sys [2016-09-16 19984]
S3 GemCCID;GemCCID; C:\WINDOWS\system32\DRIVERS\GemCCID.sys [2015-07-10 108656]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 17920]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpio.sys [2016-07-16 22016]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 38240]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 25600]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 66560]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2c.sys [2016-07-16 61936]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 30208]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 94720]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 62976]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 RegGuard;RegGuard; \??\C:\WINDOWS\system32\Drivers\regguard.sys [2016-09-21 24416]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-07-16 68608]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 76800]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-07-16 35840]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2016-07-16 33280]
S3 Ufx01000;USB Function Class Extension; C:\WINDOWS\system32\drivers\ufx01000.sys [2016-07-16 205152]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-07-16 75616]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-07-16 107360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 UrsCx01000;USB Role-Switch Support Library; C:\WINDOWS\system32\drivers\urscx01000.sys [2016-07-16 42336]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urschipidea.sys [2016-07-16 22880]
S3 UrsSynopsys;@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-07-16 21856]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-09-08 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\Antivirus\avguard.exe [2016-09-19 470600]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\Antivirus\sched.exe [2016-09-19 470600]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-08-19 324304]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 CDPUserSvc_72480;CDPUserSvc_72480; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 EMET_Service;Microsoft EMET Service; C:\Program Files\EMET 5.5\EMET_Service.exe [2016-01-29 33960]
R2 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc.exe [2012-05-17 126128]
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2015-10-27 124648]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2015-10-13 670512]
R2 OneSyncSvc_72480;Hostitel synchronizace_72480; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [2015-11-10 274192]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-08-29 414496]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
R3 PimIndexMaintenanceSvc_72480;Data kontaktů_72480; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 UnistoreSvc_72480;Úložiště uživatelských dat_72480; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\Antivirus\avmailc7.exe [2016-09-19 989696]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\Antivirus\avwebg7.exe [2016-09-19 1454720]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-16 153752]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2016-07-25 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14 270016]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 BrYNSvc;BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [2012-10-26 282112]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 69632]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-16 153752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-13 136120]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 MessagingService_72480;Služba zasílání zpráv_72480; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-09-22 172488]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-09-07 894976]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-07-16 253440]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]

-----------------EOF-----------------

Log:
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7262
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#2 Příspěvek od altrok »

Krasny den Vam preju :bye:


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan (Skenovani), pote na Cleaning (Cisteni)
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Invite1
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 zář 2016 17:05

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#3 Příspěvek od Invite1 »

Dobrý den,

děkuji, níže posílám log z AdwCleaner:

# AdwCleaner v6.020 - Log soubor vytvořen 28/09/2016 na 21:22:02
# Aktualizováno dne 14/09/2016 z ToolsLib
# Databáze : 2016-09-28.1 [Server]
# Operační systém : Windows 10 Home (X86)
# Uživatelské jméno : Michal - MICHAL_CIKRYT
# Beží od : C:\Users\Michal\Downloads\adwcleaner_6.020.exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum



***** [ Služby ] *****



***** [ Adresáře ] *****

[-] Adresář smazán:C:\Users\Michal\AppData\Roaming\Softlink
[-] Adresář smazán:C:\Users\Michal\AppData\Local\app


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupce ] *****

[-] Zástupce dezinfikován:C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce dezinfikován:C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Zástupce dezinfikován:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce dezinfikován:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce dezinfikován:C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk


***** [ Plánovač úloh ] *****



***** [ Registry ] *****

[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML
[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Klíč smazán:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Klíč smazán:HKLM\SOFTWARE\Classes\PCSuiteContactsView
[-] Klíč smazán:HKLM\SOFTWARE\Classes\PCSuiteMessagesView
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{34B3C588-D06C-4F92-929C-2C3A0BC7F821}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\Installer
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\MICROSOFT\OTUT
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\UCBrowser
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\UCBrowserPID
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\AutoTime
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\SNDA
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\Maoha
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Installer
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MICROSOFT\OTUT
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\UCBrowser
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\UCBrowserPID
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AutoTime
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SNDA
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Maoha
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Installer
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\MICROSOFT\OTUT
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\UCBrowser
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\UCBrowserPID
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\AutoTime
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\SNDA
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Maoha
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Installer
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\MICROSOFT\OTUT
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\UCBrowser
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\UCBrowserPID
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\AutoTime
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\SNDA
[-] Klíč smazán:HKU\S-1-5-21-1644376603-1512953597-3634974712-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Maoha
[#] Klíč smazán po restartování:HKCU\Software\Installer
[#] Klíč smazán po restartování:HKCU\Software\MICROSOFT\OTUT
[#] Klíč smazán po restartování:HKCU\Software\UCBrowser
[#] Klíč smazán po restartování:HKCU\Software\UCBrowserPID
[#] Klíč smazán po restartování:HKCU\Software\AutoTime
[#] Klíč smazán po restartování:HKCU\Software\SNDA
[#] Klíč smazán po restartování:HKCU\Software\Maoha
[-] Klíč smazán:HKLM\SOFTWARE\UCBrowser
[-] Klíč smazán:HKLM\SOFTWARE\UCBrowserPID
[-] Klíč smazán:HKLM\SOFTWARE\Maoha
[-] Klíč smazán:HKLM\SOFTWARE\ComputerZ
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
[-] Hodnota smazána:HKLM\SOFTWARE\RegisteredApplications [UCBrowser]
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL


***** [ Prohlížeče ] *****

[-] [C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazání:bopakagnckmlgajfccecajhnimjiiedh


*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9568 Bajtů] - [28/09/2016 21:22:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [9930 Bajtů] - [28/09/2016 21:20:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9716 Bajtů] ##########
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7262
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#4 Příspěvek od altrok »

:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Invite1
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 zář 2016 17:05

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#5 Příspěvek od Invite1 »

FRST log přesahuje povolený max. počet znaků, takže jej rozděluji na 2 odpovědi:

FRST část1:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2016
Ran by Michal (administrator) on MICHAL_CIKRYT (29-09-2016 23:44:46)
Running from C:\Users\Michal\Downloads
Loaded Profiles: Michal (Available Profiles: Michal)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Monet+, a.s.) C:\Windows\System32\xmesrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\EMET 5.5\EMET_Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\EMET 5.5\EMET_Agent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(Greatis Software) C:\Program Files\UnHackMe\hackmon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILQE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILQE.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Farbar) C:\Users\Michal\Downloads\FRST (1).exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14476048 2015-11-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2980072 2015-10-27] (ELAN Microelectronics Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2007-07-18] ()
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [830064 2016-09-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1009632 2016-08-29] (DivX, LLC)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATILQE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATILQE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {310a704f-82b0-11e6-9783-00261872d52f} - "W:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {310a7d5a-82b0-11e6-9783-00261872d52f} - "W:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {4b7b8046-8288-11e6-9783-00261872d52f} - "X:\Defender_of_the_Crown.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {4b7b898e-8288-11e6-9783-00261872d52f} - "G:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {4b7b905b-8288-11e6-9783-00261872d52f} - "V:\AutoPlay.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {557117d2-81b1-11e6-9783-00261872d52f} - "V:\autorun.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {86fd7ec8-8281-11e6-9783-00261872d52f} - "X:\Defender_of_the_Crown.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {9ccb60f0-81e8-11e6-9783-00261872d52f} - "V:\AutoPlay.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {aa237d99-81e1-11e6-9783-00261872d52f} - "W:\setup.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {ba9e9f59-81d3-11e6-9783-00261872d52f} - "W:\setup.EXE" /autorun
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {ba9eaa41-81d3-11e6-9783-00261872d52f} - "V:\autorun.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {c400481b-828e-11e6-9783-00261872d52f} - "W:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {d540219b-76ef-11e4-9719-806e6f6e6963} - "D:\menu.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {f564299f-81cc-11e6-9783-00261872d52f} - "W:\stub.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {f5643007-81cc-11e6-9783-00261872d52f} - "X:\stub.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {f5643b81-81cc-11e6-9783-00261872d52f} - "X:\setup.EXE" /autorun
BootExecute: autocheck autochk * sdnclean.exePartizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.1.10 172.20.1.20
Tcpip\..\Interfaces\{36A36736-09CA-412D-94B8-11F8F4AD149E}: [DhcpNameServer] 100.100.100.201 100.100.100.200
Tcpip\..\Interfaces\{ae85742c-1407-48d3-a4a4-1867a12ff500}: [DhcpNameServer] 172.20.1.10 172.20.1.20

Internet Explorer:
==================
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1644376603-1512953597-3634974712-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1644376603-1512953597-3634974712-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\a33wbcbw.default
FF NewTab:
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2016-09-06] (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1644376603-1512953597-3634974712-1001: @servis24.cz/PKIComponent -> C:\Users\Michal\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll [2016-03-26] (Česká spořitelna, a.s.)
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2016-02-04] [not signed]

Chrome:
=======
CHR HomePage: ChromeDefaultData -> about:blank
CHR StartupUrls: ChromeDefaultData -> "about:blank"
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-09-21] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-15]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-15]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-15]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-15]
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default [2016-09-21]
CHR Extension: (Prezentace Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Dokumenty Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-09-19]
CHR Extension: (Tabulky Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2016-09-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [989696 2016-09-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [470600 2016-09-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [470600 2016-09-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1454720 2016-09-19] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 EMET_Service; C:\Program Files\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [124648 2015-10-27] (ELAN Microelectronics Corp.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [274192 2015-11-10] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
R2 xmengine service; C:\Windows\system32\xmesrv.exe [34696 2014-11-25] (Monet+, a.s.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athwn.sys [3228672 2016-07-16] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [120968 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [149760 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44208 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [66872 2016-08-18] (Avira Operations GmbH & Co. KG)
R3 BazisVirtualCDBus; C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys [121688 2015-09-28] (Sysprogs OU)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-09-16] ()
R3 ETD; C:\WINDOWS\system32\DRIVERS\ETD.sys [407128 2015-10-27] (ELAN Microelectronics Corp.)
S3 GemCCID; C:\WINDOWS\system32\DRIVERS\GemCCID.sys [108656 2015-07-10] (Gemalto)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-09-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\drivers\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
U0 Partizan; C:\WINDOWS\System32\drivers\Partizan.sys [40304 2016-09-15] (Greatis Software)
S3 RegGuard; C:\WINDOWS\system32\Drivers\regguard.sys [24416 2016-09-21] (Greatis Software)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2016-07-16] (Realtek )
R2 SecDrv; C:\WINDOWS\system32\drivers\SECDRV.SYS [11376 2016-09-23] () [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-30] (Samsung Electronics) [File not signed]
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [104568 2016-09-12] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [169016 2016-09-12] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S0 iaStorV; System32\drivers\iaStorV.sys [X]
Přílohy
Addition.rar
odkaz na FRST lanuncher je neplatný, takže je to staženo bez něj.
(11.93 KiB) Staženo 49 x
Nahoru
Invite1
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 zář 2016 17:05

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#6 Příspěvek od Invite1 »

FRST část2:

