Problém s malware

[karelsoucek]

Zdravím, prosím o kontrolu logu:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by Karek (administrator) on KAREK-PC on 25-11-2013 09:15:59
Running from C:\Users\Karek\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(WebSparkle) C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe
(WebSparkle) C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe
(Dropbox, Inc.) C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20551328 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [FMCore.exe] - C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe [9504768 2013-07-25] (Celartem, Inc., doing business as Extensis.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/inde ... 52726A7D54
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {B1621800-AC5C-4088-BDEB-332A51E18368} URL = http://search.us.com/serp?guid={BEBE9FA ... earchTerms}
SearchScopes: HKCU - {308B62F7-D79F-43D0-92BC-9038C1ABD37E} URL = http://search.yahoo.com/search?p={searc ... type=10511
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/resu ... earchTerms}
SearchScopes: HKCU - {62ED6765-EF63-4546-94FA-C2551C04DF8C} URL = http://search.yahoo.com/search?p={searc ... type=10513
SearchScopes: HKCU - {B1621800-AC5C-4088-BDEB-332A51E18368} URL = http://search.us.com/serp?guid={BEBE9FA ... earchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: WebSparkle - {9f56bab3-2739-40ed-a8d0-1451657a9742} - C:\Program Files (x86)\WebSparkle\WebSparkleBHO.dll (WebSparkle)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{5F31578C-0FBE-44BE-8993-69BBDF586BD9}: [NameServer]213.46.172.36,213.46.172.37

FireFox:
========
FF ProfilePath: C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default
FF NewTab: file:///C:\\Users\\Karek\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
FF DefaultSearchEngine: SecureSearch
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_6&idate=2013-10-31&ent=hp&u=66200B20AF84C8FB76DF8852726A7D54
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_6&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: firebug - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firefox - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firefox@websparkle.biz.xpi
FF Extension: seo - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seo@profesional.xpi
FF Extension: seostatus - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seostatus@rubyweb.xpi
FF Extension: toolbar_ORJ-V7 - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi
FF HKCU\...\Firefox\Extensions: [sea-condensed@plugin.org] - C:\Program Files (x86)\The Sea App (Firefox)
FF Extension: The SEA App (C) - C:\Program Files (x86)\The Sea App (Firefox)

[vyosek]

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[karelsoucek]

zatím log z Junkware:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Karek on po 25.11.2013 at 9:37:21,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\search protection
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1604048657-3569887421-881733268-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPIP_FF__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPIP_FF__RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPIP_FF__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPIP_FF__RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1621800-AC5C-4088-BDEB-332A51E18368}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f56bab3-2739-40ed-a8d0-1451657a9742}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9f56bab3-2739-40ed-a8d0-1451657a9742}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\websparkle"



~~~ FireFox

Successfully deleted the following from C:\Users\Karek\AppData\Roaming\mozilla\firefox\profiles\bo3ol8i2.default\prefs.js

user_pref("browser.search.defaultenginename", "SecureSearch");
user_pref("browser.search.selectedEngine", "SecureSearch");
user_pref("browser.startup.homepage", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_6&idate=2013-10-31&ent=hp&u=66200B20AF84C8FB76DF8852726A7D54");
user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_6&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\Karek\AppData\Roaming\mozilla\firefox\profiles\bo3ol8i2.default\minidumps [30 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 25.11.2013 at 9:42:56,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[karelsoucek]

# AdwCleaner v3.013 - Report created 25/11/2013 at 09:56:58
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Karek - KAREK-PC
# Running from : C:\Users\Karek\Desktop\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3311 octets] - [24/10/2013 08:32:00]
AdwCleaner[R1].txt - [1270 octets] - [25/11/2013 09:48:40]
AdwCleaner[S0].txt - [3284 octets] - [24/10/2013 08:34:44]
AdwCleaner[S1].txt - [1197 octets] - [25/11/2013 09:56:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1257 octets] ##########

[vyosek]

Spuštění FRST

• Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na [Ano].
• Dooznačíme položku Addition.txt - viz obrázek.
  
• Klikneme na tlačítko [Scan], čímž spustíme skenování.
• Počkáme na dokončení skenování FRST
• Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
• Na ploše nám zbyde utilita FRST a dva logy - FRST.txt a Addition.txt - nic z toho zatím nemažeme!

[karelsoucek]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by Karek (administrator) on KAREK-PC on 25-11-2013 10:27:18
Running from C:\Users\Karek\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(WebSparkle) C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe
(WebSparkle) C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe
(Dropbox, Inc.) C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20551328 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [FMCore.exe] - C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe [9504768 2013-07-25] (Celartem, Inc., doing business as Extensis.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {308B62F7-D79F-43D0-92BC-9038C1ABD37E} URL = http://search.yahoo.com/search?p={searc ... type=10511
SearchScopes: HKCU - {62ED6765-EF63-4546-94FA-C2551C04DF8C} URL = http://search.yahoo.com/search?p={searc ... type=10513
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: WebSparkle - {9f56bab3-2739-40ed-a8d0-1451657a9742} - C:\Program Files (x86)\WebSparkle\WebSparkleBHO.dll (WebSparkle)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{5F31578C-0FBE-44BE-8993-69BBDF586BD9}: [NameServer]213.46.172.36,213.46.172.37

FireFox:
========
FF ProfilePath: C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default
FF NewTab: file:///C:\\Users\\Karek\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
FF DefaultSearchEngine: SecureSearch