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-29 23:44 - 2016-09-29 23:45 - 00021571 _____ C:\Users\Michal\Downloads\FRST.txt
2016-09-29 23:43 - 2016-09-29 23:44 - 00000000 ____D C:\FRST
2016-09-29 23:42 - 2016-09-29 23:42 - 01754624 _____ (Farbar) C:\Users\Michal\Downloads\FRST (1).exe
2016-09-28 21:18 - 2016-09-28 21:22 - 00000000 ____D C:\AdwCleaner
2016-09-28 21:16 - 2016-09-28 21:18 - 03861056 _____ C:\Users\Michal\Downloads\adwcleaner_6.020.exe
2016-09-28 11:13 - 2016-09-28 11:17 - 00000000 ____D C:\Program Files\trend micro
2016-09-28 11:13 - 2016-09-28 11:14 - 00000000 ____D C:\rsit
2016-09-28 11:10 - 2016-09-28 11:10 - 01107968 _____ C:\Users\Michal\Downloads\RSIT.exe
2016-09-28 02:22 - 2016-09-29 23:44 - 00001541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-28 02:22 - 2016-09-29 23:44 - 00001529 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-28 02:20 - 2016-09-28 02:20 - 01065376 _____ (Google Inc.) C:\Users\Michal\Downloads\ChromeSetup (2).exe
2016-09-28 02:18 - 2016-09-29 23:44 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-28 02:18 - 2016-09-29 23:44 - 00001118 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-28 02:17 - 2016-09-28 02:18 - 43403280 _____ C:\Users\Michal\Downloads\Firefox Setup 49.0.1.exe
2016-09-27 09:45 - 2016-09-27 09:45 - 00010587 _____ C:\Users\Michal\Downloads\GO Sept 2016.xlsx
2016-09-27 09:40 - 2016-09-27 09:40 - 00065518 _____ C:\Users\Michal\Downloads\noname (7).eml
2016-09-27 09:39 - 2016-09-27 09:39 - 00010800 _____ C:\Users\Michal\Downloads\noname (6).eml
2016-09-27 09:30 - 2016-09-27 09:30 - 00134434 _____ C:\Users\Michal\Downloads\JOBS 2016-09-27.xlsx
2016-09-26 17:52 - 2016-09-26 17:52 - 00129353 _____ C:\Users\Michal\Downloads\403727006_0_Vyrozumění o právní moci exekučního příkazu.pdf
2016-09-26 17:49 - 2016-09-26 17:49 - 00554650 _____ C:\Users\Michal\Downloads\Doklad_2142652252.pdf
2016-09-26 16:37 - 2016-09-26 16:37 - 00010800 _____ C:\Users\Michal\Downloads\noname (5).eml
2016-09-26 16:36 - 2016-09-26 16:36 - 00065518 _____ C:\Users\Michal\Downloads\noname (4).eml
2016-09-26 16:31 - 2016-09-26 16:31 - 00010800 _____ C:\Users\Michal\Downloads\noname (3).eml
2016-09-26 16:28 - 2016-09-26 16:28 - 00229939 _____ C:\Users\Michal\Downloads\RACETEQ S.R.O Mail - Faktura VF2016029 - Policové vozíky.pdf
2016-09-26 16:26 - 2016-09-26 16:26 - 00335254 _____ C:\Users\Michal\Downloads\VF2016029 (1).PDF
2016-09-26 16:22 - 2016-09-26 16:22 - 00065518 _____ C:\Users\Michal\Downloads\noname (2).eml
2016-09-26 16:22 - 2016-09-26 16:22 - 00010800 _____ C:\Users\Michal\Downloads\noname (1).eml
2016-09-26 16:21 - 2016-09-26 16:22 - 00010800 _____ C:\Users\Michal\Downloads\noname.eml
2016-09-26 16:09 - 2016-09-26 16:09 - 00506667 _____ C:\Users\Michal\Downloads\403700086_0_D222009.PDF
2016-09-26 15:35 - 2016-09-26 15:35 - 00085778 _____ C:\Users\Michal\Downloads\Transport report (1).xlsx
2016-09-26 15:29 - 2016-09-26 15:29 - 00134167 _____ C:\Users\Michal\Downloads\JOBS 2016-09-26.xlsx
2016-09-26 15:26 - 2016-09-26 15:26 - 00071258 _____ C:\Users\Michal\Downloads\WH receive Shipment report 2016.xlsx
2016-09-26 15:24 - 2016-09-26 15:24 - 00099742 _____ C:\Users\Michal\Downloads\402393695_3_Vyrozumění o PM usnesení o nařízení exekuce_29.1.2013_1335.pdf
2016-09-26 15:24 - 2016-09-26 15:24 - 00097971 _____ C:\Users\Michal\Downloads\402393695_5_Žádost o poskytnutí součinnosti_21.09.2016_832.pdf
2016-09-26 15:24 - 2016-09-26 15:24 - 00070766 _____ C:\Users\Michal\Downloads\402393695_4_Poučení plátce mzdy_21.09.2016_832.pdf
2016-09-26 15:23 - 2016-09-26 15:23 - 00190686 _____ C:\Users\Michal\Downloads\402393695_2_usn_PM_02163_12.PDF
2016-09-26 15:23 - 2016-09-26 15:23 - 00101915 _____ C:\Users\Michal\Downloads\402393695_1_Usnesení o změně plátce_21.09.2016_831.pdf
2016-09-26 15:23 - 2016-09-26 15:23 - 00094724 _____ C:\Users\Michal\Downloads\402393695_0_Exekuční příkaz srážkami ze mzdy - dávek SSP.pdf
2016-09-26 15:22 - 2016-09-26 15:22 - 00165900 _____ C:\Users\Michal\Downloads\402648864_2_pm_s_EX_14623-10_098_ep_prijem_51bf023236a53.pdf
2016-09-26 15:22 - 2016-09-26 15:22 - 00100483 _____ C:\Users\Michal\Downloads\402648864_0_s_EX_14623-10_205_usn_prijem_dosl_57e2c965dff04.pdf
2016-09-26 15:22 - 2016-09-26 15:22 - 00099607 _____ C:\Users\Michal\Downloads\402648864_1_s_EX_14623-10_098_ep_prijem_51bf023236a53.pdf
2016-09-26 15:22 - 2016-09-26 15:22 - 00072059 _____ C:\Users\Michal\Downloads\402566060_0_EX_930_16-51.pdf
2016-09-26 15:21 - 2016-09-26 15:21 - 00133954 _____ C:\Users\Michal\Downloads\402931777_0_Oznámení o skončení exekučního řízení_22. 9. 2016_1356.pdf
2016-09-26 15:20 - 2016-09-26 15:20 - 00106987 _____ C:\Users\Michal\Downloads\403260573_0_Vyrozumění o právní moci - mzda_23. 9. 2016_655.pdf
2016-09-26 15:20 - 2016-09-26 15:20 - 00082851 _____ C:\Users\Michal\Downloads\403110521_0_107193r16_vyrozumeni.pdf
2016-09-26 15:19 - 2016-09-26 15:19 - 00075531 _____ C:\Users\Michal\Downloads\403274903_0_1002944219.pdf
2016-09-26 15:14 - 2016-09-26 15:14 - 00426193 _____ C:\Users\Michal\Downloads\403188580_0_V464006.PDF
2016-09-26 15:03 - 2016-09-26 15:03 - 00013305 _____ C:\Users\Michal\Downloads\2016-2120.pdf
2016-09-26 15:02 - 2016-09-26 15:02 - 00013104 _____ C:\Users\Michal\Downloads\2016-2118.pdf
2016-09-26 14:59 - 2016-09-26 14:59 - 00097619 _____ C:\Users\Michal\Downloads\FAV3001420641.pdf
2016-09-26 14:57 - 2016-09-26 14:57 - 00070559 _____ C:\Users\Michal\Downloads\FV11020160043.pdf
2016-09-26 14:56 - 2016-09-26 14:56 - 00070267 _____ C:\Users\Michal\Downloads\FV11020160042.pdf
2016-09-26 14:55 - 2016-09-26 14:55 - 00070248 _____ C:\Users\Michal\Downloads\FV11020160041.pdf
2016-09-26 14:54 - 2016-09-26 14:54 - 00070245 _____ C:\Users\Michal\Downloads\FV11020160040.pdf
2016-09-26 14:47 - 2016-09-26 14:47 - 00092073 _____ C:\Users\Michal\Downloads\FAV3001419980.pdf
2016-09-26 14:43 - 2016-09-26 14:43 - 00104725 _____ C:\Users\Michal\Downloads\FAV3001419981.pdf
2016-09-26 14:19 - 2016-09-26 14:19 - 00052803 _____ C:\Users\Michal\Downloads\vypis-216706.pdf
2016-09-26 12:50 - 2016-09-26 12:50 - 00083347 _____ C:\Users\Michal\Downloads\624_22_9_CLO_AUO.xlsx
2016-09-26 12:35 - 2016-09-26 12:48 - 00069042 _____ C:\Users\Michal\Downloads\193_21_9_CLO.xlsx
2016-09-26 12:29 - 2016-09-26 12:29 - 00010571 _____ C:\Users\Michal\Downloads\GDP 3 years Czech Rep..xlsx
2016-09-26 12:25 - 2016-09-26 12:28 - 00019361 _____ C:\Users\Michal\Downloads\Average salary Czech Rep..xlsx
2016-09-26 11:56 - 2016-09-26 12:00 - 00161985 _____ C:\Users\Michal\Downloads\invoice_update bank info.pdf
2016-09-26 11:55 - 2016-09-26 11:55 - 00195482 _____ C:\Users\Michal\Downloads\invoice.pdf
2016-09-26 11:54 - 2016-09-26 11:54 - 00172433 _____ C:\Users\Michal\Downloads\invoice(2) (1).pdf
2016-09-26 11:51 - 2016-09-26 11:51 - 00138894 _____ C:\Users\Michal\Downloads\invoice(2)_update bank info.pdf
2016-09-26 11:49 - 2016-09-26 11:49 - 00172433 _____ C:\Users\Michal\Downloads\invoice(2).pdf
2016-09-26 11:22 - 2016-09-26 11:22 - 00142326 _____ C:\Users\Michal\Downloads\Control Table RQ 20160923 new.xlsx
2016-09-26 11:20 - 2016-09-26 11:20 - 00169365 _____ C:\Users\Michal\Downloads\cz16011076 clo.pdf
2016-09-26 11:09 - 2016-09-26 11:09 - 01926261 _____ C:\Users\Michal\Downloads\návěs KRONE - velký TP.pdf
2016-09-26 11:02 - 2016-09-26 11:02 - 02526306 _____ C:\Users\Michal\Downloads\tahač MAN - velký TP.pdf
2016-09-25 02:31 - 2016-09-25 02:31 - 00000000 ____D C:\Users\Michal\AppData\Roaming\7kfans.com
2016-09-25 02:28 - 2016-09-25 02:28 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms AA
2016-09-25 02:26 - 2016-09-25 02:27 - 52805337 _____ C:\Users\Michal\Downloads\7kaa-install-win32-2.14.6.exe
2016-09-25 02:24 - 2016-09-25 02:25 - 01754126 _____ (7kfans.com) C:\Users\Michal\Downloads\7kaa.exe
2016-09-25 02:06 - 2016-09-25 02:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms
2016-09-25 02:06 - 2016-09-25 02:06 - 00000000 _____ C:\WINDOWS\VDM4FDA.tmp
2016-09-25 02:06 - 2016-09-25 02:06 - 00000000 _____ C:\WINDOWS\VDM2CB1.tmp
2016-09-25 02:04 - 2016-09-25 02:05 - 00000000 ____D C:\WINDOWS\_ISTMP0.DIR
2016-09-25 02:04 - 2016-09-25 02:04 - 00648704 _____ (InstallShield Software Corporation) C:\WINDOWS\_INS576._MP
2016-09-25 02:04 - 2016-09-25 02:04 - 00000000 _____ C:\WINDOWS\VDMCD2F.tmp
2016-09-25 01:11 - 2016-09-25 01:17 - 00000000 ____D C:\XPSHARED
2016-09-24 23:34 - 2016-09-24 23:34 - 00000708 _____ C:\Users\Public\Desktop\WarZone.lnk
2016-09-24 23:34 - 2016-09-24 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WarZone
2016-09-24 23:30 - 2016-09-24 23:30 - 00001235 _____ C:\Users\Michal\Desktop\Risk II on the ZONE.lnk
2016-09-24 23:30 - 2016-09-24 23:30 - 00001168 _____ C:\Users\Michal\Desktop\Risk II.lnk
2016-09-24 23:30 - 2016-09-24 23:30 - 00000000 ____D C:\Program Files\Microprose
2016-09-24 23:27 - 2016-09-24 23:27 - 00000000 ____D C:\Users\Michal\Downloads\Risk_2
2016-09-24 22:59 - 2016-09-24 22:59 - 00001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-09-24 22:59 - 2016-09-24 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-09-24 22:59 - 2016-09-24 22:59 - 00000000 ____D C:\Program Files\Oracle
2016-09-24 22:59 - 2016-09-12 18:37 - 00776304 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2016-09-24 22:59 - 2016-09-12 18:36 - 00122784 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-09-24 22:57 - 2016-09-24 22:58 - 122288608 _____ (Oracle Corporation) C:\Users\Michal\Downloads\VirtualBox-5.1.6-110634-Win.exe
2016-09-24 22:02 - 2016-09-24 22:03 - 96921976 _____ (Microsoft Corporation) C:\Users\Michal\Downloads\directx_mar2009_redist.exe
2016-09-24 21:55 - 2016-09-24 21:55 - 00000000 ___HD C:\OneDriveTemp
2016-09-24 21:08 - 2016-09-24 21:08 - 00000000 ____D C:\Users\Michal\Downloads\Seven_Kingdoms-THEiSOZONE
2016-09-24 21:03 - 2016-09-24 21:07 - 109746019 _____ C:\Users\Michal\Downloads\Risk_2.7z
2016-09-24 20:41 - 2016-09-24 20:41 - 00000000 ____D C:\Users\Michal\Downloads\Defender_of_the_Crown_digitally_remastered-iSOLATiON
2016-09-24 20:40 - 2016-09-24 21:00 - 499918334 _____ C:\Users\Michal\Downloads\Seven_Kingdoms-THEiSOZONE.7z
2016-09-24 20:05 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-09-24 20:05 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-09-24 20:05 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-09-24 20:05 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-09-24 20:05 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-09-24 20:05 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-09-24 20:05 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-09-24 20:05 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-09-24 20:05 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-09-24 20:05 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-09-24 20:05 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-09-24 20:05 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-09-24 20:05 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-09-24 20:05 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-09-24 20:05 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-09-24 20:05 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-09-24 20:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-09-24 20:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-09-24 20:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-09-24 20:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-09-24 20:04 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-09-24 20:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-09-24 20:04 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-09-24 20:04 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-09-24 20:04 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-09-24 20:04 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-09-24 20:04 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-09-24 20:04 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2016-09-24 20:04 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2016-09-24 20:04 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2016-09-24 20:04 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2016-09-24 20:04 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2016-09-24 20:04 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2016-09-24 20:04 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2016-09-24 20:04 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2016-09-24 20:04 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2016-09-24 20:04 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2016-09-24 20:04 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2016-09-24 20:04 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2016-09-24 20:04 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2016-09-24 20:04 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2016-09-24 20:04 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2016-09-24 20:04 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2016-09-24 20:04 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2016-09-24 20:04 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2016-09-24 20:04 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2016-09-24 20:04 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2016-09-24 20:04 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2016-09-24 20:04 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2016-09-24 20:04 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2016-09-24 20:04 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2016-09-24 20:04 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2016-09-24 20:04 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2016-09-24 20:04 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-09-24 20:04 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-09-24 20:04 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-09-24 20:04 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-09-24 20:04 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-09-24 20:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-09-24 20:04 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2016-09-24 20:04 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2016-09-24 20:04 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-09-24 20:04 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2016-09-24 20:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2016-09-24 20:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2016-09-24 20:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2016-09-24 20:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2016-09-24 20:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2016-09-24 20:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2016-09-24 20:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2016-09-24 20:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2016-09-24 20:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2016-09-24 20:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2016-09-24 20:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2016-09-24 20:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2016-09-24 20:03 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2016-09-24 20:03 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2016-09-24 20:03 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2016-09-24 20:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2016-09-24 19:56 - 2016-09-24 20:00 - 108279664 _____ (Microsoft Corporation) C:\Users\Michal\Downloads\directx.exe
2016-09-24 19:49 - 2016-09-24 19:55 - 00315624 _____ (Microsoft Corporation) C:\Users\Michal\Downloads\dxwebsetup.exe
2016-09-24 19:32 - 2016-09-24 19:34 - 02421192 _____ (DivX, LLC) C:\Users\Michal\Downloads\divxinstaller.exe
2016-09-24 03:19 - 2016-09-24 03:20 - 00000000 ____D C:\Users\Michal\Downloads\red-baron-2_1.0
2016-09-24 03:18 - 2016-09-24 03:18 - 00000000 ____D C:\WINDOWS\solcache
2016-09-24 03:18 - 2016-09-24 03:18 - 00000000 ____D C:\SIERRA
2016-09-24 03:18 - 1997-11-18 08:35 - 01016832 _____ (CUC Software) C:\WINDOWS\system32\SierraNW.dll
2016-09-24 03:18 - 1997-11-18 08:35 - 00230400 _____ (CUC Software) C:\WINDOWS\system32\SNWValid.dll
2016-09-24 03:18 - 1997-11-18 08:34 - 00011113 _____ C:\WINDOWS\system32\SNWVALID.HLP
2016-09-24 03:04 - 2016-09-24 03:04 - 00000000 ____D C:\Users\Michal\Downloads\red-baron_amiga_08sf
2016-09-24 02:57 - 2000-08-14 12:46 - 00974989 _____ C:\Users\Michal\Downloads\redbrn.exe
2016-09-24 02:41 - 2016-09-24 02:48 - 00000000 ____D C:\Users\Michal\Downloads\redbrn
2016-09-24 02:41 - 2016-09-24 02:45 - 00000000 ____D C:\Users\Michal\Downloads\rbmbpat
2016-09-24 02:39 - 2016-09-24 21:45 - 00000000 ____D C:\Users\Michal\AppData\Roaming\DivX
2016-09-24 02:39 - 2016-09-24 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-09-24 02:39 - 2016-09-24 19:36 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2016-09-24 02:38 - 2016-09-24 19:39 - 00000000 ____D C:\Program Files\DivX
2016-09-24 02:37 - 2016-09-24 19:39 - 00000000 ____D C:\ProgramData\DivX
2016-09-24 02:37 - 2016-09-24 02:37 - 02424264 _____ (DivX, LLC) C:\Users\Michal\Downloads\DivX63Installer.exe
2016-09-24 02:32 - 2016-09-24 02:32 - 00000762 _____ C:\Users\Public\Desktop\European Air War.lnk
2016-09-24 02:06 - 2016-09-24 02:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Air War
2016-09-24 01:58 - 2016-09-24 01:58 - 00000000 ____D C:\Users\Michal\Downloads\European_Air_War-THEiSOZONE
2016-09-24 01:30 - 2016-09-24 01:30 - 00001574 _____ C:\Users\Michal\Desktop\Red Baron.lnk
2016-09-24 01:30 - 2016-09-24 01:30 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Davilex Games
2016-09-24 01:26 - 2016-09-24 01:26 - 00000000 ____D C:\Users\Michal\Downloads\RED.BARON-DEViANCE
2016-09-23 23:56 - 1996-04-29 08:20 - 00289280 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe
2016-09-23 23:55 - 2016-09-24 03:18 - 00000063 _____ C:\Users\Public\Desktop\netMarket!.URL
2016-09-23 23:55 - 2016-09-24 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2016-09-23 23:55 - 2016-09-24 03:18 - 00000000 ____D C:\Program Files\Sierra On-Line
2016-09-23 23:52 - 2016-09-24 03:22 - 00000451 _____ C:\WINDOWS\SIERRA.INI
2016-09-23 23:50 - 2016-09-23 23:50 - 00000000 ____D C:\Users\Michal\Downloads\RedBaronII
2016-09-23 23:22 - 2016-09-23 23:22 - 00000000 ____D C:\Users\Michal\Documents\Combat Flight Simulator 3.0
2016-09-23 23:19 - 2016-09-23 23:19 - 00011376 _____ C:\WINDOWS\system32\Drivers\SECDRV.SYS
2016-09-23 23:12 - 2016-09-23 23:12 - 00001709 _____ C:\Users\Public\Desktop\Combat Flight Simulator 3.lnk
2016-09-23 23:12 - 2016-09-23 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-09-23 20:08 - 2016-09-23 20:25 - 00000000 ____D C:\Users\Michal\Documents\aces of WWI savegames
2016-09-23 20:04 - 2016-09-23 20:04 - 00000000 ____D C:\Users\Michal\Downloads\Combat_Flight_Simulator_3_Battle_For_Europe-FLT
2016-09-23 20:00 - 2016-09-23 20:00 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aces of World War I
2016-09-23 19:49 - 2016-09-23 19:49 - 00001016 _____ C:\Users\Michal\Desktop\vmnt.lnk
2016-09-23 19:41 - 2016-09-23 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2016-09-23 19:35 - 2016-09-23 19:40 - 01697808 _____ (Sysprogs OU) C:\Users\Michal\Downloads\WinCDEmu-4.1.exe
2016-09-23 15:33 - 2016-09-23 15:33 - 00076347 _____ C:\Users\Michal\Downloads\prehrazovac-mezi-bocnice.htm
2016-09-23 15:29 - 2016-09-23 15:29 - 00234313 _____ C:\Users\Michal\Downloads\Havlíková - nesvětelný nápis na střechu RACETEQ - větší rozměr.pdf
2016-09-23 08:02 - 2016-09-23 08:02 - 00070548 _____ C:\Users\Michal\Downloads\FV11020160039.pdf
2016-09-22 17:06 - 2016-09-22 17:06 - 00053745 _____ C:\Users\Michal\Downloads\Faktura_161000713.pdf
2016-09-22 17:02 - 2016-09-22 17:02 - 00052892 _____ C:\Users\Michal\Downloads\Faktura_161000712.pdf
2016-09-22 16:49 - 2016-09-22 16:49 - 00133991 _____ C:\Users\Michal\Downloads\JOBS 2016-09-22 (1).xlsx
2016-09-22 16:43 - 2016-09-22 16:43 - 00025264 _____ C:\Users\Michal\Downloads\NPV-Shipping document --- NPV201609001.xlsx
2016-09-22 16:41 - 2016-09-22 16:41 - 00025276 _____ C:\Users\Michal\Downloads\China-Shipping document --- CSFV0018092016.xlsx
2016-09-22 16:31 - 2016-09-22 16:31 - 00070672 _____ C:\Users\Michal\Downloads\FV11020160036.pdf
2016-09-22 16:12 - 2016-09-22 16:12 - 02454416 _____ C:\Users\Michal\Downloads\img-921103922.pdf
2016-09-22 16:04 - 2016-09-22 16:04 - 00013137 _____ C:\Users\Michal\Downloads\2016-2090.pdf
2016-09-22 16:03 - 2016-09-22 16:03 - 00013147 _____ C:\Users\Michal\Downloads\2016-2089.pdf
2016-09-22 16:02 - 2016-09-22 16:02 - 00013149 _____ C:\Users\Michal\Downloads\2016-2088.pdf
2016-09-22 15:56 - 2016-09-22 15:56 - 00177209 _____ C:\Users\Michal\Downloads\FAKTURA RACETEQ - A1635353-111627764.pdf
2016-09-22 15:53 - 2016-09-22 15:53 - 00169407 _____ C:\Users\Michal\Downloads\cz16011018 clo (1).pdf
2016-09-22 15:52 - 2016-09-22 15:52 - 00169070 _____ C:\Users\Michal\Downloads\cz16011018 clo.pdf
2016-09-22 15:50 - 2016-09-22 15:50 - 00169403 _____ C:\Users\Michal\Downloads\cz16011019-DIM087008492.pdf
2016-09-22 14:34 - 2016-09-22 14:34 - 00235612 _____ C:\Users\Michal\Downloads\faktura-FVBONM-2016-176-001399.pdf
2016-09-22 13:36 - 2016-09-22 13:36 - 00070215 _____ C:\Users\Michal\Downloads\FV11020160037.pdf
2016-09-22 13:34 - 2016-09-22 13:34 - 00070415 _____ C:\Users\Michal\Downloads\FV11020160038.pdf
2016-09-22 13:17 - 2016-09-22 13:17 - 00245941 _____ C:\Users\Michal\Downloads\IN_Raceteq_22.09 (1).pdf
2016-09-22 12:47 - 2016-09-22 12:47 - 00245941 _____ C:\Users\Michal\Downloads\IN_Raceteq_22.09.pdf
2016-09-22 12:22 - 2016-09-22 12:22 - 00061099 _____ C:\Users\Michal\Downloads\POPIS LCD MODUL _Panel__V650DK3-KD2.pdf
2016-09-22 11:53 - 2016-09-22 11:53 - 04329828 _____ C:\Users\Michal\Downloads\uz 2014.pdf
2016-09-22 11:53 - 2016-09-22 11:53 - 04329828 _____ C:\Users\Michal\Downloads\uz 2014 (1).pdf
2016-09-22 11:29 - 2016-09-22 11:29 - 00009490 _____ C:\Users\Michal\Downloads\Quotation_F6LMTJ014891 (1).xlsx
2016-09-22 11:22 - 2016-09-22 11:22 - 00347188 _____ C:\Users\Michal\Downloads\List2.pdf
2016-09-22 11:17 - 2016-09-22 11:17 - 00345749 _____ C:\Users\Michal\Downloads\List1 (1).pdf
2016-09-22 10:53 - 2016-09-22 10:55 - 00139189 _____ C:\Users\Michal\Downloads\JOBS 2016-09-22.xlsx
2016-09-22 10:45 - 2016-09-22 10:46 - 00134512 _____ C:\Users\Michal\Downloads\JOBS 2016-09-21.xlsx
2016-09-21 21:11 - 2016-09-21 21:11 - 00000000 ____D C:\Users\Michal\Downloads\Aces_of_World_War_I-FLT
2016-09-21 20:56 - 2016-09-21 21:06 - 249008215 _____ C:\Users\Michal\Downloads\Aces_of_World_War_I-FLT.7z
2016-09-21 20:21 - 2016-09-21 20:21 - 00159038 _____ C:\Users\Michal\Downloads\003_bitva-u-doss-alto.pdf
2016-09-21 19:00 - 2016-09-21 19:00 - 00345749 _____ C:\Users\Michal\Downloads\List1.pdf
2016-09-21 15:48 - 2016-09-21 15:48 - 00031318 _____ C:\Users\Michal\Downloads\in161405742b.pdf
2016-09-21 15:17 - 2016-09-21 15:17 - 00177970 _____ C:\Users\Michal\Downloads\000117162_01583976.PDF
2016-09-21 15:16 - 2016-09-21 15:16 - 00156614 _____ C:\Users\Michal\Downloads\000117162_01592379.PDF
2016-09-21 15:15 - 2016-09-21 15:15 - 00175721 _____ C:\Users\Michal\Downloads\000116876_01559547.PDF
2016-09-21 15:14 - 2016-09-21 15:14 - 00175737 _____ C:\Users\Michal\Downloads\000116876_01580643.PDF
2016-09-21 15:11 - 2016-09-21 15:11 - 00175734 _____ C:\Users\Michal\Downloads\000116876_01595114.PDF
2016-09-21 15:08 - 2016-09-21 15:08 - 00177373 _____ C:\Users\Michal\Downloads\000117162_01609827.PDF
2016-09-21 14:55 - 2016-09-21 14:55 - 01408971 _____ C:\Users\Michal\Downloads\transport_export.csv
2016-09-21 14:39 - 2016-09-21 14:39 - 00442963 _____ C:\Users\Michal\Downloads\Image.pdf
2016-09-21 14:02 - 2016-09-21 14:02 - 00031318 _____ C:\Users\Michal\Downloads\in161405742.pdf
2016-09-21 12:25 - 2016-09-21 12:25 - 00015007 _____ C:\Users\Michal\Downloads\20160910_58_CLO report (bezel)_auo (1).xlsx
2016-09-21 12:24 - 2016-09-21 12:24 - 00015007 _____ C:\Users\Michal\Downloads\20160910_58_CLO report (bezel)_auo.xlsx
2016-09-21 12:23 - 2016-09-21 12:23 - 00015813 _____ C:\Users\Michal\Downloads\20160908_75_CLO report (rework)_auo.xlsx
2016-09-21 12:22 - 2016-09-21 12:22 - 00016439 _____ C:\Users\Michal\Downloads\20160912_52_CLO report (bezel).xlsx
2016-09-21 12:20 - 2016-09-21 12:20 - 00017774 _____ C:\Users\Michal\Downloads\20160906_66_CLO report (rework)_updated.xlsx
2016-09-21 12:04 - 2016-09-21 12:04 - 00056580 _____ C:\Users\Michal\Downloads\20160907_596_CLO report (regular).xlsx
2016-09-21 12:04 - 2016-09-21 12:04 - 00029647 _____ C:\Users\Michal\Downloads\20160909_475_CLO report (regular)_auo.xlsx
2016-09-21 12:01 - 2016-09-21 12:01 - 00073650 _____ C:\Users\Michal\Downloads\802016068.pdf
2016-09-21 11:52 - 2016-09-21 11:52 - 00334781 _____ C:\Users\Michal\Downloads\Havlíková - nesvětelný nápis na střechu RACETEQ (1).pdf
2016-09-21 11:45 - 2016-09-21 11:45 - 00405299 _____ C:\Users\Michal\Downloads\49inch Front frame Shipping Doc RMA169001D-RACETEQ vs KUNSHAN.XLSX
2016-09-21 11:34 - 2016-09-21 11:34 - 00013167 _____ C:\Users\Michal\Downloads\2016-2078.pdf
2016-09-21 11:31 - 2016-09-21 11:31 - 00013123 _____ C:\Users\Michal\Downloads\2016-2075.pdf
2016-09-21 11:20 - 2016-09-21 11:20 - 00074547 _____ C:\Users\Michal\Downloads\802016037.pdf
2016-09-21 10:59 - 2016-09-21 10:59 - 00084851 _____ C:\Users\Michal\Downloads\Transport report.xlsx
2016-09-21 10:01 - 2016-09-21 10:01 - 00211268 _____ C:\Users\Michal\Downloads\1103027469.pdf
2016-09-21 09:43 - 2016-09-21 09:43 - 00130846 _____ C:\Users\Michal\Downloads\402135737_0_100139781.pdf
2016-09-21 09:43 - 2016-09-21 09:43 - 00103105 _____ C:\Users\Michal\Downloads\402135737_1_100139782.pdf
2016-09-21 09:43 - 2016-09-21 09:43 - 00047160 _____ C:\Users\Michal\Downloads\401761448_0_U2250-16-0046-160919135513.pdf
2016-09-21 09:41 - 2016-09-21 09:41 - 01445685 _____ C:\Users\Michal\Downloads\402235847_0_attachment.pdf
2016-09-21 09:13 - 2016-09-21 09:13 - 00097175 _____ C:\Users\Michal\Downloads\401302016_0_672299792.pdf
2016-09-21 08:33 - 2016-09-21 08:33 - 00031953 _____ C:\Users\Michal\Downloads\HOLD_RTQ - ready to pickup RTQ confirmed (1).xlsx
2016-09-21 08:30 - 2016-09-21 08:30 - 00049644 _____ C:\Users\Michal\Downloads\TRANSFERRED PARTS FROM BLANK and OK LOCATION 2014-12-05_update RTQ confirmed.xlsx
2016-09-21 08:30 - 2016-09-21 08:30 - 00036339 _____ C:\Users\Michal\Downloads\HOLD_SLOW_ORIGINAL_01_26_2015_FULL_PACKING LIST TO RTQ.xlsx
2016-09-21 08:30 - 2016-09-21 08:30 - 00031953 _____ C:\Users\Michal\Downloads\HOLD_RTQ - ready to pickup RTQ confirmed.xlsx
2016-09-21 08:30 - 2016-09-21 08:30 - 00016441 _____ C:\Users\Michal\Downloads\BLANK PALETY - PAL6+PAL7_PACKING LIST_2014-12-07 (3)_RTQ_confirmed.xlsx
2016-09-21 01:34 - 2016-09-21 01:34 - 01024183 _____ C:\Users\Michal\Desktop\bootlog_aftr rnr after restart.7z
2016-09-21 01:33 - 2016-09-21 01:33 - 00000000 ____D C:\Users\Michal\Downloads\Bootlog1
2016-09-21 01:20 - 2016-09-21 01:20 - 01250007 _____ C:\Users\Michal\Desktop\bootlog_after rnr before restart.7z
2016-09-21 01:14 - 2016-09-21 01:29 - 00000000 ____D C:\Users\Michal\Downloads\bootlogger
2016-09-21 01:09 - 2016-09-21 01:09 - 01793799 _____ C:\Users\Michal\Downloads\bootlogger.zip
2016-09-21 00:06 - 2016-09-21 00:06 - 01065376 _____ (Google Inc.) C:\Users\Michal\Downloads\ChromeSetup (1).exe
2016-09-20 23:15 - 2016-09-20 23:38 - 00083456 _____ C:\Users\Michal\Downloads\MD5_and_SHA_Checksum_Utility.exe
2016-09-20 22:57 - 2016-09-20 22:57 - 00107744 _____ C:\WINDOWS\system32\chml.exe
2016-09-20 21:11 - 2016-09-20 21:11 - 00001266 _____ C:\Users\Michal\Downloads\rnr.rnr
2016-09-20 19:01 - 2016-09-21 01:25 - 00000953 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {FAE15893-2F17-410F-8540-54360B0B7FCB}.job
2016-09-20 19:01 - 2016-09-20 19:01 - 00000767 _____ C:\WINDOWS\Tasks\ Invitation {FAE15893-2F17-410F-8540-54360B0B7FCB}.job
2016-09-20 15:17 - 2016-09-20 15:17 - 00335286 _____ C:\Users\Michal\Downloads\VF2016028 (1).PDF
2016-09-20 15:12 - 2016-09-20 15:12 - 00335254 _____ C:\Users\Michal\Downloads\VF2016029.PDF
2016-09-20 14:59 - 2016-09-20 14:59 - 00244144 _____ C:\Users\Michal\Downloads\material order list RQ (2).xlsx
2016-09-20 14:59 - 2016-09-20 14:59 - 00244144 _____ C:\Users\Michal\Downloads\material order list RQ (1).xlsx
2016-09-20 14:48 - 2016-09-20 14:49 - 00244144 _____ C:\Users\Michal\Downloads\material order list RQ.xlsx
2016-09-20 14:38 - 2016-09-20 14:38 - 00009497 _____ C:\Users\Michal\Downloads\Quotation_F6LMTJ014891.xlsx
2016-09-20 09:53 - 2016-09-20 09:53 - 00132447 _____ C:\Users\Michal\Downloads\JOBS 2016-09-20.xlsx
2016-09-20 09:52 - 2016-09-20 09:52 - 00006656 _____ C:\Users\Michal\Downloads\statement (3).xls
2016-09-20 09:48 - 2016-09-20 09:48 - 00168970 _____ C:\Users\Michal\Downloads\CZ16010366 clo.pdf
2016-09-20 09:38 - 2016-09-20 09:38 - 00168709 _____ C:\Users\Michal\Downloads\CZ16010367 clo.pdf
2016-09-20 09:34 - 2016-09-20 09:34 - 00006656 _____ C:\Users\Michal\Downloads\statement (2).xls
2016-09-20 08:19 - 2016-09-20 08:19 - 00071339 _____ C:\Users\Michal\Downloads\Platební výměr na úrok z prodlení z DPH za 2064_08.pdf
2016-09-19 23:36 - 2016-09-19 23:36 - 00001274 _____ C:\Users\Michal\Desktop\MRT – zástupce.lnk
2016-09-19 23:26 - 2016-09-19 23:26 - 49927392 _____ (Microsoft Corporation) C:\Users\Michal\Downloads\Windows-KB890830-V5.40 (1).exe
2016-09-19 23:15 - 2016-09-19 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2016-09-19 23:15 - 2016-09-19 23:15 - 00000000 ____D C:\Program Files\EMET 5.5
2016-09-19 23:14 - 2016-09-19 23:14 - 26816512 _____ C:\Users\Michal\Downloads\EMET Setup.msi
2016-09-19 19:54 - 2016-09-19 19:54 - 01750528 _____ (Farbar) C:\Users\Michal\Downloads\FRST.exe
2016-09-19 18:10 - 2016-09-19 18:10 - 00001165 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-09-19 18:07 - 2016-09-24 19:38 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-19 18:07 - 2016-09-19 18:07 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Avira
2016-09-19 18:04 - 2016-09-19 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-19 18:03 - 2016-08-18 15:52 - 00149760 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-09-19 18:03 - 2016-08-18 15:52 - 00120968 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-09-19 18:03 - 2016-08-18 15:52 - 00066872 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-09-19 18:03 - 2016-08-18 15:52 - 00044208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-09-19 18:03 - 2016-08-18 15:52 - 00018760 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2016-09-19 18:02 - 2016-09-19 18:08 - 00000000 ____D C:\Program Files\Avira
2016-09-19 17:53 - 2016-09-19 18:00 - 225357384 _____ C:\Users\Michal\Downloads\avira_antivirus_en-us.exe
2016-09-19 17:53 - 2016-09-19 17:53 - 04446224 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michal\Downloads\avira_en_av_57e0096860a80__ws.exe
2016-09-19 16:23 - 2016-09-19 16:23 - 00242312 _____ C:\Users\Michal\Downloads\Firefox Setup Stub 48.0.2 (11).exe
2016-09-19 16:17 - 2016-09-19 16:17 - 00070433 _____ C:\Users\Michal\Downloads\FV11020160035.pdf
2016-09-19 16:15 - 2016-09-19 16:15 - 00069782 _____ C:\Users\Michal\Downloads\WH receive Shipment report 2016 (6).xlsx
2016-09-19 15:47 - 2016-09-19 15:47 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-19 15:47 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-09-19 15:38 - 2016-09-19 16:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-19 15:38 - 2016-09-19 15:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-09-19 15:38 - 2016-09-19 15:38 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-19 15:38 - 2016-09-19 15:38 - 00002192 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-09-19 15:38 - 2016-09-19 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-19 15:38 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-09-19 15:05 - 2016-09-19 15:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Michal\Downloads\spybot-2.4.exe
2016-09-19 13:35 - 2016-09-19 13:35 - 00000000 ____D C:\ProgramData\CPInstall
2016-09-19 13:16 - 2016-09-19 13:17 - 15521176 _____ (Igor Pavlov) C:\Users\Michal\Downloads\pki_cs.exe
2016-09-19 13:07 - 2016-09-19 13:08 - 00962992 _____ (Opera Software) C:\Users\Michal\Downloads\OperaSetup.exe
2016-09-19 11:49 - 2016-09-19 11:59 - 00000080 _____ C:\Users\Michal\Desktop\Stažené soubory - zástupce.lnk
2016-09-19 11:49 - 2016-09-19 11:59 - 00000080 _____ C:\Users\Michal\Desktop\Hudba - zástupce.lnk
2016-09-19 11:04 - 2016-09-19 11:04 - 00000000 ____D C:\@RestoreQuarantine
2016-09-19 10:34 - 2016-09-29 15:55 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-19 10:34 - 2016-09-19 11:59 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-19 10:34 - 2016-09-19 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-19 10:33 - 2016-09-20 01:06 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-09-19 10:33 - 2016-09-19 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-19 10:33 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-19 10:33 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-19 10:33 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-19 10:31 - 2016-09-19 10:32 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Michal\Downloads\mbam-setup-2.1.4.1018.exe
2016-09-19 10:23 - 2016-09-19 10:23 - 00013154 _____ C:\Users\Michal\Downloads\2016-2064.pdf
2016-09-19 10:09 - 2016-09-19 10:09 - 00083907 _____ C:\Users\Michal\Downloads\Faktura_21606432.pdf
2016-09-19 09:29 - 2016-09-19 09:30 - 49927392 _____ (Microsoft Corporation) C:\Users\Michal\Downloads\Windows-KB890830-V5.40.exe
2016-09-17 08:48 - 2016-09-07 07:00 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-09-17 08:48 - 2016-09-07 07:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-09-17 08:48 - 2016-09-07 06:59 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-09-17 08:48 - 2016-09-07 06:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-09-17 08:48 - 2016-09-07 06:59 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-09-17 08:48 - 2016-09-07 06:58 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-09-17 08:48 - 2016-09-07 06:57 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-09-17 08:48 - 2016-09-07 06:56 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-09-17 08:48 - 2016-09-07 06:55 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-09-17 08:48 - 2016-09-07 06:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-09-17 08:48 - 2016-09-07 06:55 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-09-17 08:48 - 2016-09-07 06:54 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-09-17 08:48 - 2016-09-07 06:54 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-09-17 08:48 - 2016-09-07 06:54 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-09-17 08:48 - 2016-09-07 06:52 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-09-17 08:48 - 2016-09-07 06:52 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-09-17 08:48 - 2016-09-07 06:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-09-17 08:48 - 2016-09-07 06:52 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-09-17 08:48 - 2016-09-07 06:51 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-09-17 08:48 - 2016-09-07 06:50 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-09-17 08:48 - 2016-09-07 06:50 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-09-17 08:48 - 2016-09-07 06:49 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-09-17 08:48 - 2016-09-07 06:49 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-09-17 08:48 - 2016-09-07 06:46 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-09-17 08:48 - 2016-09-07 06:45 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-17 08:48 - 2016-09-07 06:39 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-09-17 08:48 - 2016-09-07 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-17 08:48 - 2016-09-07 06:36 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-09-17 08:48 - 2016-09-07 06:35 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-09-17 08:48 - 2016-09-07 06:35 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-09-17 08:48 - 2016-09-07 06:34 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-09-17 08:48 - 2016-09-07 06:34 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-09-17 08:47 - 2016-09-07 07:18 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-09-17 08:47 - 2016-09-07 07:17 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-17 08:47 - 2016-09-07 07:16 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-09-17 08:47 - 2016-09-07 07:13 - 06653592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-09-17 08:47 - 2016-09-07 07:04 - 05684736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-17 08:47 - 2016-09-07 06:59 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-09-17 08:47 - 2016-09-07 06:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-09-17 08:47 - 2016-09-07 06:55 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-09-17 08:47 - 2016-09-07 06:49 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-09-17 08:47 - 2016-09-07 06:45 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-09-17 08:47 - 2016-09-07 06:44 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-17 08:47 - 2016-09-07 06:39 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-09-17 08:47 - 2016-09-07 06:36 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-09-17 08:47 - 2016-09-07 06:35 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-09-17 08:47 - 2016-09-07 06:34 - 04557824 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2016-09-17 08:47 - 2016-09-07 06:34 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-17 08:47 - 2016-09-07 06:33 - 02217472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-17 08:47 - 2016-09-07 06:31 - 00461312 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll
2016-09-17 08:47 - 2016-08-06 05:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-09-17 08:47 - 2016-08-02 06:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-09-17 08:47 - 2016-07-22 03:21 - 01898848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-17 08:46 - 2016-09-07 07:37 - 00231776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-09-17 08:46 - 2016-09-07 07:35 - 00315736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-09-17 08:46 - 2016-09-07 07:33 - 04970224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-17 08:46 - 2016-09-07 07:20 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-17 08:46 - 2016-09-07 07:20 - 00154976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-09-17 08:46 - 2016-09-07 07:18 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-09-17 08:46 - 2016-09-07 07:18 - 00550752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-17 08:46 - 2016-09-07 07:17 - 00853344 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-17 08:46 - 2016-09-07 07:16 - 00589144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-09-17 08:46 - 2016-09-07 07:15 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-09-17 08:46 - 2016-09-07 07:13 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-17 08:46 - 2016-09-07 07:13 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-09-17 08:46 - 2016-09-07 06:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-09-17 08:46 - 2016-09-07 06:58 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-09-17 08:46 - 2016-09-07 06:57 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-09-17 08:46 - 2016-09-07 06:56 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-09-17 08:46 - 2016-09-07 06:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-09-17 08:46 - 2016-09-07 06:55 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-09-17 08:46 - 2016-09-07 06:52 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-17 08:46 - 2016-09-07 06:50 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-09-17 08:46 - 2016-09-07 06:46 - 07623680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-17 08:46 - 2016-09-07 06:46 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-09-17 08:46 - 2016-09-07 06:45 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-09-17 08:46 - 2016-09-07 06:45 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-09-17 08:46 - 2016-09-07 06:44 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-09-17 08:46 - 2016-09-07 06:44 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-09-17 08:46 - 2016-09-07 06:44 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-09-17 08:46 - 2016-09-07 06:43 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-17 08:46 - 2016-09-07 06:43 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-09-17 08:46 - 2016-09-07 06:43 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-17 08:46 - 2016-09-07 06:42 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-17 08:46 - 2016-09-07 06:40 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-09-17 08:46 - 2016-09-07 06:39 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-17 08:46 - 2016-09-07 06:39 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-09-17 08:46 - 2016-09-07 06:36 - 01938432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-09-17 08:46 - 2016-09-07 06:35 - 01056768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-09-17 08:46 - 2016-09-07 06:34 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-09-17 08:46 - 2016-09-07 06:33 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-09-17 08:46 - 2016-09-07 06:33 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-09-17 08:46 - 2016-08-06 05:50 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-09-17 08:46 - 2016-07-22 03:21 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-17 08:45 - 2016-09-07 07:31 - 01726160 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-09-17 08:45 - 2016-09-07 07:30 - 06016352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-17 08:45 - 2016-09-07 07:30 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-17 08:45 - 2016-09-07 07:29 - 01957216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-09-17 08:45 - 2016-09-07 07:27 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-17 08:45 - 2016-09-07 07:27 - 00583640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-09-17 08:45 - 2016-09-07 07:17 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-17 08:45 - 2016-09-07 07:17 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-09-17 08:45 - 2016-09-07 07:17 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-09-17 08:45 - 2016-09-07 07:13 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-17 08:45 - 2016-09-07 07:13 - 01123360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-17 08:45 - 2016-09-07 07:13 - 00955520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-17 08:45 - 2016-09-07 07:13 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-17 08:45 - 2016-09-07 07:09 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-17 08:45 - 2016-09-07 06:54 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-09-17 08:45 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-09-17 08:45 - 2016-09-07 06:52 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-17 08:45 - 2016-09-07 06:50 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-09-17 08:45 - 2016-09-07 06:50 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-09-17 08:45 - 2016-09-07 06:49 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-09-17 08:45 - 2016-09-07 06:47 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-09-17 08:45 - 2016-09-07 06:46 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-09-17 08:45 - 2016-09-07 06:45 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-17 