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_6&idate=2013-10-31&ent=hp&u=66200B20AF84C8FB76DF8852726A7D54
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_6&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: firebug - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firefox - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firefox@websparkle.biz.xpi
FF Extension: seo - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seo@profesional.xpi
FF Extension: seostatus - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seostatus@rubyweb.xpi
FF Extension: toolbar_ORJ-V7 - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi
FF HKCU\...\Firefox\Extensions: [sea-condensed@plugin.org] - C:\Program Files (x86)\The Sea App (Firefox)
FF Extension: The SEA App (C) - C:\Program Files (x86)\The Sea App (Firefox)

==================== Services (Whitelisted) =================

R2 Update WebSparkle; C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe [65312 2013-10-04] (WebSparkle)
R2 Util WebSparkle; C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe [65312 2013-10-17] (WebSparkle)
S2 Update LinkSwift; "C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe" [x]
S2 Util LinkSwift; "C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-08-31] ()
U3 a32k4fqh; C:\Windows\System32\Drivers\a32k4fqh.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-25 09:46 - 2013-11-25 09:45 - 01091882 _____ C:\Users\Karek\Desktop\adwcleaner(1).exe
2013-11-25 09:42 - 2013-11-25 09:42 - 00003662 _____ C:\Users\Karek\Desktop\JRT.txt
2013-11-25 09:37 - 2013-11-25 09:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-25 09:37 - 2013-11-25 09:36 - 01034531 _____ (Thisisu) C:\Users\Karek\Desktop\JRT.exe
2013-11-25 09:15 - 2013-11-25 10:27 - 00010029 _____ C:\Users\Karek\Desktop\FRST.txt
2013-11-25 09:15 - 2013-11-25 09:15 - 00000000 ____D C:\FRST
2013-11-25 09:14 - 2013-11-25 09:13 - 00112128 _____ (forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
2013-11-25 08:44 - 2013-11-25 08:41 - 01958440 _____ (Farbar) C:\Users\Karek\Desktop\FRST64.exe
2013-11-22 16:20 - 2013-11-22 16:20 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-11-22 16:20 - 2013-06-05 10:45 - 00938496 _____ C:\Windows\SysWOW64\semtempl.dll
2013-11-22 16:20 - 2005-05-20 04:26 - 00343040 _____ C:\Windows\SysWOW64\arcdll.dll
2013-11-22 16:20 - 2004-06-14 16:19 - 00003072 _____ C:\Windows\SysWOW64\hashfunc.dll
2013-11-22 10:55 - 2013-11-22 10:56 - 00000000 ____D C:\OutputFolder
2013-11-22 10:52 - 2013-11-22 10:54 - 00000000 ____D C:\Program Files (x86)\Ultra Video Splitter
2013-11-22 10:52 - 2013-11-22 10:52 - 00001151 _____ C:\Users\Public\Desktop\Ultra Video Splitter.lnk
2013-11-22 10:52 - 2007-04-12 14:19 - 00129024 _____ C:\Windows\SysWOW64\AVERM.dll
2013-11-22 10:52 - 2006-09-26 13:57 - 00028672 _____ C:\Windows\SysWOW64\AVEQT.dll
2013-11-21 17:35 - 2013-11-21 17:35 - 00000000 ____D C:\Windows\CD95F661A5C444F5A6AAECDD91C240DB.TMP
2013-11-21 17:35 - 2013-11-21 17:35 - 00000000 ____D C:\Users\Karek\Documents\Add-in Express
2013-11-21 17:34 - 2013-11-22 10:33 - 00000000 ____D C:\FFOutput
2013-11-21 17:34 - 2013-11-21 17:34 - 00001198 _____ C:\Users\Karek\Desktop\Format Factory.lnk
2013-11-21 17:34 - 2013-11-21 17:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2013-11-21 17:33 - 2013-11-21 17:33 - 00000000 ____D C:\Program Files (x86)\FreeTime
2013-11-19 09:14 - 2013-11-19 09:14 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Malwarebytes
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-19 09:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-18 08:45 - 2013-11-18 08:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 15:05 - 2013-11-14 15:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-11-14 14:58 - 2013-11-14 14:58 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-14 14:58 - 2013-11-14 14:58 - 00000000 ____D C:\ProgramData\Oracle
2013-11-14 14:58 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-14 14:58 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-14 14:58 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-14 14:58 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-31 17:01 - 2013-10-31 17:01 - 00000000 ____D C:\Users\Karek\AppData\Roaming\LavasoftStatistics
2013-10-31 15:48 - 2013-10-31 15:48 - 00000000 ____D C:\ProgramData\BitDefender
2013-10-31 15:35 - 2013-10-31 15:35 - 00000000 ____D C:\Program Files\Lavasoft
2013-10-31 15:34 - 2013-11-25 09:07 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-10-31 15:33 - 2013-10-31 15:33 - 00000000 ____D C:\ProgramData\Lavasoft

==================== One Month Modified Files and Folders =======

2013-11-25 10:27 - 2013-11-25 09:15 - 00010029 _____ C:\Users\Karek\Desktop\FRST.txt
2013-11-25 10:05 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 10:05 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 10:02 - 2011-04-12 09:34 - 00634308 _____ C:\Windows\system32\perfh005.dat
2013-11-25 10:02 - 2011-04-12 09:34 - 00122898 _____ C:\Windows\system32\perfc005.dat
2013-11-25 10:02 - 2009-07-14 06:13 - 01478586 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-25 10:01 - 2013-08-31 15:42 - 01667315 _____ C:\Windows\WindowsUpdate.log
2013-11-25 10:00 - 2013-08-31 14:44 - 00000000 ____D C:\Users\Karek\Documents\Soubory aplikace Outlook
2013-11-25 09:59 - 2013-08-31 15:13 - 00000010 _____ C:\Users\Karek\AppData\Local\.HG88C586-G30G-2HE2-DGDE-8H3E1D530D30
2013-11-25 09:59 - 2013-08-31 15:13 - 00000010 _____ C:\ProgramData\.F464B91F-G49F-3G3D-CFCD-9G7D2C141C96
2013-11-25 09:58 - 2013-09-24 13:30 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Skype
2013-11-25 09:58 - 2013-09-13 13:06 - 00000000 ___RD C:\Users\Karek\Dropbox
2013-11-25 09:58 - 2013-09-13 12:13 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Dropbox
2013-11-25 09:58 - 2013-08-31 16:04 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-25 09:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-25 09:58 - 2009-07-14 05:51 - 00031274 _____ C:\Windows\setupact.log
2013-11-25 09:56 - 2013-10-24 08:31 - 00000000 ____D C:\AdwCleaner
2013-11-25 09:52 - 2013-09-03 09:12 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-25 09:45 - 2013-11-25 09:46 - 01091882 _____ C:\Users\Karek\Desktop\adwcleaner(1).exe
2013-11-25 09:42 - 2013-11-25 09:42 - 00003662 _____ C:\Users\Karek\Desktop\JRT.txt
2013-11-25 09:42 - 2013-10-16 14:06 - 00000000 ____D C:\Program Files (x86)\WebSparkle
2013-11-25 09:37 - 2013-11-25 09:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-25 09:36 - 2013-11-25 09:37 - 01034531 _____ (Thisisu) C:\Users\Karek\Desktop\JRT.exe
2013-11-25 09:15 - 2013-11-25 09:15 - 00000000 ____D C:\FRST
2013-11-25 09:13 - 2013-11-25 09:14 - 00112128 _____ (forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