08:45 - 2016-09-07 06:45 - 00622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-17 08:45 - 2016-09-07 06:43 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-17 08:45 - 2016-09-07 06:38 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-17 08:45 - 2016-09-07 06:37 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-09-17 08:45 - 2016-09-07 06:36 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-09-17 08:45 - 2016-09-07 06:35 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-17 08:45 - 2016-09-07 06:34 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-09-17 08:45 - 2016-09-07 06:34 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-09-17 08:45 - 2016-09-07 06:34 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-09-17 08:45 - 2016-09-07 06:34 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-09-17 08:45 - 2016-09-07 06:33 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-09-17 08:45 - 2016-09-07 06:33 - 01122304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-17 08:45 - 2016-07-22 02:56 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-09-17 08:44 - 2016-09-07 08:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-17 08:44 - 2016-09-07 07:37 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-09-17 08:44 - 2016-09-07 07:33 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-17 08:44 - 2016-09-07 07:32 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-09-17 08:44 - 2016-09-07 07:32 - 00888896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-17 08:44 - 2016-09-07 07:32 - 00780952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-17 08:44 - 2016-09-07 07:30 - 01065040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-17 08:44 - 2016-09-07 07:30 - 00938520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-17 08:44 - 2016-09-07 07:30 - 00469336 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-09-17 08:44 - 2016-09-07 07:29 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-09-17 08:44 - 2016-09-07 07:27 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-09-17 08:44 - 2016-09-07 07:25 - 00260448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-09-17 08:44 - 2016-09-07 07:25 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-17 08:44 - 2016-09-07 07:23 - 01015136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-09-17 08:44 - 2016-09-07 07:22 - 00866144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-09-17 08:44 - 2016-09-07 07:18 - 00290264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-09-17 08:44 - 2016-09-07 07:16 - 00399712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-17 08:44 - 2016-09-07 07:16 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-17 08:44 - 2016-09-07 07:15 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-17 08:44 - 2016-09-07 07:14 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-09-17 08:44 - 2016-09-07 07:13 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-09-17 08:44 - 2016-09-07 07:13 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-09-17 08:44 - 2016-09-07 07:13 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-09-17 08:44 - 2016-09-07 07:13 - 00432328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-09-17 08:44 - 2016-09-07 07:13 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-09-17 08:44 - 2016-09-07 07:12 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-09-17 08:44 - 2016-09-07 07:08 - 01276608 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-17 08:44 - 2016-09-07 07:08 - 00484544 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-17 08:44 - 2016-09-07 07:08 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-17 08:44 - 2016-09-07 07:07 - 00043944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-09-17 08:44 - 2016-09-07 06:58 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-09-17 08:44 - 2016-09-07 06:58 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-09-17 08:44 - 2016-09-07 06:53 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-09-17 08:44 - 2016-09-07 06:52 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-09-17 08:44 - 2016-09-07 06:51 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-17 08:44 - 2016-09-07 06:50 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-09-17 08:44 - 2016-09-07 06:50 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-09-17 08:44 - 2016-09-07 06:49 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-09-17 08:44 - 2016-09-07 06:47 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-09-17 08:44 - 2016-09-07 06:47 - 01375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-09-17 08:44 - 2016-09-07 06:46 - 01774080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-09-17 08:44 - 2016-09-07 06:46 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-09-17 08:44 - 2016-09-07 06:45 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-09-17 08:44 - 2016-09-07 06:45 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-09-17 08:44 - 2016-09-07 06:45 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-09-17 08:44 - 2016-09-07 06:44 - 01842688 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-09-17 08:44 - 2016-09-07 06:44 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-09-17 08:44 - 2016-09-07 06:43 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-17 08:44 - 2016-09-07 06:42 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-17 08:44 - 2016-09-07 06:41 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-09-17 08:44 - 2016-09-07 06:40 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-09-17 08:44 - 2016-09-07 06:40 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-09-17 08:44 - 2016-09-07 06:39 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-17 08:44 - 2016-09-07 06:39 - 00786944 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-17 08:44 - 2016-09-07 06:37 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-17 08:44 - 2016-09-07 06:35 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-09-17 08:44 - 2016-09-07 06:35 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-09-17 08:44 - 2016-09-07 06:34 - 03595264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-09-17 08:44 - 2016-09-07 06:33 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-17 08:44 - 2016-09-07 06:32 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-09-17 08:44 - 2016-09-07 06:32 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-09-17 08:44 - 2016-09-07 06:31 - 01435136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-17 08:44 - 2016-09-07 06:31 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-09-17 08:44 - 2016-09-07 06:31 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-09-17 08:44 - 2016-09-07 06:30 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-17 08:44 - 2016-08-06 06:06 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-09-17 08:44 - 2016-08-06 05:42 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-09-17 08:44 - 2016-08-02 06:47 - 00094528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-09-17 08:44 - 2016-08-02 06:31 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-09-17 08:43 - 2016-09-07 06:54 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-09-17 08:43 - 2016-09-07 06:53 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-09-17 08:43 - 2016-09-07 06:52 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-17 08:43 - 2016-09-07 06:51 - 06534656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-09-17 08:43 - 2016-09-07 06:49 - 00322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-17 08:43 - 2016-09-07 06:49 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-17 08:43 - 2016-09-07 06:47 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-09-17 08:43 - 2016-09-07 06:46 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-09-17 08:43 - 2016-09-07 06:42 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-09-17 08:43 - 2016-09-07 06:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-17 08:43 - 2016-09-07 06:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-17 08:43 - 2016-09-07 06:41 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-09-17 08:43 - 2016-09-07 06:41 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-09-17 08:43 - 2016-09-07 06:39 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-09-17 08:43 - 2016-09-07 06:37 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-09-17 08:43 - 2016-09-07 06:34 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-09-17 08:43 - 2016-09-07 06:34 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-09-17 08:43 - 2016-09-07 06:33 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-09-17 08:43 - 2016-08-06 05:48 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-09-17 08:43 - 2016-08-06 05:48 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-09-17 08:43 - 2016-08-06 05:40 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-09-17 08:43 - 2016-08-06 05:39 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-09-17 08:43 - 2016-08-06 05:37 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-17 08:43 - 2016-08-02 06:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-17 08:43 - 2016-08-02 06:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-09-16 15:22 - 2016-09-16 15:22 - 00028974 _____ C:\Users\Michal\Downloads\20160911_448_CLO report (wiring 65)_auo.xlsx
2016-09-16 15:17 - 2016-09-16 15:17 - 00013142 _____ C:\Users\Michal\Downloads\20160913_5_CLO report (rework) (1).xlsx
2016-09-16 12:39 - 2016-09-16 12:39 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-09-16 12:38 - 2016-09-16 12:38 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Michal\Downloads\SpyHunter-Installer.exe
2016-09-16 12:30 - 2016-09-16 15:38 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-16 12:30 - 2016-09-16 15:38 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-16 12:29 - 2016-09-16 12:30 - 01065376 _____ (Google Inc.) C:\Users\Michal\Downloads\ChromeSetup.exe
2016-09-16 12:05 - 2016-09-16 12:05 - 00242312 _____ C:\Users\Michal\Downloads\Firefox Setup Stub 48.0.2 (1).exe
2016-09-16 10:31 - 2016-09-16 10:12 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-16 10:27 - 2016-09-16 10:27 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-16 10:25 - 2016-09-16 10:25 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-09-16 10:25 - 2016-09-16 10:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 01968480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 01583112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 01343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 01144080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00798504 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00570720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00564488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00320144 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00292184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-09-16 10:25 - 2016-09-16 10:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-09-16 10:25 - 2016-09-16 10:25 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-09-16 10:25 - 2016-09-16 10:25 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00145248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00127168 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00105824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00092000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConfigureExpandedStorage.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00054624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-09-16 10:25 - 2016-09-16 10:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-09-16 10:25 - 2016-09-16 10:25 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-09-16 10:25 - 2016-09-16 10:25 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-09-16 10:25 - 2016-09-16 10:25 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-09-16 10:25 - 2016-09-16 10:25 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-09-16 10:25 - 2016-09-16 10:25 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-09-16 10:23 - 2016-09-16 11:19 - 00000000 ____D C:\Users\Michal\AppData\Local\ConnectedDevicesPlatform
2016-09-16 10:23 - 2016-09-16 10:23 - 00000020 ___SH C:\Users\Michal\ntuser.ini
2016-09-16 10:21 - 2016-07-15 19:45 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2016-09-16 10:21 - 2016-07-15 19:45 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2016-09-16 10:21 - 2016-07-15 19:29 - 05489664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2016-09-16 10:20 - 2016-09-16 10:20 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-09-16 10:17 - 2016-09-16 10:17 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2016-09-16 10:17 - 2016-09-16 10:17 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-09-16 10:17 - 2016-09-16 09:51 - 00000000 ____D C:\Program Files\MSBuild
2016-09-16 10:16 - 2016-09-16 10:16 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-09-16 10:16 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-09-16 10:16 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-09-16 10:16 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Šablony
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Soubory cookie
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Poslední
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Okolní tiskárny
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Okolní síť
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Nabídka Start
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Dokumenty
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Documents\Obrázky
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Documents\Hudba
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Documents\Filmy
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\Data aplikací
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default User\Documents\Obrázky
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default User\Documents\Hudba
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default User\Documents\Filmy
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2016-09-16 10:12 - 2016-09-16 10:12 - 00000000 ____D C:\ProgramData\USOShared
2016-09-16 10:09 - 2016-09-16 10:11 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-09-16 10:09 - 2016-09-16 10:11 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-09-16 10:02 - 2016-09-29 23:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-16 09:50 - 2016-09-19 12:01 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-16 09:44 - 2016-09-16 09:51 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-09-16 09:40 - 2016-09-28 21:41 - 00000000 ____D C:\Users\Michal
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Šablony
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Soubory cookie
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Poslední
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Okolní tiskárny
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Okolní síť
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Nabídka Start
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Dokumenty
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Documents\Obrázky
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Documents\Hudba
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Documents\Filmy
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\Data aplikací
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-09-16 09:40 - 2016-09-16 09:40 - 00000000 _SHDL C:\Users\Michal\AppData\Local\Data aplikací
2016-09-16 09:36 - 2016-09-29 23:13 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-16 09:36 - 2016-09-16 09:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01011.Wdf
2016-09-16 09:36 - 2016-09-16 09:36 - 00000000 ____D C:\Program Files\Elantech
2016-09-16 09:35 - 2016-09-16 09:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-16 09:35 - 2016-09-16 09:35 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-09-16 09:35 - 2016-09-16 09:35 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2016-09-16 09:35 - 2016-09-16 09:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-16 09:35 - 2016-09-16 09:35 - 00000000 ____D C:\Program Files\Realtek
2016-09-16 09:35 - 2015-10-13 18:47 - 04388016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-09-16 09:35 - 2015-10-13 18:47 - 03060912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc.dll
2016-09-16 09:35 - 2015-10-13 18:47 - 02553520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-09-16 09:35 - 2015-10-13 18:47 - 00670512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-09-16 09:35 - 2015-10-13 18:47 - 00374904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-09-16 09:35 - 2015-10-13 18:47 - 00061560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-09-16 09:35 - 2015-10-13 16:55 - 05972783 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-09-16 09:33 - 2016-09-29 23:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-16 09:33 - 2016-09-16 09:33 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-09-16 09:32 - 2016-09-19 08:23 - 00436608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-16 08:31 - 2016-09-21 02:18 - 00024416 _____ (Greatis Software) C:\WINDOWS\system32\Drivers\regguard.sys
2016-09-15 23:58 - 2016-09-15 23:58 - 01556480 _____ C:\WINDOWS\is-C2PSL.exe
2016-09-15 23:58 - 2016-09-15 23:58 - 00026437 _____ C:\WINDOWS\is-C2PSL.msg
2016-09-15 23:58 - 2016-09-15 23:58 - 00000293 _____ C:\WINDOWS\is-C2PSL.lst
2016-09-15 23:39 - 2016-09-19 12:01 - 00001918 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-09-15 23:39 - 2016-09-19 11:59 - 00001966 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-09-15 23:39 - 2016-09-16 08:25 - 00000000 ____D C:\Program Files\CDBurnerXP
2016-09-15 23:39 - 2016-09-15 23:39 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Canneverbe Limited
2016-09-15 23:39 - 2016-09-15 23:39 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2016-09-15 21:52 - 2016-09-21 01:42 - 00958016 _____ C:\Users\Michal\Desktop\regrunlog.txt
2016-09-15 21:03 - 2016-09-29 23:12 - 00000268 _____ C:\WINDOWS\system32\PARTIZAN.TXT
2016-09-15 20:25 - 2016-09-28 11:09 - 00000000 ____D C:\ProgramData\RegRun
2016-09-15 20:24 - 2016-09-15 20:24 - 00040304 _____ (Greatis Software) C:\WINDOWS\system32\Drivers\Partizan.sys
2016-09-15 20:24 - 2016-09-15 20:24 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2016-09-15 20:23 - 2016-09-29 23:46 - 00000000 ____D C:\Users\Michal\Documents\RegRun2
2016-09-15 20:23 - 2016-09-28 11:02 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-09-15 20:23 - 2016-09-19 11:59 - 00001038 _____ C:\Users\Michal\Desktop\UnHackMe.lnk
2016-09-15 20:23 - 2016-09-16 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-09-15 20:23 - 2016-09-15 23:17 - 00000000 ____D C:\Program Files\UnHackMe
2016-09-15 20:23 - 2016-08-31 11:53 - 00015016 _____ (Greatis Software, LLC.) C:\WINDOWS\system32\Drivers\UnHackMeDrv.sys
2016-09-15 20:23 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2016-09-15 20:22 - 2016-09-15 20:22 - 00000000 ____D C:\Users\Michal\Downloads\unhackme
2016-09-15 18:30 - 2016-09-15 18:31 - 00000000 ____D C:\Program Files\żěŃą
2016-09-15 18:26 - 2016-09-19 18:08 - 00000000 ____D C:\ProgramData\Avira
2016-09-15 18:26 - 2016-09-15 18:26 - 00000000 ____D C:\ProgramData\Avg
2016-09-15 18:26 - 2016-09-15 18:26 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-15 17:52 - 2016-09-15 17:52 - 07090176 _____ C:\Users\Michal\AppData\Roaming\agent.dat
2016-09-15 17:52 - 2016-09-15 17:52 - 00018432 _____ C:\Users\Michal\AppData\Roaming\Main.dat
2016-09-15 17:51 - 2016-09-15 17:51 - 00140288 _____ C:\Users\Michal\AppData\Roaming\Installer.dat
2016-09-15 17:30 - 2016-09-19 11:59 - 00001758 _____ C:\Users\Public\Desktop\Championship Manager 4.lnk
2016-09-15 17:30 - 2016-09-16 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Championship Manager 4
2016-09-15 17:29 - 2016-09-15 17:29 - 00000000 ____D C:\Program Files\Eidos Interactive
2016-09-15 16:46 - 2016-09-19 12:00 - 00001038 _____ C:\Users\Public\Desktop\PM08.lnk
2016-09-15 16:46 - 2016-09-16 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoo Digital Publishing
2016-09-15 16:46 - 2016-09-15 16:46 - 00000000 ____D C:\Program Files\Zoo Digital Publishing
2016-09-15 15:35 - 2016-09-25 02:28 - 00000000 ____D C:\HRY
2016-09-14 17:32 - 2016-09-14 17:32 - 00000000 ____D C:\Users\Michal\Documents\FIFA 2003
2016-09-14 17:27 - 2016-09-14 17:27 - 00000000 ____D C:\Users\Michal\Downloads\FIFA_2003
2016-09-14 17:25 - 2016-09-14 17:25 - 00000000 ____D C:\Users\Michal\AppData\Local\Disc_Soft_Ltd
2016-09-14 17:20 - 2016-09-14 17:20 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-09-14 17:18 - 2016-09-14 17:28 - 00000000 ____D C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
2016-09-14 17:17 - 2016-09-14 17:17 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-09-12 18:36 - 2016-09-12 18:36 - 00169016 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2016-09-12 18:36 - 2016-09-12 18:36 - 00104568 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
2016-09-12 00:07 - 2016-09-19 11:59 - 00001937 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2016-09-12 00:07 - 2016-09-16 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2016-09-12 00:07 - 2016-09-12 00:07 - 00000000 ____D C:\Users\Michal\AppData\Local\DOSBox
2016-09-12 00:07 - 2016-09-12 00:07 - 00000000 ____D C:\Program Files\DOSBox-0.74
2016-09-07 11:36 - 2016-09-07 11:37 - 00000000 ____D C:\Users\Michal\Downloads\TO PRINT
2016-09-02 08:43 - 2016-09-02 08:43 - 00365536 _____ (DivX, LLC) C:\WINDOWS\system32\DivXControlPanelApplet.cpl
Nahoru
Invite1
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 zář 2016 17:05