2013-11-25 09:11 - 2010-11-21 04:47 - 00013280 _____ C:\Windows\PFRO.log
2013-11-25 09:07 - 2013-10-31 15:34 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-11-25 08:41 - 2013-11-25 08:44 - 01958440 _____ (Farbar) C:\Users\Karek\Desktop\FRST64.exe
2013-11-25 08:36 - 2013-09-24 13:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-25 08:36 - 2013-09-24 13:29 - 00000000 ____D C:\ProgramData\Skype
2013-11-22 16:51 - 2013-09-24 08:54 - 00000000 ____D C:\seo projects
2013-11-22 16:20 - 2013-11-22 16:20 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-11-22 16:20 - 2013-09-02 08:18 - 00000000 ____D C:\ProgramData\SeoAdministrator
2013-11-22 16:20 - 2013-09-02 08:18 - 00000000 ____D C:\Program Files (x86)\seoadministrator
2013-11-22 16:10 - 2013-09-02 13:34 - 00001480 _____ C:\Users\Karek\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2013-11-22 10:57 - 2013-10-23 15:21 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Applian FLV and Media Player
2013-11-22 10:56 - 2013-11-22 10:55 - 00000000 ____D C:\OutputFolder
2013-11-22 10:54 - 2013-11-22 10:52 - 00000000 ____D C:\Program Files (x86)\Ultra Video Splitter
2013-11-22 10:52 - 2013-11-22 10:52 - 00001151 _____ C:\Users\Public\Desktop\Ultra Video Splitter.lnk
2013-11-22 10:33 - 2013-11-21 17:34 - 00000000 ____D C:\FFOutput
2013-11-21 17:35 - 2013-11-21 17:35 - 00000000 ____D C:\Windows\CD95F661A5C444F5A6AAECDD91C240DB.TMP
2013-11-21 17:35 - 2013-11-21 17:35 - 00000000 ____D C:\Users\Karek\Documents\Add-in Express
2013-11-21 17:34 - 2013-11-21 17:34 - 00001198 _____ C:\Users\Karek\Desktop\Format Factory.lnk
2013-11-21 17:34 - 2013-11-21 17:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2013-11-21 17:33 - 2013-11-21 17:33 - 00000000 ____D C:\Program Files (x86)\FreeTime
2013-11-20 14:40 - 2013-09-02 08:25 - 00000000 ____D C:\Users\Karek\.ScreamingFrogSEOSpider
2013-11-20 08:24 - 2013-08-31 14:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 09:14 - 2013-11-19 09:14 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Malwarebytes
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 08:45 - 2013-11-18 08:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 16:28 - 2009-07-14 05:45 - 04190696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 15:25 - 2013-08-31 14:41 - 00135992 _____ C:\Users\Karek\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-15 14:13 - 2013-08-31 14:37 - 00000000 ____D C:\Users\Karek\AppData\Local\Microsoft Help
2013-11-15 08:10 - 2013-08-31 15:12 - 00000000 ____D C:\Users\Karek\AppData\Local\Extensis
2013-11-14 15:05 - 2013-11-14 15:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-11-14 14:58 - 2013-11-14 14:58 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-14 14:58 - 2013-11-14 14:58 - 00000000 ____D C:\ProgramData\Oracle
2013-11-14 14:58 - 2013-09-02 08:25 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-31 17:01 - 2013-10-31 17:01 - 00000000 ____D C:\Users\Karek\AppData\Roaming\LavasoftStatistics
2013-10-31 15:48 - 2013-10-31 15:48 - 00000000 ____D C:\ProgramData\BitDefender
2013-10-31 15:35 - 2013-10-31 15:35 - 00000000 ____D C:\Program Files\Lavasoft
2013-10-31 15:33 - 2013-10-31 15:33 - 00000000 ____D C:\ProgramData\Lavasoft
2013-10-29 10:36 - 2013-08-31 15:21 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Adobe

Some content of TEMP:
====================
C:\Users\Karek\AppData\Local\Temp\04016ceb-d861-48ef-b5f7-5a10f233f36b.exe
C:\Users\Karek\AppData\Local\Temp\4b7f0143-219e-4ac7-afd2-564bc83b9869.exe
C:\Users\Karek\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Karek\AppData\Local\Temp\Quarantine.exe
C:\Users\Karek\AppData\Local\Temp\Suitcase Fusion 4 v15.0.6.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-15 12:35

==================== End Of Log ============================


a pak vyskočilo hned toto:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2013
Ran by Karek at 2013-11-25 10:27:39
Running from C:\Users\Karek\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Reader XI (11.0.05) - Czech (x32 Version: 11.0.05)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Aktualizace NVIDIA 1.11.3 (Version: 1.11.3)
Applian FLV and Media Player 3.1.1.12 (x32 Version: 3.1.1.12)
Ask Toolbar (x32 Version: 12.6.0.12)
bl (x32 Version: 1.0.0)
Dropbox (HKCU Version: 2.0.26)
Extensis Suitcase Fusion 4 (x32 Version: 15.0.6)
FormatFactory 3.2.1.0 (x32 Version: 3.2.1.0)
FreeMind (x32 Version: 0.9.0)
IrfanView (remove only) (x32)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Malwarebytes Anti-Malware verze 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Excel MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Groove MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office InfoPath MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Outlook MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office PowerPoint MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Slovak) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Proofing (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Publisher MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Shared 64-bit MUI (Czech) 2010 (Version: 14.0.4763.1011)
Microsoft Office Shared MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Office Word MUI (Czech) 2010 (x32 Version: 14.0.4763.1011)
Microsoft Silverlight (x32 Version: 4.0.60310.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 cs) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Ovladač 3D Vision 311.06 (Version: 311.06)
NVIDIA Ovladače grafiky 311.06 (Version: 311.06)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update Components (Version: 1.11.3)
Ovládací panel NVIDIA 311.06 (Version: 311.06)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
Poedit (x32 Version: 1.4.6)
Screaming Frog SEO Spider (x32 Version: 0.01)
Search.us.com (HKCU)
SEO Administrator 5.1 (x32)
Skype™ 6.10 (x32 Version: 6.10.104)
Smart PC Cleaner v3.2 (x32 Version: 3.2)
The Sea App (Firefox) (x32)
Total Commander 64-bit (Remove or Repair) (Version: 8.01)
Total Commander 8.01 Final (x64,x86) full version for Windows (x32 Version: for Windows)
Ultra Video Splitter 6.2.0409 (x32)
WebSparkle 1.0.0 (Version: 1.0.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

==================== Restore Points =========================

08-10-2013 11:46:06 Removed Adobe Acrobat X Pro - Eastern European (Group 1).
08-10-2013 11:51:39 Installed Adobe Reader XI - Czech.
15-10-2013 14:54:56 Naplánovaný kontrolní bod
16-10-2013 13:06:39 Uniblue DriverScanner installation
31-10-2013 14:33:41 AA11
14-11-2013 13:57:47 Installed Java 7 Update 45
14-11-2013 14:02:52 Nainstalováno: Microsoft Visual C++ 2005 Redistributable
14-11-2013 14:03:39 Installed Extensis Suitcase Fusion 4.