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#7 Příspěvek od Invite1 »

FRST část 3:

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-29 23:38 - 2015-02-02 20:38 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Skype
2016-09-29 23:37 - 2015-02-28 17:23 - 00000000 ___RD C:\Users\Michal\OneDrive
2016-09-29 23:26 - 2016-07-16 10:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-29 10:16 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-29 08:23 - 2016-07-16 10:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-28 21:24 - 2014-11-25 16:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-28 21:23 - 2016-07-16 04:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-09-28 02:18 - 2016-06-10 09:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-27 21:56 - 2014-11-25 18:11 - 00002336 ____H C:\Users\Michal\Documents\Default.rdp
2016-09-27 15:25 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-09-26 12:25 - 2014-12-02 10:49 - 00115168 _____ C:\Users\Michal\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-26 08:20 - 2015-05-06 23:55 - 00000000 ____D C:\Users\Michal\.VirtualBox
2016-09-24 23:01 - 2015-05-06 23:56 - 00000000 ____D C:\Users\Michal\VirtualBox VMs
2016-09-24 23:00 - 2016-07-16 10:28 - 00000000 ____D C:\WINDOWS\INF
2016-09-24 21:16 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\Help
2016-09-24 19:39 - 2015-04-24 09:06 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-09-21 02:32 - 2016-07-16 19:01 - 00565094 _____ C:\WINDOWS\system32\perfh005.dat
2016-09-21 02:32 - 2016-07-16 19:01 - 00114116 _____ C:\WINDOWS\system32\perfc005.dat
2016-09-21 02:32 - 2016-03-14 23:35 - 01682420 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-20 06:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\rescache
2016-09-19 23:50 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-09-19 23:26 - 2014-11-27 10:18 - 141747376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-19 20:58 - 2014-11-25 17:47 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Opera Software
2016-09-19 20:58 - 2014-11-25 17:47 - 00000000 ____D C:\Users\Michal\AppData\Local\Opera Software
2016-09-19 20:58 - 2014-11-25 17:46 - 00000000 ____D C:\Program Files\Opera
2016-09-19 17:11 - 2016-07-16 04:22 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-09-19 12:01 - 2015-07-16 00:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-19 12:01 - 2014-11-28 11:27 - 00002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-09-19 12:00 - 2016-03-15 00:35 - 00001051 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2016-09-19 12:00 - 2016-03-15 00:29 - 00002437 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-19 12:00 - 2016-02-04 23:15 - 00000844 _____ C:\Users\Public\Desktop\Print CD.lnk
2016-09-19 12:00 - 2016-02-04 22:25 - 00001126 _____ C:\Users\Public\Desktop\Příručky společnosti EPSON.lnk
2016-09-19 12:00 - 2015-04-09 02:47 - 00001004 _____ C:\Users\Public\Desktop\Room Arranger.lnk
2016-09-19 12:00 - 2015-02-02 20:37 - 00002735 _____ C:\Users\Public\Desktop\Skype.lnk
2016-09-19 12:00 - 2015-01-31 22:09 - 00001084 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-09-19 12:00 - 2014-12-02 12:26 - 00002251 _____ C:\Users\Public\Desktop\Samsung Printer Diagnostics.lnk
2016-09-19 12:00 - 2014-11-25 17:48 - 00001005 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-09-19 11:59 - 2016-02-04 23:13 - 00002133 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2016-09-19 11:59 - 2016-02-04 22:24 - 00000950 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-09-19 11:59 - 2015-09-07 22:53 - 00001460 _____ C:\Users\Michal\Desktop\eKomunikátor.lnk
2016-09-19 11:59 - 2015-09-02 16:32 - 00002021 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2016-09-19 11:59 - 2015-07-16 00:01 - 00002037 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-09-19 11:59 - 2015-05-22 19:15 - 00002012 _____ C:\Users\Public\Desktop\Nokia PC Suite.lnk
2016-09-19 11:59 - 2015-01-30 12:16 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2016-09-19 11:59 - 2014-11-28 11:27 - 00002048 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-09-19 08:30 - 2015-02-02 20:37 - 00000000 ____D C:\ProgramData\Skype
2016-09-19 08:29 - 2015-12-14 12:24 - 00000000 ___RD C:\Program Files\Skype
2016-09-19 08:26 - 2016-03-15 00:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ___RD C:\Program Files\Windows Defender
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-19 08:20 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-19 08:20 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-09-17 08:30 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\appcompat
2016-09-16 12:30 - 2014-11-25 21:22 - 00000000 ____D C:\Program Files\Google
2016-09-16 10:43 - 2014-11-25 15:15 - 00000000 ____D C:\Users\Michal\AppData\Local\Packages
2016-09-16 10:31 - 2016-07-16 10:30 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-09-16 10:26 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-16 10:17 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-09-16 10:17 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\System
2016-09-16 10:17 - 2016-07-16 10:26 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dplayx.dll
2016-09-16 10:17 - 2016-07-16 10:26 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system\olecli.dll
2016-09-16 10:17 - 2016-07-16 10:26 - 00068992 _____ (Microsoft Corporation) C:\WINDOWS\system\MMSYSTEM.DLL
2016-09-16 10:17 - 2016-07-16 10:26 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpwsockx.dll
2016-09-16 10:17 - 2016-07-16 10:26 - 00032816 _____ (Microsoft Corporation) C:\WINDOWS\system\COMMDLG.DLL
2016-09-16 10:17 - 2016-07-16 10:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpmodemx.dll
2016-09-16 10:17 - 2016-07-16 10:26 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system\OLESVR.DLL
2016-09-16 10:17 - 2016-07-16 10:26 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dplaysvr.exe
2016-09-16 10:17 - 2016-07-16 10:26 - 00012704 _____ (Microsoft Corporation) C:\WINDOWS\system\WFWNET.DRV
2016-09-16 10:17 - 2016-07-16 10:26 - 00009936 _____ (Microsoft Corporation) C:\WINDOWS\system\lzexpand.dll
2016-09-16 10:17 - 2016-07-16 10:26 - 00009008 _____ (Microsoft Corporation) C:\WINDOWS\system\ver.dll
2016-09-16 10:17 - 2016-07-16 10:26 - 00005532 _____ (Microsoft Corporation) C:\WINDOWS\system\stdole.tlb
2016-09-16 10:17 - 2016-07-16 10:26 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system\SHELL.DLL
2016-09-16 10:16 - 2016-07-16 10:26 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00256192 _____ (Microsoft Corporation) C:\WINDOWS\winhelp.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\system32\lanman.drv
2016-09-16 10:16 - 2016-07-16 10:26 - 00177856 _____ (Microsoft Corporation) C:\WINDOWS\system32\typelib.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00169520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole2disp.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00153008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole2nls.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00127213 _____ C:\WINDOWS\system32\ega.cpi
2016-09-16 10:16 - 2016-07-16 10:26 - 00108464 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00092320 _____ (Microsoft Corporation) C:\WINDOWS\system32\krnl386.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\olecli.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00069886 _____ C:\WINDOWS\system32\edit.com
2016-09-16 10:16 - 2016-07-16 10:26 - 00068992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMSYSTEM.DLL
2016-09-16 10:16 - 2016-07-16 10:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\graftabl.com
2016-09-16 10:16 - 2016-07-16 10:26 - 00053600 _____ C:\WINDOWS\system32\dosx.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00050648 _____ C:\WINDOWS\system32\COMMAND.COM
2016-09-16 10:16 - 2016-07-16 10:26 - 00047840 _____ (Microsoft Corporation) C:\WINDOWS\system32\USER.EXE
2016-09-16 10:16 - 2016-07-16 10:26 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmspl.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00042809 _____ C:\WINDOWS\system32\KEY01.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00042592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole2.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00042537 _____ C:\WINDOWS\system32\KEYBOARD.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDEML.DLL
2016-09-16 10:16 - 2016-07-16 10:26 - 00039274 _____ C:\WINDOWS\system32\mem.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00035776 _____ C:\WINDOWS\system32\NTIO411.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00035552 _____ C:\WINDOWS\system32\NTIO412.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00034688 _____ C:\WINDOWS\system32\NTIO804.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00034688 _____ C:\WINDOWS\system32\NTIO404.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00033968 _____ C:\WINDOWS\system32\NTIO.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMMDLG.DLL
2016-09-16 10:16 - 2016-07-16 10:26 - 00029370 _____ C:\WINDOWS\system32\NTDOS411.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00029274 _____ C:\WINDOWS\system32\NTDOS412.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00029146 _____ C:\WINDOWS\system32\NTDOS804.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00029146 _____ C:\WINDOWS\system32\NTDOS404.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00028420 _____ C:\WINDOWS\system32\bios1.rom
2016-09-16 10:16 - 2016-07-16 10:26 - 00028112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DRWATSON.EXE
2016-09-16 10:16 - 2016-07-16 10:26 - 00027866 _____ C:\WINDOWS\system32\NTDOS.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00027792 _____ (Microsoft Corporation) C:\WINDOWS\system32\compobj.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00027200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ctl3dv2.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00027097 _____ C:\WINDOWS\system32\country.sys
2016-09-16 10:16 - 2016-07-16 10:26 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\GDI.EXE
2016-09-16 10:16 - 2016-07-16 10:26 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\OLESVR.DLL
2016-09-16 10:16 - 2016-07-16 10:26 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdmredir.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00021232 _____ C:\WINDOWS\system32\graphics.pro
2016-09-16 10:16 - 2016-07-16 10:26 - 00020634 _____ C:\WINDOWS\system32\debug.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00019694 _____ C:\WINDOWS\system32\GRAPHICS.COM
2016-09-16 10:16 - 2016-07-16 10:26 - 00018896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysedit.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00018832 _____ C:\WINDOWS\system32\v7vga.rom
2016-09-16 10:16 - 2016-07-16 10:26 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdmd.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00014710 _____ C:\WINDOWS\system32\KB16.COM
2016-09-16 10:16 - 2016-07-16 10:26 - 00013888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TOOLHELP.DLL
2016-09-16 10:16 - 2016-07-16 10:26 - 00013312 _____ C:\WINDOWS\system32\win87em.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00012704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFWNET.DRV
2016-09-16 10:16 - 2016-07-16 10:26 - 00012642 _____ C:\WINDOWS\system32\edlin.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00012498 _____ C:\WINDOWS\system32\append.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00011753 _____ C:\WINDOWS\system32\setver.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00010790 _____ C:\WINDOWS\system32\EDIT.HLP
2016-09-16 10:16 - 2016-07-16 10:26 - 00010544 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMM.drv
2016-09-16 10:16 - 2016-07-16 10:26 - 00009936 _____ (Microsoft Corporation) C:\WINDOWS\system32\lzexpand.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WIFEMAN.DLL
2016-09-16 10:16 - 2016-07-16 10:26 - 00009029 _____ C:\WINDOWS\system32\ANSI.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00009008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ver.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00008424 _____ C:\WINDOWS\system32\exe2bin.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00008191 _____ C:\WINDOWS\system32\bios4.rom
2016-09-16 10:16 - 2016-07-16 10:26 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win.com
2016-09-16 10:16 - 2016-07-16 10:26 - 00007052 _____ C:\WINDOWS\system32\nlsfunc.exe
2016-09-16 10:16 - 2016-07-16 10:26 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WINNLS.DLL
2016-09-16 10:16 - 2016-07-16 10:26 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHELL.DLL
2016-09-16 10:16 - 2016-07-16 10:26 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-09-16 10:16 - 2016-07-16 10:26 - 00004768 _____ C:\WINDOWS\system32\HIMEM.SYS
2016-09-16 10:16 - 2016-07-16 10:26 - 00004208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storage.dll
2016-09-16 10:12 - 2016-07-16 10:29 - 00000000 ____D C:\ProgramData\USOPrivate
2016-09-16 10:12 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Windows NT
2016-09-16 10:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-09-16 10:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\Registration
2016-09-16 10:08 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-09-16 10:02 - 2016-03-14 23:39 - 00021592 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-09-16 10:01 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\Media
2016-09-16 10:00 - 2016-07-16 10:29 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-16 09:51 - 2016-02-04 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-09-16 09:51 - 2015-10-30 17:10 - 00000000 ____D C:\WINDOWS\ShellNew
2016-09-16 09:51 - 2015-09-17 10:54 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DPD Czech
2016-09-16 09:51 - 2015-09-07 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eKomunikátor
2016-09-16 09:51 - 2015-09-02 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-09-16 09:51 - 2015-05-22 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
2016-09-16 09:51 - 2015-05-06 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-09-16 09:51 - 2015-04-09 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Room Arranger
2016-09-16 09:51 - 2015-01-31 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-09-16 09:51 - 2015-01-30 12:16 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2016-09-16 09:51 - 2014-12-02 12:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-09-16 09:51 - 2014-11-28 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Applications
2016-09-16 09:51 - 2014-11-28 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
2016-09-16 09:51 - 2014-11-28 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2016-09-16 09:51 - 2014-11-25 18:19 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-16 09:51 - 2014-11-25 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-16 09:51 - 2014-11-25 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2016-09-16 09:51 - 2014-11-25 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CryptoPlus CSe
2016-09-16 09:51 - 2014-11-25 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-09-16 09:50 - 2016-07-16 10:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-16 09:50 - 2015-10-30 07:13 - 00000000 ____D C:\Users\Default.migrated
2016-09-16 09:46 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\spool
2016-09-16 09:46 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-16 09:46 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-16 09:46 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-09-16 09:46 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-09-16 09:45 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-09-16 09:45 - 2014-12-15 12:21 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2016-09-16 09:45 - 2014-11-28 13:25 - 00000000 ____D C:\WINDOWS\system32\color
2016-09-16 09:44 - 2016-07-16 19:01 - 00000000 ____D C:\WINDOWS\OCR
2016-09-16 09:44 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\InputMethod
2016-09-16 09:44 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-16 09:44 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-16 09:44 - 2016-02-04 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-09-16 09:44 - 2015-12-14 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-16 09:44 - 2015-05-04 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP550 series
2016-09-16 09:39 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-16 09:36 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-09-16 09:36 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-09-16 08:55 - 2014-11-25 21:32 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-16 08:19 - 2016-06-29 20:19 - 00000953 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {6A653731-49CD-4528-B955-D80D32A60268}.job
2016-09-16 08:08 - 2016-02-09 19:08 - 00000953 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {FAED7BA1-FFB1-4FD8-8B6C-5D038F46AEDD}.job
2016-09-16 08:08 - 2016-02-09 19:08 - 00000767 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {FAED7BA1-FFB1-4FD8-8B6C-5D038F46AEDD}.job
2016-09-15 23:25 - 2016-06-29 20:25 - 00000953 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {387E95B3-64D8-4A2C-A354-544BAED01062}.job
2016-09-15 23:25 - 2016-06-29 20:25 - 00000767 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {387E95B3-64D8-4A2C-A354-544BAED01062}.job
2016-09-15 17:30 - 2014-11-28 13:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-09-15 17:28 - 2014-11-28 13:22 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-09-14 10:04 - 2014-11-27 10:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-08 16:44 - 2015-09-07 22:53 - 00000000 ____D C:\eKonto
2016-09-07 18:32 - 2016-07-16 10:31 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-07 18:32 - 2016-07-16 10:31 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-09-15 17:52 - 2016-09-15 17:52 - 7090176 _____ () C:\Users\Michal\AppData\Roaming\agent.dat
2016-09-15 17:51 - 2016-09-15 17:51 - 0140288 _____ () C:\Users\Michal\AppData\Roaming\Installer.dat
2016-09-15 17:52 - 2016-09-15 17:52 - 0018432 _____ () C:\Users\Michal\AppData\Roaming\Main.dat
2015-02-02 01:21 - 2015-02-02 01:21 - 0000600 _____ () C:\Users\Michal\AppData\Local\PUTTY.RND
2015-06-15 00:56 - 2015-06-15 00:56 - 0000017 _____ () C:\Users\Michal\AppData\Local\resmon.resmoncfg
2016-09-15 21:07 - 2016-09-19 08:27 - 0008064 _____ () C:\ProgramData\lmab.log

Some files in TEMP:
====================
C:\Users\Michal\AppData\Local\Temp\avgnt.exe
C:\Users\Michal\AppData\Local\Temp\libeay32.dll
C:\Users\Michal\AppData\Local\Temp\msvcr120.dll
C:\Users\Michal\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-28 02:39

==================== End of FRST.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7262
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#8 Příspěvek od altrok »

:arrow: Pekny malware - kazdych 10 vterin kontroloval, zda jsou zastupci infikovani. Po restartu dejte vedet, jak se PC chova.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {310a704f-82b0-11e6-9783-00261872d52f} - "W:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {310a7d5a-82b0-11e6-9783-00261872d52f} - "W:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {4b7b8046-8288-11e6-9783-00261872d52f} - "X:\Defender_of_the_Crown.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {4b7b898e-8288-11e6-9783-00261872d52f} - "G:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {4b7b905b-8288-11e6-9783-00261872d52f} - "V:\AutoPlay.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {557117d2-81b1-11e6-9783-00261872d52f} - "V:\autorun.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {86fd7ec8-8281-11e6-9783-00261872d52f} - "X:\Defender_of_the_Crown.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {9ccb60f0-81e8-11e6-9783-00261872d52f} - "V:\AutoPlay.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {aa237d99-81e1-11e6-9783-00261872d52f} - "W:\setup.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {ba9e9f59-81d3-11e6-9783-00261872d52f} - "W:\setup.EXE" /autorun
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {ba9eaa41-81d3-11e6-9783-00261872d52f} - "V:\autorun.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {c400481b-828e-11e6-9783-00261872d52f} - "W:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {d540219b-76ef-11e4-9719-806e6f6e6963} - "D:\menu.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {f564299f-81cc-11e6-9783-00261872d52f} - "W:\stub.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {f5643007-81cc-11e6-9783-00261872d52f} - "X:\stub.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {f5643b81-81cc-11e6-9783-00261872d52f} - "X:\setup.EXE" /autorun
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1644376603-1512953597-3634974712-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2016-09-28 21:18 - 2016-09-28 21:22 - 00000000 ____D C:\AdwCleaner
2016-09-28 21:16 - 2016-09-28 21:18 - 03861056 _____ C:\Users\Michal\Downloads\adwcleaner_6.020.exe
2016-09-28 11:13 - 2016-09-28 11:17 - 00000000 ____D C:\Program Files\trend micro
2016-09-28 11:13 - 2016-09-28 11:14 - 00000000 ____D C:\rsit
2016-09-28 11:10 - 2016-09-28 11:10 - 01107968 _____ C:\Users\Michal\Downloads\RSIT.exe
File: C:\Users\Michal\Downloads\7kaa.exe
2016-09-25 02:06 - 2016-09-25 02:06 - 00000000 _____ C:\WINDOWS\VDM4FDA.tmp
2016-09-25 02:06 - 2016-09-25 02:06 - 00000000 _____ C:\WINDOWS\VDM2CB1.tmp
2016-09-25 02:04 - 2016-09-25 02:04 - 00000000 _____ C:\WINDOWS\VDMCD2F.tmp
Folder: C:\Program Files\żěŃą
CustomCLSID: HKU\S-1-5-21-1644376603-1512953597-3634974712-1001_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" => No File
Task: {07EC378F-779D-426B-9200-38ADCA03257A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0D1F02BB-DC6B-41CE-A91F-0291FB4C3540} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2AFBCD0E-BAD0-4719-B5B5-E6B79F18939C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4937F1D0-B432-4426-BC9A-15C839A70B0B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4B41183B-0B0E-483C-A145-A3EAB49C8B49} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {57D08BC8-6B69-49EC-A99F-2F3AA0E04AED} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6AF5F008-0EC0-404C-8918-21F0E724BC5D} - System32\Tasks\{8FEB5FC6-9FB8-460C-8217-5E02C13488D5} => pcalua.exe -a C:\Users\Michal\AppData\Local\Temp\MSEDBF9.tmp\setupam.exe <==== ATTENTION
Task: {76B2E7F7-B8C7-4D51-BE62-F3CE8BACBEB2} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {8703BFAC-1BCD-4887-97A0-008AB7129CCB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8819D783-C91E-442B-9A53-4A361E975CB6} - System32\Tasks\{84705582-78A1-427E-B567-DF27740041EB} => pcalua.exe -a D:\setup.exe -d D:\
Task: {88272837-62A2-45F0-B493-0DD95940B431} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {921B2959-5288-4F4A-8D6E-2C5660B4039D} - \Optimize Start Menu Cache Files-S-1-5-21-1644376603-1512953597-3634974712-1001 -> No File <==== ATTENTION
Task: {A5D271AC-14DC-4489-AA96-43F721A2F3F8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BDFFE40C-1FB4-41FE-AB20-6249F28F53AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CAB73C78-99D8-4BDB-AB79-59894065F2AD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CB77812A-DE57-436D-AC78-274F389DAE98} - System32\Tasks\{AC452187-7E6C-4F36-9648-562B1C57AAB9} => pcalua.exe -a G:\directx\dxsetup.exe -d G:\
Task: {D5D78D7E-94E9-4B54-BF52-9DCCE995DF25} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Michal\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Michal\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Michal\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
FirewallRules: [{0975EC0B-49BC-4D43-9218-0D0FE5D6AD41}] => (Allow) C:\Program Files\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
File: C:\Program Files\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
Folder: C:\Program Files\GreatMaker
FirewallRules: [{CF7F55DF-C5A7-4EBE-9C0F-26539B751E6C}] => (Allow) C:\Program Files\LuDaShi\Utils\mininews.exe
FirewallRules: [{AE5F8F7C-135D-4B5B-B1D5-EEE378F6E2E2}] => (Allow) C:\Program Files\LuDaShi\Utils\mininews.exe
FirewallRules: [{A8F8B110-BEB0-42EB-807B-B5B73F56D9EE}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{B303AC13-19E0-4514-A54F-5327EEC497FB}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
C:\Program Files\LuDaShi
FirewallRules: [{6F42F9F8-7528-4D41-A7B8-9FE3F89FE33A}] => (Allow) C:\Users\Michal\AppData\Local\Temp\00031142\inst_buychannel_37.exe
FirewallRules: [{0F268BCB-E8D9-4224-8578-45D596158F70}] => (Allow) C:\Users\Michal\AppData\Local\Temp\00031142\inst_buychannel_37.exe
FirewallRules: [{FD4686B7-9FA3-4499-A54A-685A9D3DAB37}] => (Allow) C:\Users\Michal\AppData\Local\Temp\is-SBOFJ.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{506E4A74-60EE-480B-818C-C462D2B9A08D}] => (Allow) C:\Program Files\UCBrowser\Application\UCBrowser.exe
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Invite1
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 zář 2016 17:05

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#9 Příspěvek od Invite1 »

Dobrý den,

fixlog se vytvořil ještě před restartem.
Před fixem mi ještě psal Malwarebytes malware Kuaizip. Ten už jsem dříve odstraňoval, ale asi se zase dostal zpátky.
Je možné prosím ověřit, zda je PC kompletně čistý?

Děkuji.

FRST fixlog:
Fix result of Farbar Recovery Scan Tool (x86) Version: 28-09-2016
Ran by Michal (30-09-2016 13:29:12) Run:1
Running from C:\Users\Michal\Downloads
Loaded Profiles: Michal & (Available Profiles: Michal)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {310a704f-82b0-11e6-9783-00261872d52f} - "W:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {310a7d5a-82b0-11e6-9783-00261872d52f} - "W:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {4b7b8046-8288-11e6-9783-00261872d52f} - "X:\Defender_of_the_Crown.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {4b7b898e-8288-11e6-9783-00261872d52f} - "G:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {4b7b905b-8288-11e6-9783-00261872d52f} - "V:\AutoPlay.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {557117d2-81b1-11e6-9783-00261872d52f} - "V:\autorun.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {86fd7ec8-8281-11e6-9783-00261872d52f} - "X:\Defender_of_the_Crown.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {9ccb60f0-81e8-11e6-9783-00261872d52f} - "V:\AutoPlay.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {aa237d99-81e1-11e6-9783-00261872d52f} - "W:\setup.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {ba9e9f59-81d3-11e6-9783-00261872d52f} - "W:\setup.EXE" /autorun
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {ba9eaa41-81d3-11e6-9783-00261872d52f} - "V:\autorun.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {c400481b-828e-11e6-9783-00261872d52f} - "W:\auto.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {d540219b-76ef-11e4-9719-806e6f6e6963} - "D:\menu.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {f564299f-81cc-11e6-9783-00261872d52f} - "W:\stub.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {f5643007-81cc-11e6-9783-00261872d52f} - "X:\stub.exe"
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\...\MountPoints2: {f5643b81-81cc-11e6-9783-00261872d52f} - "X:\setup.EXE" /autorun
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1644376603-1512953597-3634974712-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2016-09-28 21:18 - 2016-09-28 21:22 - 00000000 ____D C:\AdwCleaner
2016-09-28 21:16 - 2016-09-28 21:18 - 03861056 _____ C:\Users\Michal\Downloads\adwcleaner_6.020.exe
2016-09-28 11:13 - 2016-09-28 11:17 - 00000000 ____D C:\Program Files\trend micro
2016-09-28 11:13 - 2016-09-28 11:14 - 00000000 ____D C:\rsit
2016-09-28 11:10 - 2016-09-28 11:10 - 01107968 _____ C:\Users\Michal\Downloads\RSIT.exe
File: C:\Users\Michal\Downloads\7kaa.exe
2016-09-25 02:06 - 2016-09-25 02:06 - 00000000 _____ C:\WINDOWS\VDM4FDA.tmp
2016-09-25 02:06 - 2016-09-25 02:06 - 00000000 _____ C:\WINDOWS\VDM2CB1.tmp
2016-09-25 02:04 - 2016-09-25 02:04 - 00000000 _____ C:\WINDOWS\VDMCD2F.tmp
Folder: C:\Program Files\żěŃą
CustomCLSID: HKU\S-1-5-21-1644376603-1512953597-3634974712-1001_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" => No File
Task: {07EC378F-779D-426B-9200-38ADCA03257A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0D1F02BB-DC6B-41CE-A91F-0291FB4C3540} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2AFBCD0E-BAD0-4719-B5B5-E6B79F18939C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4937F1D0-B432-4426-BC9A-15C839A70B0B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4B41183B-0B0E-483C-A145-A3EAB49C8B49} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {57D08BC8-6B69-49EC-A99F-2F3AA0E04AED} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6AF5F008-0EC0-404C-8918-21F0E724BC5D} - System32\Tasks\{8FEB5FC6-9FB8-460C-8217-5E02C13488D5} => pcalua.exe -a C:\Users\Michal\AppData\Local\Temp\MSEDBF9.tmp\setupam.exe <==== ATTENTION
Task: {76B2E7F7-B8C7-4D51-BE62-F3CE8BACBEB2} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {8703BFAC-1BCD-4887-97A0-008AB7129CCB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8819D783-C91E-442B-9A53-4A361E975CB6} - System32\Tasks\{84705582-78A1-427E-B567-DF27740041EB} => pcalua.exe -a D:\setup.exe -d D:\
Task: {88272837-62A2-45F0-B493-0DD95940B431} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {921B2959-5288-4F4A-8D6E-2C5660B4039D} - \Optimize Start Menu Cache Files-S-1-5-21-1644376603-1512953597-3634974712-1001 -> No File <==== ATTENTION
Task: {A5D271AC-14DC-4489-AA96-43F721A2F3F8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BDFFE40C-1FB4-41FE-AB20-6249F28F53AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CAB73C78-99D8-4BDB-AB79-59894065F2AD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CB77812A-DE57-436D-AC78-274F389DAE98} - System32\Tasks\{AC452187-7E6C-4F36-9648-562B1C57AAB9} => pcalua.exe -a G:\directx\dxsetup.exe -d G:\
Task: {D5D78D7E-94E9-4B54-BF52-9DCCE995DF25} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Michal\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Michal\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Michal\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
FirewallRules: [{0975EC0B-49BC-4D43-9218-0D0FE5D6AD41}] => (Allow) C:\Program Files\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
File: C:\Program Files\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
Folder: C:\Program Files\GreatMaker
FirewallRules: [{CF7F55DF-C5A7-4EBE-9C0F-26539B751E6C}] => (Allow) C:\Program Files\LuDaShi\Utils\mininews.exe
FirewallRules: [{AE5F8F7C-135D-4B5B-B1D5-EEE378F6E2E2}] => (Allow) C:\Program Files\LuDaShi\Utils\mininews.exe
FirewallRules: [{A8F8B110-BEB0-42EB-807B-B5B73F56D9EE}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{B303AC13-19E0-4514-A54F-5327EEC497FB}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
C:\Program Files\LuDaShi
FirewallRules: [{6F42F9F8-7528-4D41-A7B8-9FE3F89FE33A}] => (Allow) C:\Users\Michal\AppData\Local\Temp\00031142\inst_buychannel_37.exe
FirewallRules: [{0F268BCB-E8D9-4224-8578-45D596158F70}] => (Allow) C:\Users\Michal\AppData\Local\Temp\00031142\inst_buychannel_37.exe
FirewallRules: [{FD4686B7-9FA3-4499-A54A-685A9D3DAB37}] => (Allow) C:\Users\Michal\AppData\Local\Temp\is-SBOFJ.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{506E4A74-60EE-480B-818C-C462D2B9A08D}] => (Allow) C:\Program Files\UCBrowser\Application\UCBrowser.exe
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310a704f-82b0-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{310a704f-82b0-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310a7d5a-82b0-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{310a7d5a-82b0-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b8046-8288-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{4b7b8046-8288-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b898e-8288-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{4b7b898e-8288-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b905b-8288-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{4b7b905b-8288-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{557117d2-81b1-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{557117d2-81b1-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86fd7ec8-8281-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{86fd7ec8-8281-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ccb60f0-81e8-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{9ccb60f0-81e8-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa237d99-81e1-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{aa237d99-81e1-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9e9f59-81d3-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{ba9e9f59-81d3-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9eaa41-81d3-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{ba9eaa41-81d3-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c400481b-828e-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{c400481b-828e-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d540219b-76ef-11e4-9719-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{d540219b-76ef-11e4-9719-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f564299f-81cc-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{f564299f-81cc-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5643007-81cc-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{f5643007-81cc-11e6-9783-00261872d52f} => key not found.
"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5643b81-81cc-11e6-9783-00261872d52f}" => key removed successfully.
HKCR\CLSID\{f5643b81-81cc-11e6-9783-00261872d52f} => key not found.
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1644376603-1512953597-3634974712-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
C:\AdwCleaner => moved successfully
C:\Users\Michal\Downloads\adwcleaner_6.020.exe => moved successfully
C:\Program Files\trend micro => moved successfully
C:\rsit => moved successfully
C:\Users\Michal\Downloads\RSIT.exe => moved successfully

========================= File: C:\Users\Michal\Downloads\7kaa.exe ========================

File not signed
MD5: 68056CA8BB01484E915C8CAE3161A951
Creation and modification date: 2016-09-25 02:24 - 2016-09-25 02:25
Size: 1754126
Attributes: ----A
Company Name: 7kfans.com
Internal Name: 7kaa
Original Name: 7kaa.exe
Product: Seven Kingdoms: Ancient Adversaries
Description: Seven Kingdoms: Ancient Adversaries executable for Windows (from the open-source project)
File Version: 2.14.6
Product Version: 2.14.6
Copyright: Source code under GPL license

====== End of File: ======

C:\WINDOWS\VDM4FDA.tmp => moved successfully
C:\WINDOWS\VDM2CB1.tmp => moved successfully
C:\WINDOWS\VDMCD2F.tmp => moved successfully

========================= Folder: C:\Program Files\żěŃą ========================

2016-09-15 18:31 - 2016-09-15 18:31 - 0000049 _____ () C:\Program Files\żěŃą\__-________.URL
2016-09-15 18:31 - 2016-09-15 18:31 - 0000032 _____ () C:\Program Files\żěŃą\7zNew.dat
2016-09-15 18:31 - 2016-09-15 18:31 - 0005644 _____ () C:\Program Files\żěŃą\ErrorMsg.xml
2016-09-15 18:31 - 2016-09-15 18:31 - 0000074 _____ () C:\Program Files\żěŃą\KzNew.dat
2016-09-15 18:31 - 2016-09-15 18:31 - 0001553 _____ () C:\Program Files\żěŃą\readme.txt
2016-09-15 18:31 - 2016-09-15 18:31 - 0005830 _____ () C:\Program Files\żěŃą\SLDefault.xml
2016-09-15 18:31 - 2016-09-15 18:31 - 0000022 _____ () C:\Program Files\żěŃą\ZipNew.dat
2016-09-15 18:31 - 2016-09-15 18:31 - 0000000 ____D () C:\Program Files\żěŃą\ali
2016-09-15 18:31 - 2016-09-15 18:31 - 0008222 _____ () C:\Program Files\żěŃą\ali\jp.png
2016-09-15 18:31 - 2016-09-15 18:31 - 0120190 _____ () C:\Program Files\żěŃą\ali\kzshop.ico
2016-09-15 18:31 - 2016-09-15 18:31 - 0000000 ____D () C:\Program Files\żěŃą\data
2016-09-15 18:31 - 2016-09-15 18:31 - 0018846 _____ () C:\Program Files\żěŃą\data\slimdata.dat
2016-09-15 18:31 - 2016-09-15 18:31 - 0000000 ____D () C:\Program Files\żěŃą\skin
2016-09-15 18:31 - 2016-09-15 18:31 - 0469629 _____ () C:\Program Files\żěŃą\skin\disopt.skn
2016-09-15 18:31 - 2016-09-19 22:55 - 0000000 ____D () C:\Program Files\żěŃą\X86
2016-09-15 18:31 - 2016-09-15 18:31 - 0955328 _____ (Igor Pavlov) C:\Program Files\żěŃą\X86\7z.dll
2016-09-15 18:31 - 2016-09-15 18:31 - 0707520 _____ () C:\Program Files\żěŃą\X86\DuiLib.dll
2016-09-15 18:31 - 2016-09-15 18:31 - 0089536 _____ (Shanda Innovations) C:\Program Files\żěŃą\X86\finderlib.dll
2016-09-15 18:31 - 2016-09-15 18:31 - 0068168 _____ (WinMount International Inc) C:\Program Files\żěŃą\X86\KuaiZipDrive.sys
2016-09-15 18:31 - 2016-09-15 18:31 - 0482752 _____ () C:\Program Files\żěŃą\X86\KZFormat.dll
2016-09-15 18:31 - 2016-09-15 18:31 - 0907712 _____ () C:\Program Files\żěŃą\X86\KZModule.dll
2016-09-15 18:31 - 2016-09-15 18:31 - 0120256 _____ () C:\Program Files\żěŃą\X86\Mount.dll
2016-09-15 18:31 - 2016-09-15 18:31 - 0149440 _____ () C:\Program Files\żěŃą\X86\MountCore.dll
2016-09-15 18:31 - 2016-09-15 18:31 - 0146880 _____ (上海广乐网络科技有限公司) C:\Program Files\żěŃą\X86\SetupHelper.exe
2016-09-15 18:31 - 2016-09-15 18:31 - 0690112 _____ () C:\Program Files\żěŃą\X86\UpdateChecker.exe
2016-09-15 18:31 - 2016-09-15 18:31 - 0000000 ____D () C:\Program Files\żěŃą\X86\lang
2016-09-15 18:31 - 2016-09-15 18:31 - 0188864 _____ () C:\Program Files\żěŃą\X86\lang\Chs_Lang.dll
2016-09-15 18:31 - 2016-09-15 18:31 - 0000000 ____D () C:\Program Files\żěŃą\X86\sfx
2016-09-15 18:31 - 2016-09-15 18:31 - 0594432 _____ () C:\Program Files\żěŃą\X86\sfx\kzSetup_chs.sfx

====== End of Folder: ======

"HKU\S-1-5-21-1644376603-1512953597-3634974712-1001_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07EC378F-779D-426B-9200-38ADCA03257A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07EC378F-779D-426B-9200-38ADCA03257A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D1F02BB-DC6B-41CE-A91F-0291FB4C3540}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D1F02BB-DC6B-41CE-A91F-0291FB4C3540}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2AFBCD0E-BAD0-4719-B5B5-E6B79F18939C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AFBCD0E-BAD0-4719-B5B5-E6B79F18939C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4937F1D0-B432-4426-BC9A-15C839A70B0B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4937F1D0-B432-4426-BC9A-15C839A70B0B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B41183B-0B0E-483C-A145-A3EAB49C8B49}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B41183B-0B0E-483C-A145-A3EAB49C8B49}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57D08BC8-6B69-49EC-A99F-2F3AA0E04AED}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57D08BC8-6B69-49EC-A99F-2F3AA0E04AED}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AF5F008-0EC0-404C-8918-21F0E724BC5D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AF5F008-0EC0-404C-8918-21F0E724BC5D}" => key removed successfully.
C:\Windows\System32\Tasks\{8FEB5FC6-9FB8-460C-8217-5E02C13488D5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8FEB5FC6-9FB8-460C-8217-5E02C13488D5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76B2E7F7-B8C7-4D51-BE62-F3CE8BACBEB2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76B2E7F7-B8C7-4D51-BE62-F3CE8BACBEB2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8703BFAC-1BCD-4887-97A0-008AB7129CCB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8703BFAC-1BCD-4887-97A0-008AB7129CCB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8819D783-C91E-442B-9A53-4A361E975CB6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8819D783-C91E-442B-9A53-4A361E975CB6}" => key removed successfully.
C:\Windows\System32\Tasks\{84705582-78A1-427E-B567-DF27740041EB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84705582-78A1-427E-B567-DF27740041EB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88272837-62A2-45F0-B493-0DD95940B431}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88272837-62A2-45F0-B493-0DD95940B431}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{921B2959-5288-4F4A-8D6E-2C5660B4039D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{921B2959-5288-4F4A-8D6E-2C5660B4039D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1644376603-1512953597-3634974712-1001" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5D271AC-14DC-4489-AA96-43F721A2F3F8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5D271AC-14DC-4489-AA96-43F721A2F3F8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDFFE40C-1FB4-41FE-AB20-6249F28F53AF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDFFE40C-1FB4-41FE-AB20-6249F28F53AF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAB73C78-99D8-4BDB-AB79-59894065F2AD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAB73C78-99D8-4BDB-AB79-59894065F2AD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB77812A-DE57-436D-AC78-274F389DAE98}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB77812A-DE57-436D-AC78-274F389DAE98}" => key removed successfully.
C:\Windows\System32\Tasks\{AC452187-7E6C-4F36-9648-562B1C57AAB9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC452187-7E6C-4F36-9648-562B1C57AAB9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5D78D7E-94E9-4B54-BF52-9DCCE995DF25}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5D78D7E-94E9-4B54-BF52-9DCCE995DF25}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully.
C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully..
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0975EC0B-49BC-4D43-9218-0D0FE5D6AD41} => value removed successfully.

========================= File: C:\Program Files\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe ========================

"C:\Program Files\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe" => not found.
====== End of File: ======


========================= Folder: C:\Program Files\GreatMaker ========================

not found.

====== End of Folder: ======

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF7F55DF-C5A7-4EBE-9C0F-26539B751E6C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE5F8F7C-135D-4B5B-B1D5-EEE378F6E2E2} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8F8B110-BEB0-42EB-807B-B5B73F56D9EE} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B303AC13-19E0-4514-A54F-5327EEC497FB} => value removed successfully.
"C:\Program Files\LuDaShi" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F42F9F8-7528-4D41-A7B8-9FE3F89FE33A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F268BCB-E8D9-4224-8578-45D596158F70} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD4686B7-9FA3-4499-A54A-685A9D3DAB37} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{506E4A74-60EE-480B-818C-C462D2B9A08D} => value removed successfully.

========= dir "C:\PROGRA~1" =========

Volume in drive C has no label.
Volume Serial Number is 58EF-35DE

Directory of C:\PROGRA~1

30. 09. 2016 13:30 <DIR> .
30. 09. 2016 13:30 <DIR> ..
06. 05. 2015 23:52 <DIR> 7-Zip
28. 11. 2014 13:25 <DIR> Abbyy FineReader 6.0 Sprint
16. 07. 2015 00:01 <DIR> Adobe
28. 11. 2014 14:13 <DIR> ASUS
19. 09. 2016 18:08 <DIR> Avira
02. 09. 2015 16:30 <DIR> Brother
02. 09. 2015 16:29 <DIR> Browny02
02. 09. 2015 16:30 <DIR> BrownyInd
16. 09. 2016 08:25 <DIR> CDBurnerXP
24. 09. 2016 02:39 <DIR> Common Files
02. 09. 2015 16:29 <DIR> ControlCenter4
25. 11. 2014 17:19 <DIR> CryptoPlus
22. 05. 2015 19:16 <DIR> DIFX
24. 09. 2016 19:39 <DIR> DivX
12. 09. 2016 00:07 <DIR> DOSBox-0.74
15. 09. 2016 17:29 <DIR> Eidos Interactive
16. 09. 2016 09:36 <DIR> Elantech
19. 09. 2016 23:15 <DIR> EMET 5.5
04. 02. 2016 23:13 <DIR> epson
05. 02. 2016 12:35 <DIR> EPSON Software
04. 02. 2016 22:32 <DIR> EpsonNet
16. 09. 2016 12:30 <DIR> Google
19. 09. 2016 08:20 <DIR> Internet Explorer
28. 11. 2014 13:29 <DIR> Lexmark
28. 11. 2014 13:25 <DIR> Lexmark Applications
20. 09. 2016 01:06 <DIR> Malwarebytes Anti-Malware
24. 09. 2016 23:30 <DIR> Microprose
25. 11. 2014 17:00 <DIR> Microsoft Office
25. 11. 2014 17:00 <DIR> Microsoft Visual Studio
25. 11. 2014 17:00 <DIR> Microsoft Works
16. 07. 2016 10:29 <DIR> Microsoft.NET
28. 09. 2016 02:18 <DIR> Mozilla Firefox
28. 09. 2016 21:24 <DIR> Mozilla Maintenance Service
24. 09. 2016 19:39 <DIR> Mozilla Thunderbird
16. 09. 2016 09:51 <DIR> MSBuild
22. 05. 2015 19:15 <DIR> Nokia
16. 09. 2016 09:44 <DIR> NVIDIA Corporation
30. 01. 2015 12:16 <DIR> OpenOffice 4
19. 09. 2016 20:58 <DIR> Opera
24. 09. 2016 22:59 <DIR> Oracle
22. 05. 2015 19:14 <DIR> PC Connectivity Solution
25. 11. 2014 17:49 <DIR> PDFCreator
16. 09. 2016 09:35 <DIR> Realtek
16. 09. 2016 10:17 <DIR> Reference Assemblies
09. 04. 2015 02:47 <DIR> Room Arranger
31. 03. 2015 17:52 <DIR> Samsung
25. 11. 2014 17:24 <DIR> SamsungPrinterLiveUpdate
15. 03. 2016 17:43 <DIR> SamsungPrinterLiveUpdateInstaller
24. 09. 2016 03:18 <DIR> Sierra On-Line
19. 09. 2016 08:29 <DIR> Skype
19. 09. 2016 15:49 <DIR> Spybot - Search & Destroy 2
15. 09. 2016 23:17 <DIR> UnHackMe
19. 09. 2016 08:20 <DIR> Windows Defender
16. 09. 2016 09:44 <DIR> Windows Mail
19. 09. 2016 08:20 <DIR> Windows Media Player
16. 07. 2016 10:29 <DIR> Windows Multimedia Platform
16. 09. 2016 10:12 <DIR> Windows NT
16. 07. 2016 19:01 <DIR> Windows Photo Viewer
16. 07. 2016 10:29 <DIR> Windows Portable Devices
16. 07. 2016 10:29 <DIR> WindowsPowerShell
25. 11. 2014 18:19 <DIR> WinRAR
15. 09. 2016 16:46 <DIR> Zoo Digital Publishing
15. 09. 2016 18:31 <DIR> ľŘăĄ
0 File(s) 0 bytes
65 Dir(s) 93˙658˙820˙608 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~2" =========

Volume in drive C has no label.
Volume Serial Number is 58EF-35DE

Directory of C:\PROGRA~2

16. 07. 2015 00:00 <DIR> Adobe
15. 09. 2016 18:26 <DIR> AVAST Software
15. 09. 2016 18:26 <DIR> Avg
19. 09. 2016 18:08 <DIR> Avira
27. 05. 2015 20:17 <DIR> boost_interprocess
02. 09. 2015 16:32 <DIR> Brother
15. 09. 2016 23:39 <DIR> Canneverbe Limited
16. 07. 2016 10:29 <DIR> Comms
02. 09. 2015 16:29 <DIR> ControlCenter4
19. 09. 2016 13:35 <DIR> CPInstall
14. 09. 2016 17:17 <DIR> DAEMON Tools Lite
24. 09. 2016 19:39 <DIR> DivX
14. 07. 2016 19:31 <DIR> Epson
22. 05. 2015 19:08 <DIR> Installations
19. 09. 2016 08:27 8˙064 lmab.log
19. 09. 2016 10:33 <DIR> Malwarebytes
25. 11. 2014 21:32 <DIR> McAfee
07. 01. 2016 11:57 <DIR> Microsoft Help
16. 09. 2016 10:27 <DIR> Microsoft OneDrive
25. 11. 2014 16:08 <DIR> Mozilla
29. 09. 2016 23:13 <DIR> NVIDIA
16. 09. 2016 09:35 <DIR> NVIDIA Corporation
24. 09. 2016 19:38 <DIR> Package Cache
15. 07. 2015 18:36 <DIR> PC Suite
16. 09. 2016 09:50 <DIR> regid.1991-06.com.microsoft
28. 09. 2016 11:09 <DIR> RegRun
09. 04. 2015 02:47 <DIR> Room Arranger
15. 03. 2016 17:43 <DIR> Samsung
19. 09. 2016 08:30 <DIR> Skype
25. 11. 2014 17:19 <DIR> SmartCard Reader Installation
16. 07. 2016 10:29 <DIR> SoftwareDistribution
04. 02. 2016 23:13 <DIR> Sony Corporation
19. 09. 2016 16:21 <DIR> Spybot - Search & Destroy
04. 02. 2016 23:13 <DIR> UDL
16. 09. 2016 10:12 <DIR> USOPrivate
16. 09. 2016 10:12 <DIR> USOShared
1 File(s) 8˙064 bytes
35 Dir(s) 93˙658˙779˙648 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~3" =========

Volume in drive C has no label.
Volume Serial Number is 58EF-35DE

Directory of C:\

File Not Found

========= End of CMD: =========


========= dir "%localappdata%" =========

Volume in drive C has no label.
Volume Serial Number is 58EF-35DE

Directory of C:\Users\Michal\AppData\Local

28. 09. 2016 21:21 <DIR> .
28. 09. 2016 21:21 <DIR> ..
15. 03. 2016 00:25 <DIR> ActiveSync
03. 08. 2016 19:39 <DIR> Adobe
17. 09. 2015 10:54 <DIR> Apps
08. 08. 2015 00:21 <DIR> CEF
15. 03. 2016 00:24 <DIR> Comms
16. 09. 2016 11:19 <DIR> ConnectedDevicesPlatform
12. 09. 2016 00:05 <DIR> Diagnostics
14. 09. 2016 17:25 <DIR> Disc_Soft_Ltd
12. 09. 2016 00:07 <DIR> DOSBox
30. 05. 2016 10:14 <DIR> ElevatedDiagnostics
26. 09. 2016 12:25 115˙168 GDIPFONTCACHEV1.DAT
14. 09. 2015 08:25 <DIR> Google
15. 06. 2015 01:46 <DIR> GWX
26. 11. 2014 17:14 <DIR> Macromedia
21. 09. 2016 11:41 <DIR> Microsoft
17. 09. 2015 10:21 <DIR> Microsoft Help
15. 03. 2016 01:19 <DIR> MicrosoftEdge
25. 11. 2014 16:08 <DIR> Mozilla
15. 03. 2016 00:39 <DIR> NetworkTiles
26. 01. 2015 23:44 <DIR> NewSoft
19. 09. 2016 20:58 <DIR> Opera Software
16. 09. 2016 10:43 <DIR> Packages
25. 11. 2014 18:14 <DIR> PDFCreator
25. 11. 2014 17:19 <DIR> Programs
15. 03. 2016 00:25 <DIR> Publishers
02. 02. 2015 01:21 600 PUTTY.RND
15. 06. 2015 00:56 17 resmon.resmoncfg
05. 08. 2016 09:25 <DIR> Room Arranger
17. 04. 2016 10:21 <DIR> SkinSoft
14. 12. 2015 12:24 <DIR> Skype
30. 09. 2016 13:30 <DIR> Temp
28. 11. 2014 11:27 <DIR> Thunderbird
15. 03. 2016 00:23 <DIR> TileDataLayer
29. 01. 2016 02:14 <DIR> VirtualStore
3 File(s) 115˙785 bytes
33 Dir(s) 93˙658˙771˙456 bytes free

========= End of CMD: =========


========= dir "%appdata%" =========

Volume in drive C has no label.
Volume Serial Number is 58EF-35DE

Directory of C:\Users\Michal\AppData\Roaming

28. 09. 2016 21:21 <DIR> .
28. 09. 2016 21:21 <DIR> ..
26. 01. 2015 23:45 <DIR> .oit
25. 09. 2016 02:31 <DIR> 7kfans.com
16. 07. 2015 00:35 <DIR> Adobe
15. 09. 2016 17:52 7˙090˙176 agent.dat
19. 09. 2016 18:07 <DIR> Avira
07. 09. 2015 13:01 <DIR> Brother
15. 09. 2016 23:39 <DIR> Canneverbe Limited
04. 02. 2016 22:36 <DIR> Canon
03. 09. 2015 14:43 <DIR> ControlCenter4
25. 11. 2014 17:19 <DIR> CSAS
14. 09. 2016 17:28 <DIR> DAEMON Tools Lite
24. 09. 2016 21:45 <DIR> DivX
14. 07. 2016 19:31 <DIR> Epson
25. 01. 2016 19:11 <DIR> gtk-2.0
27. 07. 2016 22:47 <DIR> Haenlein-Software
14. 03. 2015 21:13 <DIR> Identities
15. 09. 2016 17:51 140˙288 Installer.dat
02. 09. 2015 16:27 <DIR> InstallShield
25. 11. 2014 15:23 <DIR> Macromedia
15. 09. 2016 17:52 18˙432 Main.dat
25. 11. 2014 15:50 <DIR> Mikrotik
25. 11. 2014 16:08 <DIR> Mozilla
26. 01. 2015 23:45 <DIR> NewSoft
23. 05. 2015 01:15 <DIR> Nokia
07. 05. 2015 00:25 <DIR> NVIDIA
30. 01. 2015 12:53 <DIR> OpenOffice
19. 09. 2016 20:58 <DIR> Opera Software
22. 05. 2015 19:17 <DIR> PC Suite
15. 09. 2016 18:38 <DIR> Profiles
09. 04. 2015 02:52 <DIR> Room Arranger
31. 03. 2015 18:00 <DIR> Samsung
30. 09. 2016 13:29 <DIR> Skype
28. 11. 2014 11:27 <DIR> Thunderbird
28. 11. 2014 13:06 <DIR> WinRAR
3 File(s) 7˙248˙896 bytes
33 Dir(s) 93˙658˙488˙832 bytes free

========= End of CMD: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

=========== EmptyTemp: ==========

BITS transfer queue => 303586 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21705147 B
Java, Flash, Steam htmlcache => 1008 B
Windows/system/drivers => 183827872 B
Edge => 168099491 B
Chrome => 426658269 B
Firefox => 45223134 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 22288534 B
NetworkService => 90744 B
Michal => 202768658 B

RecycleBin => 2540998647 B
EmptyTemp: => 3.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:35:17 ====
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7262
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#10 Příspěvek od altrok »

Urcite jeste zkontrolujeme. Vlozte nove logy FRST.txt, Addition.txt a Shortcuts.txt - pred zahajenim skenovani tuto volbu zatrhnete. Jak dojedu domu (v noci/zitra), tak na Vas mrknu. Sledujte prosim, jake problemy na PC pozorujete ted.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Invite1
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 zář 2016 17:05

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#11 Příspěvek od Invite1 »

Dobrý den,

v příloze posílám všechny 3 logy z FRST + log z Malwarebytes, který stále detekuje Kuaizip

Moc děkuji za pomoc.
Přílohy
Downloads.rar
(49.96 KiB) Staženo 47 x
Nahoru
Invite1
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 zář 2016 17:05

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#12 Příspěvek od Invite1 »

program UnhackMe ještě hlásí jako podezřelý tento soubor: C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_11.8.190.0_X86__KZF8QXF38ZG5C\SKYPEHOST.EXE
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7262
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#13 Příspěvek od altrok »

:arrow: Kam se dostanete po dvojkliku na C:\Users\Michal\Documents\Tento počítač – zástupce.lnk a C:\Users\Michal\Links\RecentPlaces.lnk?



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\żěŃą
File: C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_11.8.190.0_X86__KZF8QXF38ZG5C\SKYPEHOST.EXE
File: C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
File: C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x86__kzf8qxf38zg5c\SkyWrap.dll
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Invite1
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 zář 2016 17:05

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#14 Příspěvek od Invite1 »

fixlog před restartem a scan soubory po restartu v příloze.
Děkuji.
Přílohy
Downloads.rar
(50.99 KiB) Staženo 42 x
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7262
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc s odstraněním malware - Yeabests.cc

#15 Příspěvek od altrok »

:arrow: Soubor C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_11.8.190.0_X86__KZF8QXF38ZG5C\SKYPEHOST.EXE, na ktery UnHackMe upozornuje, je s nejvetsi pravdepodobnosti false positive https://virustotal.com/en/file/6041dc35 ... /analysis/


:arrow: Kuaizip jsme v poslednim kroku smazali.


:arrow: Dalsi malware v PC nevidim - popiste prosim soucasne problemy, ktere na PC pozorujete.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“