25-11-2013 08:07:28 AA11

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-10-16 13:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {9E71B060-41F9-478C-B859-E39D78A06F6E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {E8CF9BEA-C9F2-4B49-93F4-6D188F0D18E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe

Systems Incorporated)
Task: {F6C2A660-409B-46B7-B4F4-3DDF9332A936} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-07-25 12:41 - 2013-07-25 12:41 - 01007616 _____ () C:\Program Files (x86)\Extensis\Suitcase Fusion 4\libxml2.2.6.24.dll
2013-07-25 12:41 - 2013-07-25 12:41 - 00901120 _____ () C:\Program Files (x86)\Extensis\Suitcase Fusion 4\iconv-1.9.2.dll
2013-07-25 12:41 - 2013-07-25 12:41 - 00007168 _____ () C:\Program Files (x86)\Extensis\Suitcase Fusion 4\libcharset.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Karek\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-18 08:45 - 2013-11-18 08:45 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-11 08:52 - 2013-09-11 08:52 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-02-28 01:55 - 2010-02-28 01:55 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Karek\Local Settings:IosHsoDjFJa6bx3Bw8MWLlMC
AlternateDataStreams: C:\Users\Karek\AppData\Local:IosHsoDjFJa6bx3Bw8MWLlMC
AlternateDataStreams: C:\Users\Karek\AppData\Local\Data aplikací:IosHsoDjFJa6bx3Bw8MWLlMC
AlternateDataStreams: C:\Users\Karek\AppData\Local\Temporary Internet Files:PiLQST2Urskr3a0c9vwpXsDW

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2013 09:59:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/25/2013 09:58:08 AM) (Source: Service Control Manager) (User: )
Description: Služba Util LinkSwift neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/25/2013 09:58:06 AM) (Source: Service Control Manager) (User: )
Description: Služba Update LinkSwift neuspěla při spuštění v důsledku následující chyby:
%%2


Microsoft Office Sessions:
=========================
Error: (11/25/2013 09:59:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-10-16 14:46:31.978
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A

recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-16 14:46:31.968
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A

recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 4094.49 MB
Available physical RAM: 2416.54 MB
Total Pagefile: 8187.18 MB
Available Pagefile: 6356.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:368.01 GB) (Free:324.62 GB) NTFS
Drive d: (decko) (Fixed) (Total:97.66 GB) (Free:95.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A859C709)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
  HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
  HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20551328 2013-10-21] (Skype Technologies S.A.)
  HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
  HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  
  SearchScopes: HKCU - {308B62F7-D79F-43D0-92BC-9038C1ABD37E} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
  SearchScopes: HKCU - {62ED6765-EF63-4546-94FA-C2551C04DF8C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513
  FF NewTab: file:///C:\\Users\\Karek\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
  FF DefaultSearchEngine: SecureSearch
  FF SearchEngineOrder.1: Ask Search
  FF SelectedSearchEngine: SecureSearch
  FF Homepage: hxxp://securedsearch2.lavasoft.com/inde ... 52726A7D54
  FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/resu ... &ent=bs&q=
  
  R2 Update WebSparkle; C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe [65312 2013-10-04] (WebSparkle)
  R2 Util WebSparkle; C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe [65312 2013-10-17] (WebSparkle)
  S2 Update LinkSwift; "C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe" [x]
  S2 Util LinkSwift; "C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe" [x]
  
  C:\Program Files (x86)\WebSparkle
  C:\Program Files (x86)\LinkSwif
  2013-11-25 09:13 - 2013-11-25 09:14 - 00112128 _____ (forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
  2013-11-25 09:45 - 2013-11-25 09:46 - 01091882 _____ C:\Users\Karek\Desktop\adwcleaner(1).exe
  2013-11-25 09:42 - 2013-11-25 09:42 - 00003662 _____ C:\Users\Karek\Desktop\JRT.txt
  2013-11-25 09:56 - 2013-10-24 08:31 - 00000000 ____D C:\AdwCleaner
  C:\Users\Karek\AppData\Local\Temp\04016ceb-d861-48ef-b5f7-5a10f233f36b.exe
  C:\Users\Karek\AppData\Local\Temp\4b7f0143-219e-4ac7-afd2-564bc83b9869.exe
  C:\Users\Karek\AppData\Local\Temp\AskPIP_FF_.exe
  C:\Users\Karek\AppData\Local\Temp\Quarantine.exe
  C:\Users\Karek\AppData\Local\Temp\Suitcase Fusion 4 v15.0.6.exe
  
  Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  
  AlternateDataStreams: C:\Users\Karek\Local Settings:IosHsoDjFJa6bx3Bw8MWLlMC
  AlternateDataStreams: C:\Users\Karek\AppData\Local:IosHsoDjFJa6bx3Bw8MWLlMC
  AlternateDataStreams: C:\Users\Karek\AppData\Local\Data aplikací:IosHsoDjFJa6bx3Bw8MWLlMC
  AlternateDataStreams: C:\Users\Karek\AppData\Local\Temporary Internet Files:PiLQST2Urskr3a0c9vwpXsDW
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[karelsoucek]

Chtěl bych se zeptat, jestli má symsl pokračovat v započatém hledání problému s vyskakujícími reklamami ve FF, viz předchozí logy, nebo jestli mám začít znovu?
díky. K.

[vyosek]

Zdravim,

udelejte novy log

[karelsoucek]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by Karek (administrator) on KAREK-PC on 12-12-2013 11:25:40
Running from C:\Users\Karek\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(WebSparkle) C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe
(WebSparkle) C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe
(Dropbox, Inc.) C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20551328 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [FMCore.exe] - C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe [9504768 2013-07-25] (Celartem, Inc., doing business as Extensis.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [747712 2013-11-26] ()
Startup: C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {308B62F7-D79F-43D0-92BC-9038C1ABD37E} URL = http://search.yahoo.com/search?p={searc ... type=10511
SearchScopes: HKCU - {62ED6765-EF63-4546-94FA-C2551C04DF8C} URL = http://search.yahoo.com/search?p={searc ... type=10513
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: WebSparkle - {9f56bab3-2739-40ed-a8d0-1451657a9742} - C:\Program Files (x86)\WebSparkle\WebSparkleBHO.dll (WebSparkle)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{5F31578C-0FBE-44BE-8993-69BBDF586BD9}: [NameServer]213.46.172.36,213.46.172.37

FireFox:
========
FF ProfilePath: C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default
FF NewTab: file:///C:\\Users\\Karek\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
FF DefaultSearchEngine: SecureSearch
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_6&idate=2013-10-31&ent=hp&u=66200B20AF84C8FB76DF8852726A7D54
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_6&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: firebug - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firefox - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firefox@websparkle.biz.xpi
FF Extension: seo - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seo@profesional.xpi
FF Extension: seostatus - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seostatus@rubyweb.xpi
FF Extension: toolbar_ORJ-V7 - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi
FF HKCU\...\Firefox\Extensions: [sea-condensed@plugin.org] - C:\Program Files (x86)\The Sea App (Firefox)
FF Extension: The SEA App (C) - C:\Program Files (x86)\The Sea App (Firefox)

Chrome:
=======
CHR Extension: (Docs) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Google Wallet) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx

==================== Services (Whitelisted) =================

R2 Update WebSparkle; C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe [65312 2013-10-04] (WebSparkle)
R2 Util WebSparkle; C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe [65312 2013-10-17] (WebSparkle)
S2 Update LinkSwift; "C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe" [x]
S2 Util LinkSwift; "C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-08-31] ()
U3 aggdbkn3; C:\Windows\System32\Drivers\aggdbkn3.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 11:25 - 2013-12-12 11:25 - 00011535 _____ C:\Users\Karek\Desktop\FRST.txt
2013-12-12 11:24 - 2013-11-25 08:44 - 01958440 _____ (Farbar) C:\Users\Karek\Desktop\FRST64(1).exe
2013-12-12 11:24 - 2013-11-25 08:41 - 01958440 _____ (Farbar) C:\Users\Karek\Desktop\FRST64.exe
2013-12-02 13:53 - 2013-12-02 13:54 - 17121597 _____ C:\Users\Karek\Downloads\Chemie, 31. říjen 2013.zip
2013-11-28 08:47 - 2013-11-28 08:47 - 00001393 _____ C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 16:18 - 2013-02-17 01:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-27 16:15 - 2013-11-27 16:15 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-27 16:15 - 2013-11-27 16:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-27 16:15 - 2013-11-27 16:15 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-27 16:15 - 2013-11-27 16:15 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-27 16:15 - 2013-11-27 16:15 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-27 16:15 - 2013-11-27 16:15 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-27 16:15 - 2013-11-27 16:15 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-27 16:15 - 2013-11-27 16:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-27 16:15 - 2013-11-27 16:15 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-27 16:15 - 2013-11-27 16:15 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-27 16:15 - 2013-11-27 16:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-27 16:14 - 2013-11-27 16:14 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 05559152 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 03968368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 03913584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-27 16:12 - 2013-11-27 16:12 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-27 16:11 - 2013-11-27 16:11 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-27 16:11 - 2013-11-27 16:11 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-27 16:10 - 2013-11-27 16:19 - 00013308 _____ C:\Windows\IE10_main.log
2013-11-27 16:08 - 2013-11-27 16:08 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome 31.lnk
2013-11-27 16:07 - 2013-12-12 11:17 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-27 16:07 - 2013-12-12 08:17 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-27 16:07 - 2013-12-10 13:12 - 00003946 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-27 16:07 - 2013-12-10 13:12 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-27 16:07 - 2013-11-27 16:08 - 00000000 ____D C:\Users\Karek\AppData\Local\Google
2013-11-27 16:07 - 2013-11-27 16:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-27 16:06 - 2013-11-27 16:06 - 00001409 _____ C:\Users\Karek\Desktop\Internet Explorer 11.lnk
2013-11-27 16:00 - 2013-11-27 16:02 - 00004098 _____ C:\Windows\IE9_main.log
2013-11-27 15:59 - 2013-11-27 15:59 - 00001129 _____ C:\Users\Public\Desktop\Opera 18.lnk
2013-11-27 15:59 - 2013-11-27 15:59 - 00000786 _____ C:\Windows\ie8_main.log
2013-11-27 15:59 - 2013-11-27 15:59 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Opera Software
2013-11-27 15:59 - 2013-11-27 15:59 - 00000000 ____D C:\Users\Karek\AppData\Local\Opera Software
2013-11-27 15:59 - 2013-11-27 15:59 - 00000000 ____D C:\Program Files (x86)\Opera
2013-11-27 09:30 - 2013-11-27 09:35 - 00000000 ____D C:\Users\Karek\AppData\Roaming\HandBrake
2013-11-27 09:29 - 2013-11-27 09:29 - 00000824 _____ C:\Users\UpdatusUser\Desktop\Handbrake.lnk
2013-11-27 09:29 - 2013-11-27 09:29 - 00000824 _____ C:\Users\Karek\Desktop\Handbrake.lnk
2013-11-27 09:29 - 2013-11-27 09:29 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2013-11-27 09:29 - 2013-11-27 09:29 - 00000000 ____D C:\Program Files\Handbrake
2013-11-26 17:20 - 2013-12-11 17:12 - 00000822 _____ C:\Users\Karek\daemonprocess.txt
2013-11-26 17:20 - 2013-11-27 09:06 - 00000000 ____D C:\Users\Karek\AppData\Local\Mobogenie
2013-11-26 17:20 - 2013-11-26 17:21 - 00000000 ____D C:\Users\Karek\AppData\Local\cache
2013-11-26 17:20 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Karek\Documents\Mobogenie
2013-11-26 17:20 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Karek\.android
2013-11-26 17:19 - 2013-11-26 17:21 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-11-26 17:19 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-11-26 17:19 - 2013-11-26 17:19 - 00001031 _____ C:\Users\Karek\Desktop\MediaCoder.lnk
2013-11-26 17:19 - 2013-11-26 17:19 - 00001019 _____ C:\Users\Karek\Desktop\Mobogenie.lnk
2013-11-26 17:19 - 2013-11-26 17:19 - 00000000 ____D C:\Users\Karek\AppData\Roaming\OpenCandy
2013-11-26 17:19 - 2013-11-26 17:19 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
2013-11-26 17:19 - 2013-11-26 17:19 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Broad Intelligence
2013-11-26 17:19 - 2013-11-26 17:19 - 00000000 ____D C:\Program Files (x86)\MediaCoder
2013-11-25 14:11 - 2013-11-25 14:11 - 00000032 RSHOT C:\Users\Karek\AppData\Local\t65s2tb.dat
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Users\Karek\Documents\My Axure RP Libraries
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Axure
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Users\Karek\AppData\Local\IsolatedStorage
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Users\Karek\AppData\Local\Axure
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\ProgramData\Axure
2013-11-25 14:10 - 2013-11-25 14:10 - 00001140 _____ C:\Users\Public\Desktop\Axure RP 6.5.lnk
2013-11-25 14:10 - 2013-11-25 14:10 - 00000000 __HDC C:\ProgramData\{6F65EB2A-399B-4CEE-BE43-10BE3B64F86C}
2013-11-25 14:10 - 2013-11-25 14:10 - 00000000 ____D C:\Users\Karek\AppData\Local\PackageAware
2013-11-25 14:10 - 2013-11-25 14:10 - 00000000 ____D C:\Program Files (x86)\Axure
2013-11-25 09:42 - 2013-11-25 09:42 - 00003662 _____ C:\Users\Karek\Desktop\JRT.txt
2013-11-25 09:37 - 2013-11-25 09:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-25 09:37 - 2013-11-25 09:36 - 01034531 _____ (Thisisu) C:\Users\Karek\Desktop\JRT.exe
2013-11-25 09:15 - 2013-11-25 09:15 - 00000000 ____D C:\FRST
2013-11-25 09:14 - 2013-11-25 09:13 - 00112128 _____ (forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
2013-11-22 16:20 - 2013-11-26 18:29 - 00987136 _____ C:\Windows\SysWOW64\semtempl.dll
2013-11-22 16:20 - 2013-11-22 16:20 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-11-22 16:20 - 2005-05-20 04:26 - 00343040 _____ C:\Windows\SysWOW64\arcdll.dll
2013-11-22 16:20 - 2004-06-14 16:19 - 00003072 _____ C:\Windows\SysWOW64\hashfunc.dll
2013-11-22 10:55 - 2013-11-22 10:56 - 00000000 ____D C:\OutputFolder
2013-11-22 10:52 - 2013-11-22 10:54 - 00000000 ____D C:\Program Files (x86)\Ultra Video Splitter
2013-11-22 10:52 - 2013-11-22 10:52 - 00001151 _____ C:\Users\Public\Desktop\Ultra Video Splitter.lnk
2013-11-22 10:52 - 2007-04-12 14:19 - 00129024 _____ C:\Windows\SysWOW64\AVERM.dll
2013-11-22 10:52 - 2006-09-26 13:57 - 00028672 _____ C:\Windows\SysWOW64\AVEQT.dll
2013-11-21 17:35 - 2013-11-21 17:35 - 00000000 ____D C:\Windows\CD95F661A5C444F5A6AAECDD91C240DB.TMP
2013-11-21 17:35 - 2013-11-21 17:35 - 00000000 ____D C:\Users\Karek\Documents\Add-in Express
2013-11-21 17:34 - 2013-11-22 10:33 - 00000000 ____D C:\FFOutput
2013-11-21 17:34 - 2013-11-21 17:34 - 00001198 _____ C:\Users\Karek\Desktop\Format Factory.lnk
2013-11-21 17:34 - 2013-11-21 17:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2013-11-21 17:33 - 2013-11-21 17:33 - 00000000 ____D C:\Program Files (x86)\FreeTime
2013-11-19 09:14 - 2013-11-19 09:14 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Malwarebytes
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-19 09:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-18 08:45 - 2013-11-18 08:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 15:05 - 2013-11-14 15:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-11-14 14:58 - 2013-11-14 14:58 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-14 14:58 - 2013-11-14 14:58 - 00000000 ____D C:\ProgramData\Oracle
2013-11-14 14:58 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-14 14:58 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-14 14:58 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-14 14:58 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

==================== One Month Modified Files and Folders =======

2013-12-12 11:25 - 2013-12-12 11:25 - 00011535 _____ C:\Users\Karek\Desktop\FRST.txt
2013-12-12 11:17 - 2013-11-27 16:07 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 11:17 - 2013-09-24 13:30 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Skype
2013-12-12 10:52 - 2013-09-03 09:12 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 08:39 - 2011-04-12 09:34 - 00634308 _____ C:\Windows\system32\perfh005.dat
2013-12-12 08:39 - 2011-04-12 09:34 - 00122898 _____ C:\Windows\system32\perfc005.dat
2013-12-12 08:39 - 2009-07-14 06:13 - 01478586 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 08:38 - 2013-11-26 17:20 - 00000822 _____ C:\Users\Karek\daemonprocess.txt
2013-12-12 08:37 - 2009-07-14 05:51 - 00033690 _____ C:\Windows\setupact.log
2013-12-12 08:24 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 08:24 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 08:18 - 2013-09-13 12:13 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Dropbox
2013-12-12 08:17 - 2013-11-27 16:07 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 08:17 - 2013-09-13 13:06 - 00000000 ___RD C:\Users\Karek\Dropbox
2013-12-12 08:17 - 2013-08-31 16:04 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-12 08:17 - 2013-08-31 15:13 - 00000010 _____ C:\Users\Karek\AppData\Local\.HG88C586-G30G-2HE2-DGDE-8H3E1D530D30
2013-12-12 08:17 - 2013-08-31 15:13 - 00000010 _____ C:\ProgramData\.F464B91F-G49F-3G3D-CFCD-9G7D2C141C96
2013-12-12 08:17 - 2013-08-31 14:44 - 00000000 ____D C:\Users\Karek\Documents\Soubory aplikace Outlook
2013-12-12 08:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 17:12 - 2013-08-31 15:42 - 01357507 _____ C:\Windows\WindowsUpdate.log
2013-12-11 09:45 - 2013-09-02 13:34 - 00001480 _____ C:\Users\Karek\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2013-12-10 13:12 - 2013-11-27 16:07 - 00003946 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-10 13:12 - 2013-11-27 16:07 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 09:19 - 2013-10-24 08:31 - 00000000 ____D C:\AdwCleaner
2013-12-09 13:39 - 2013-09-02 08:18 - 00000000 ____D C:\ProgramData\SeoAdministrator
2013-12-02 13:54 - 2013-12-02 13:53 - 17121597 _____ C:\Users\Karek\Downloads\Chemie, 31. říjen 2013.zip
2013-11-28 12:46 - 2013-10-16 14:06 - 00000000 ____D C:\Program Files (x86)\WebSparkle
2013-11-28 08:47 - 2013-11-28 08:47 - 00001393 _____ C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-28 08:45 - 2010-11-21 04:47 - 00014202 _____ C:\Windows\PFRO.log
2013-11-28 08:45 - 2009-07-14 05:45 - 04193880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-27 17:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-11-27 17:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-11-27 17:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-11-27 17:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-11-27 17:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-27 16:19 - 2013-11-27 16:10 - 00013308 _____ C:\Windows\IE10_main.log
2013-11-27 16:15 - 2013-11-27 16:15 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-27 16:15 - 2013-11-27 16:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-27 16:15 - 2013-11-27 16:15 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-27 16:15 - 2013-11-27 16:15 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-27 16:15 - 2013-11-27 16:15 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-27 16:15 - 2013-11-27 16:15 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-27 16:15 - 2013-11-27 16:15 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-27 16:15 - 2013-11-27 16:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-27 16:15 - 2013-11-27 16:15 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-27 16:15 - 2013-11-27 16:15 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-27 16:15 - 2013-11-27 16:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-27 16:15 - 2013-11-27 16:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-27 16:15 - 2013-11-27 16:15 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-27 16:14 - 2013-11-27 16:14 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 05559152 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 03968368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 03913584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-27 16:13 - 2013-11-27 16:13 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-11-27 16:13 - 2013-11-27 16:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-27 16:12 - 2013-11-27 16:12 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-27 16:12 - 2013-11-27 16:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-27 16:11 - 2013-11-27 16:11 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-27 16:11 - 2013-11-27 16:11 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-27 16:08 - 2013-11-27 16:08 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome 31.lnk
2013-11-27 16:08 - 2013-11-27 16:07 - 00000000 ____D C:\Users\Karek\AppData\Local\Google
2013-11-27 16:08 - 2013-11-27 16:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-27 16:06 - 2013-11-27 16:06 - 00001409 _____ C:\Users\Karek\Desktop\Internet Explorer 11.lnk
2013-11-27 16:04 - 2013-08-31 16:00 - 00001443 _____ C:\Users\Karek\Desktop\Internet Explorer 9.lnk
2013-11-27 16:02 - 2013-11-27 16:00 - 00004098 _____ C:\Windows\IE9_main.log
2013-11-27 15:59 - 2013-11-27 15:59 - 00001129 _____ C:\Users\Public\Desktop\Opera 18.lnk
2013-11-27 15:59 - 2013-11-27 15:59 - 00000786 _____ C:\Windows\ie8_main.log
2013-11-27 15:59 - 2013-11-27 15:59 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Opera Software
2013-11-27 15:59 - 2013-11-27 15:59 - 00000000 ____D C:\Users\Karek\AppData\Local\Opera Software
2013-11-27 15:59 - 2013-11-27 15:59 - 00000000 ____D C:\Program Files (x86)\Opera
2013-11-27 10:50 - 2013-10-23 15:21 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Applian FLV and Media Player
2013-11-27 09:35 - 2013-11-27 09:30 - 00000000 ____D C:\Users\Karek\AppData\Roaming\HandBrake
2013-11-27 09:29 - 2013-11-27 09:29 - 00000824 _____ C:\Users\UpdatusUser\Desktop\Handbrake.lnk
2013-11-27 09:29 - 2013-11-27 09:29 - 00000824 _____ C:\Users\Karek\Desktop\Handbrake.lnk
2013-11-27 09:29 - 2013-11-27 09:29 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2013-11-27 09:29 - 2013-11-27 09:29 - 00000000 ____D C:\Program Files\Handbrake
2013-11-27 09:06 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Karek\AppData\Local\Mobogenie
2013-11-26 18:29 - 2013-11-22 16:20 - 00987136 _____ C:\Windows\SysWOW64\semtempl.dll
2013-11-26 17:21 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Karek\AppData\Local\cache
2013-11-26 17:21 - 2013-11-26 17:19 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-11-26 17:20 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Karek\Documents\Mobogenie
2013-11-26 17:20 - 2013-11-26 17:20 - 00000000 ____D C:\Users\Karek\.android
2013-11-26 17:20 - 2013-11-26 17:19 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-11-26 17:20 - 2013-08-31 16:00 - 00000000 ____D C:\Users\Karek
2013-11-26 17:19 - 2013-11-26 17:19 - 00001031 _____ C:\Users\Karek\Desktop\MediaCoder.lnk
2013-11-26 17:19 - 2013-11-26 17:19 - 00001019 _____ C:\Users\Karek\Desktop\Mobogenie.lnk
2013-11-26 17:19 - 2013-11-26 17:19 - 00000000 ____D C:\Users\Karek\AppData\Roaming\OpenCandy
2013-11-26 17:19 - 2013-11-26 17:19 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
2013-11-26 17:19 - 2013-11-26 17:19 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Broad Intelligence
2013-11-26 17:19 - 2013-11-26 17:19 - 00000000 ____D C:\Program Files (x86)\MediaCoder
2013-11-25 14:11 - 2013-11-25 14:11 - 00000032 RSHOT C:\Users\Karek\AppData\Local\t65s2tb.dat
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Users\Karek\Documents\My Axure RP Libraries
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Axure
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Users\Karek\AppData\Local\IsolatedStorage
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Users\Karek\AppData\Local\Axure
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\ProgramData\Axure
2013-11-25 14:11 - 2013-08-31 14:41 - 00106192 _____ C:\Users\Karek\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 14:10 - 2013-11-25 14:10 - 00001140 _____ C:\Users\Public\Desktop\Axure RP 6.5.lnk
2013-11-25 14:10 - 2013-11-25 14:10 - 00000000 __HDC C:\ProgramData\{6F65EB2A-399B-4CEE-BE43-10BE3B64F86C}
2013-11-25 14:10 - 2013-11-25 14:10 - 00000000 ____D C:\Users\Karek\AppData\Local\PackageAware
2013-11-25 14:10 - 2013-11-25 14:10 - 00000000 ____D C:\Program Files (x86)\Axure
2013-11-25 09:42 - 2013-11-25 09:42 - 00003662 _____ C:\Users\Karek\Desktop\JRT.txt
2013-11-25 09:37 - 2013-11-25 09:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-25 09:36 - 2013-11-25 09:37 - 01034531 _____ (Thisisu) C:\Users\Karek\Desktop\JRT.exe
2013-11-25 09:15 - 2013-11-25 09:15 - 00000000 ____D C:\FRST
2013-11-25 09:13 - 2013-11-25 09:14 - 00112128 _____ (forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
2013-11-25 09:07 - 2013-10-31 15:34 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-11-25 08:44 - 2013-12-12 11:24 - 01958440 _____ (Farbar) C:\Users\Karek\Desktop\FRST64(1).exe
2013-11-25 08:41 - 2013-12-12 11:24 - 01958440 _____ (Farbar) C:\Users\Karek\Desktop\FRST64.exe
2013-11-25 08:36 - 2013-09-24 13:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-25 08:36 - 2013-09-24 13:29 - 00000000 ____D C:\ProgramData\Skype
2013-11-22 16:51 - 2013-09-24 08:54 - 00000000 ____D C:\seo projects
2013-11-22 16:20 - 2013-11-22 16:20 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-11-22 16:20 - 2013-09-02 08:18 - 00000000 ____D C:\Program Files (x86)\seoadministrator
2013-11-22 10:56 - 2013-11-22 10:55 - 00000000 ____D C:\OutputFolder
2013-11-22 10:54 - 2013-11-22 10:52 - 00000000 ____D C:\Program Files (x86)\Ultra Video Splitter
2013-11-22 10:52 - 2013-11-22 10:52 - 00001151 _____ C:\Users\Public\Desktop\Ultra Video Splitter.lnk
2013-11-22 10:33 - 2013-11-21 17:34 - 00000000 ____D C:\FFOutput
2013-11-21 17:35 - 2013-11-21 17:35 - 00000000 ____D C:\Windows\CD95F661A5C444F5A6AAECDD91C240DB.TMP
2013-11-21 17:35 - 2013-11-21 17:35 - 00000000 ____D C:\Users\Karek\Documents\Add-in Express
2013-11-21 17:34 - 2013-11-21 17:34 - 00001198 _____ C:\Users\Karek\Desktop\Format Factory.lnk
2013-11-21 17:34 - 2013-11-21 17:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2013-11-21 17:33 - 2013-11-21 17:33 - 00000000 ____D C:\Program Files (x86)\FreeTime
2013-11-20 14:40 - 2013-09-02 08:25 - 00000000 ____D C:\Users\Karek\.ScreamingFrogSEOSpider
2013-11-20 08:24 - 2013-08-31 14:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 09:14 - 2013-11-19 09:14 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Malwarebytes
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-19 09:14 - 2013-11-19 09:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 08:45 - 2013-11-18 08:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 14:13 - 2013-08-31 14:37 - 00000000 ____D C:\Users\Karek\AppData\Local\Microsoft Help
2013-11-15 08:10 - 2013-08-31 15:12 - 00000000 ____D C:\Users\Karek\AppData\Local\Extensis
2013-11-14 15:05 - 2013-11-14 15:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-11-14 14:58 - 2013-11-14 14:58 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-14 14:58 - 2013-11-14 14:58 - 00000000 ____D C:\ProgramData\Oracle
2013-11-14 14:58 - 2013-09-02 08:25 - 00000000 ____D C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\Karek\AppData\Local\Temp\04016ceb-d861-48ef-b5f7-5a10f233f36b.exe
C:\Users\Karek\AppData\Local\Temp\4b7f0143-219e-4ac7-afd2-564bc83b9869.exe
C:\Users\Karek\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Karek\AppData\Local\Temp\Suitcase Fusion 4 v15.0.6.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-26 12:22

==================== End Of Log ============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
  HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
  HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20551328 2013-10-21] (Skype Technologies S.A.)
  HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
  HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  SearchScopes: HKCU - {308B62F7-D79F-43D0-92BC-9038C1ABD37E} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
  SearchScopes: HKCU - {62ED6765-EF63-4546-94FA-C2551C04DF8C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513
  Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
  
  FF NewTab: file:///C:\\Users\\Karek\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
  FF DefaultSearchEngine: SecureSearch
  FF SearchEngineOrder.1: Ask Search
  FF SelectedSearchEngine: SecureSearch
  FF Homepage: hxxp://securedsearch2.lavasoft.com/inde ... 52726A7D54
  FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/resu ... &ent=bs&q=
  FF Extension: toolbar_ORJ-V7 - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi
  
  CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx
  
  R2 Update WebSparkle; C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe [65312 2013-10-04] (WebSparkle)
  R2 Util WebSparkle; C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe [65312 2013-10-17] (WebSparkle)
  S2 Update LinkSwift; "C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe" [x]
  S2 Util LinkSwift; "C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe" [x]
  
  C:\Program Files (x86)\WebSparkle
  C:\Program Files (x86)\LinkSwift
  2013-12-12 11:24 - 2013-11-25 08:44 - 01958440 _____ (Farbar) C:\Users\Karek\Desktop\FRST64(1).exe
  C:\Users\Karek\AppData\Local\Temp\04016ceb-d861-48ef-b5f7-5a10f233f36b.exe
  C:\Users\Karek\AppData\Local\Temp\4b7f0143-219e-4ac7-afd2-564bc83b9869.exe
  C:\Users\Karek\AppData\Local\Temp\AskPIP_FF_.exe
  C:\Users\Karek\AppData\Local\Temp\Suitcase Fusion 4 v15.0.6.exe
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[karelsoucek]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-11-2013
Ran by Karek at 2013-12-12 13:07:35 Run:1
Running from C:\Users\Karek\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20551328 2013-10-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {308B62F7-D79F-43D0-92BC-9038C1ABD37E} URL = http://search.yahoo.com/search?p={searc ... type=10511
SearchScopes: HKCU - {62ED6765-EF63-4546-94FA-C2551C04DF8C} URL = http://search.yahoo.com/search?p={searc ... type=10513
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

FF NewTab: file:///C:\\Users\\Karek\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
FF DefaultSearchEngine: SecureSearch
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/inde ... 52726A7D54
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/resu ... &ent=bs&q=
FF Extension: toolbar_ORJ-V7 - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi

CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx

R2 Update WebSparkle; C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe [65312 2013-10-04] (WebSparkle)
R2 Util WebSparkle; C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe [65312 2013-10-17] (WebSparkle)
S2 Update LinkSwift; "C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe" [x]
S2 Util LinkSwift; "C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe" [x]

C:\Program Files (x86)\WebSparkle
C:\Program Files (x86)\LinkSwift
2013-12-12 11:24 - 2013-11-25 08:44 - 01958440 _____ (Farbar) C:\Users\Karek\Desktop\FRST64(1).exe
C:\Users\Karek\AppData\Local\Temp\04016ceb-d861-48ef-b5f7-5a10f233f36b.exe
C:\Users\Karek\AppData\Local\Temp\4b7f0143-219e-4ac7-afd2-564bc83b9869.exe
C:\Users\Karek\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Karek\AppData\Local\Temp\Suitcase Fusion 4 v15.0.6.exe

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{308B62F7-D79F-43D0-92BC-9038C1ABD37E} => Key deleted successfully.
HKCR\CLSID\{308B62F7-D79F-43D0-92BC-9038C1ABD37E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62ED6765-EF63-4546-94FA-C2551C04DF8C} => Key deleted successfully.
HKCR\CLSID\{62ED6765-EF63-4546-94FA-C2551C04DF8C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
Firefox newtab deleted successfully.

========================= FF NewTab: file:///C:\\Users\\Karek\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm ========================

"FF NewTab: ///C:\\Users\\Karek\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm" not found.
====== End Of File: ======

Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ikgojpdbiniccokkgadmdheobjfdbbcg => Key deleted successfully.
C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx => Moved successfully.
Update WebSparkle => Service deleted successfully.
Util WebSparkle => Service deleted successfully.
Update LinkSwift => Service deleted successfully.
Util LinkSwift => Service deleted successfully.
C:\Program Files (x86)\WebSparkle => Moved successfully.
"C:\Program Files (x86)\LinkSwift" => File/Directory not found.
C:\Users\Karek\Desktop\FRST64(1).exe => Moved successfully.
C:\Users\Karek\AppData\Local\Temp\04016ceb-d861-48ef-b5f7-5a10f233f36b.exe => Moved successfully.
C:\Users\Karek\AppData\Local\Temp\4b7f0143-219e-4ac7-afd2-564bc83b9869.exe => Moved successfully.
C:\Users\Karek\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully.
C:\Users\Karek\AppData\Local\Temp\Suitcase Fusion 4 v15.0.6.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====

[vyosek]

Jak se chova PC

[karelsoucek]

problém pořád přetrvává - jen když jsem v pátek provedl všechny úkony, tak mi ze dvou vyskakujících oken reklamy přestalo jedno okno vyskakovat.

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix