Jak najít keylogger v PC?

Zpráva

kacikk · #1 Příspěvek od **kacikk** » 02 bře 2015 20:24

Dobrý den,
omlouvám se pokud zakládám již existující téma. Asi před dvěma týdny jsem do PC stáhla keylogger, s tím, že bude skrytý. Problém je, že teď ho v počítači nemohu najít ani já sama. Prosím o radu jak najít skrytý keylogger. Děkuji

#2 Příspěvek od **vyosek** » 03 bře 2015 13:27

Dobry den

tema jsem presunul do spravne sekce

Pro zacatek dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

kacikk · #3 Příspěvek od **kacikk** » 03 bře 2015 14:49

ok, děkuji

zde posílám log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Standard (administrator) on STANDARD-PC on 03-03-2015 14:35:33
Running from C:\Users\Standard\Downloads
Loaded Profiles: UpdatusUser & Standard (Available profiles: UpdatusUser & Standard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SPSSInc) C:\Program Files (x86)\Common Files\IBM\SPSS\DataCollection\6\Shared\HelpCenterService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(IBM) C:\Program Files (x86)\Common Files\IBM\SPSS\DataCollection\6\Documentation\ibm_help\jre\bin\java.exe
(TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Common Files\IBM\SPSS\DataCollection\6\Documentation\ibm_help\eclipse\eclipse.exe
(IBM) C:\Program Files (x86)\Common Files\IBM\SPSS\DataCollection\6\Documentation\ibm_help\jre\bin\javaw.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_FATIBNE.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BitTorrent Inc.) C:\Users\Standard\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Users\Standard\AppData\Roaming\Search Protection\SP.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SPSS Ltd) C:\Program Files (x86)\Common Files\IBM\SPSS\DataCollection\6\Logging.2\LogBckO2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe
(TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SyncConsole] => C:\Program Files (x86)\IBM\SPSS\DataCollection\6\Interviewer\IPlayerSyncMgr.exe [460288 2010-08-17] (SPSSInc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2882767032-2900810182-58851670-1001\...\Run: [EPSON Stylus Photo R265 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBNE.EXE [139264 2006-05-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2882767032-2900810182-58851670-1001\...\Run: [BitComet] => "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
HKU\S-1-5-21-2882767032-2900810182-58851670-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-2882767032-2900810182-58851670-1001\...\Run: [uTorrent] => C:\Users\Standard\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)
HKU\S-1-5-21-2882767032-2900810182-58851670-1001\...\Run: [Facebook Update] => C:\Users\Standard\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-17] (Facebook Inc.)
HKU\S-1-5-21-2882767032-2900810182-58851670-1001\...\Run: [Search Protection] => C:\Users\Standard\AppData\Roaming\Search Protection\SP.EXE [892000 2015-02-11] ()
HKU\S-1-5-21-2882767032-2900810182-58851670-1001\...\MountPoints2: {6552fd48-d4b7-11e0-9a6e-000b6b715f6b} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [95848 2010-05-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [90216 2010-05-06] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=vsl&ch ... =149636513
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=vsl&ch ... =149636513
HKU\S-1-5-21-2882767032-2900810182-58851670-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKU\S-1-5-21-2882767032-2900810182-58851670-1001\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://home.sweetim.com/?crg=3.1010000. ... 113220FE04}
URLSearchHook: HKLM-x32 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll (SimilarSites)
URLSearchHook: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll (SimilarSites)
URLSearchHook: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f ... 1188786350
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f ... 1188786350
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.funmoods.com/results.php?f ... =149636513
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.funmoods.com/results.php?f ... =149636513
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {391FA572-650A-18A8-847B-02118A10DC20} URL = http://search.sweetim.com/search.asp?sr ... 113220FE04}
SearchScopes: HKLM-x32 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f ... 1188786350
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.funmoods.com/results.php?f ... =149636513
SearchScopes: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 23&ptr=100
SearchScopes: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> Backup.Old.DefaultScope {F90EC64D-B306-4CF7-B6F0-18793F4BE687}
SearchScopes: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 30F0C0D268
SearchScopes: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> {391FA572-650A-18A8-847B-02118A10DC20} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> {447D8EF1-70E6-40B9-B87D-FA4C673A8561} URL = https://search.yahoo.com/search?fr=chr- ... earchTerms}
SearchScopes: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f ... 1188786350
SearchScopes: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 23&ptr=100
SearchScopes: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> {F90EC64D-B306-4CF7-B6F0-18793F4BE687} URL = http://start.funmoods.com/results.php?f ... =149636513
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll (SimilarSites)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
Toolbar: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2882767032-2900810182-58851670-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{FDD865EF-9325-4B5F-B782-C134C73F653C}: [NameServer] 10.255.255.10,10.255.255.20

FireFox:
========
FF ProfilePath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=gree ... =443898&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2882767032-2900810182-58851670-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Standard\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default\searchplugins\SweetIM Search.xml
FF SearchPlugin: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
FF Extension: RelevantKnowledge - C:\Program Files (x86)\RelevantKnowledge\firefox [2014-05-20]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> search.sweetim.com
CHR DefaultSearchURL: Default -> http://search.sweetim.com/search.asp?sr ... 23&ptr=100
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Funmoods Chat) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2012-12-18]
CHR Extension: (YouTube) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Funmoods) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2012-12-18]
CHR Extension: (Google Search) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-03-03]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-02-03]
CHR Extension: (Similar Sites Pro) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl [2012-12-18]
CHR Extension: (Virtual Keyboard) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-03-03]
CHR Extension: (RelevantKnowledge) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2014-05-26]
CHR Extension: (Google Wallet) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2014-02-23]
CHR Extension: (Allin1Convert) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj [2014-02-03]
CHR Extension: (Gmail) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Standard\AppData\Local\funmoods.crx [2012-12-18]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/deta ... ddbepgkeaa [Not Found]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Standard\AppData\Local\funmoods-speeddial.crx [2013-10-27]
CHR HKU\S-1-5-21-2882767032-2900810182-58851670-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Standard\AppData\Local\funmoods.crx [2012-12-18]
CHR HKU\S-1-5-21-2882767032-2900810182-58851670-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Standard\AppData\Local\funmoods-speeddial.crx [2013-10-27]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Standard\AppData\Local\funmoods.crx [2012-12-18]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/deta ... ddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Standard\AppData\Local\funmoods-speeddial.crx [2013-10-27]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\Standard\AppData\Roaming\SimilarSites\similarsites.crx [2012-03-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files (x86)\RelevantKnowledge\rlcm.crx [2014-05-20]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\mjcm\SweetNT.crx [2014-06-24]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-20] (Kaspersky Lab ZAO)
R2 MyService1; C:\Program Files (x86)\Common Files\IBM\SPSS\DataCollection\6\Shared\HelpCenterService.exe [9728 2010-05-23] (SPSSInc) [File not signed]
R2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [213784 2014-10-31] (TMRG, Inc.) <==== ATTENTION
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 IBUpdaterService; %SystemRoot%\system32\dmwu.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-27] (DT Soft Ltd)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-29] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-20] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-20] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-03] (Kaspersky Lab ZAO)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-13] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 14:35 - 2015-03-03 14:36 - 00032169 _____ () C:\Users\Standard\Downloads\FRST.txt
2015-03-03 14:34 - 2015-03-03 14:35 - 00000000 ____D () C:\FRST
2015-03-03 14:33 - 2015-03-03 14:34 - 02092544 _____ (Farbar) C:\Users\Standard\Downloads\FRST64.exe
2015-03-02 20:28 - 2015-03-03 01:02 - 00000000 ____D () C:\rsit
2015-03-02 20:28 - 2015-03-03 01:01 - 00000000 ____D () C:\Program Files\trend micro
2015-03-02 20:10 - 2015-03-02 20:10 - 01222144 _____ () C:\Users\Standard\Downloads\RSITx64.exe
2015-02-27 16:27 - 2015-02-27 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2015-02-27 10:26 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-27 10:26 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-23 01:10 - 2015-03-01 21:14 - 00000000 ___HD () C:\Windows\SysWOW64\asam
2015-02-23 01:07 - 2015-02-23 01:08 - 14156128 _____ (Roman Svihalek, ActivityMon Software) C:\Users\Standard\Downloads\ActivityMonHomeSetupCZ.exe
2015-02-23 00:37 - 2012-12-12 17:29 - 01970176 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatXml.dll
2015-02-23 00:37 - 2012-12-12 17:27 - 02121728 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatHttp.dll
2015-02-23 00:37 - 2012-08-06 16:39 - 02555904 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatMail2.dll
2015-02-23 00:37 - 2012-08-06 16:39 - 02416640 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatZip2.dll
2015-02-23 00:37 - 2012-08-06 16:39 - 00647168 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\CkString.dll
2015-02-23 00:37 - 2012-08-06 16:38 - 01576960 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatCrypt2.dll
2015-02-23 00:37 - 2012-08-06 16:38 - 00720896 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\HtmlToXml.dll
2015-02-23 00:37 - 2011-03-25 15:52 - 02196992 _____ (Debenu Pty Ltd) C:\Windows\SysWOW64\QuickPDFAX0724.dll
2015-02-23 00:37 - 2011-02-21 16:25 - 02323520 _____ (gdpicture.com) C:\Windows\SysWOW64\gdpicturepro5.ocx
2015-02-23 00:36 - 2015-02-23 00:36 - 06307840 _____ ( ) C:\Windows\sspro.exe
2015-02-23 00:36 - 2015-02-23 00:36 - 01826432 _____ (GPS) C:\Windows\svcreng.dll
2015-02-23 00:36 - 2015-02-23 00:36 - 00024576 _____ () C:\Windows\svcextend32.exe
2015-02-23 00:36 - 2015-02-23 00:36 - 00000000 ____D () C:\Windows\CoreComp
2015-02-23 00:36 - 2012-05-25 10:28 - 02746400 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v15.3.1.ocx
2015-02-23 00:36 - 2012-05-25 10:28 - 01931296 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Controls.v15.3.1.ocx
2015-02-23 00:36 - 2012-05-25 10:28 - 01427488 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.ReportControl.v15.3.1.ocx
2015-02-23 00:36 - 2012-05-25 10:28 - 00899104 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.TaskPanel.v15.3.1.ocx
2015-02-23 00:36 - 2012-05-25 10:28 - 00837664 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.DockingPane.v15.3.1.ocx
2015-02-23 00:36 - 2012-05-25 10:28 - 00780320 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Markup.v15.3.1.ocx
2015-02-23 00:36 - 2012-05-25 10:27 - 02672672 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Calendar.v15.3.1.ocx
2015-02-23 00:36 - 2010-02-16 14:22 - 00218432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RichTx32.ocx
2015-02-23 00:36 - 2009-11-29 20:09 - 00453632 _____ () C:\Windows\SysWOW64\SetACL.ocx
2015-02-23 00:36 - 2005-03-19 12:40 - 00196608 _____ (Personal) C:\Windows\SysWOW64\VBSplitter.ocx
2015-02-23 00:36 - 2004-03-09 02:00 - 00124688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWINSCK.ocx
2015-02-23 00:36 - 2002-08-21 16:26 - 00102469 _____ (Microsoft) C:\Windows\SysWOW64\VBPrnDlg.dll
2015-02-23 00:35 - 2015-02-23 00:36 - 00663680 _____ (GP Systems Integration) C:\Windows\utimcache.exe
2015-02-23 00:35 - 2015-02-23 00:35 - 03614848 _____ (GP Systems Integration) C:\Windows\diskediag.exe
2015-02-23 00:35 - 2015-02-23 00:35 - 00714880 _____ (GP Systems Integration) C:\Windows\sysnadr64.exe
2015-02-23 00:35 - 2015-02-23 00:35 - 00484992 _____ (GP Systems Integration) C:\Windows\stidraw32.exe
2015-02-23 00:35 - 2015-02-23 00:35 - 00003961 _____ () C:\Windows\memgprep.dll
2015-02-23 00:35 - 2015-02-23 00:35 - 00000000 ____D () C:\Windows\ServiceLECache
2015-02-23 00:35 - 2011-03-27 20:21 - 00000304 _____ () C:\Windows\km32hlpr.dll
2015-02-23 00:35 - 2011-03-06 12:03 - 00000000 _____ () C:\Windows\wnsperf32.dll
2015-02-23 00:35 - 2010-08-21 14:03 - 00000000 _____ () C:\Windows\winid332.dll
2015-02-23 00:35 - 2010-08-21 14:03 - 00000000 _____ () C:\Windows\stdensrv.dll
2015-02-23 00:35 - 2010-08-21 14:03 - 00000000 _____ () C:\Windows\cr2gui32.dll
2015-02-23 00:35 - 2010-08-21 14:02 - 00000000 _____ () C:\Windows\javexisa.dll
2015-02-23 00:35 - 2010-04-17 08:35 - 00000000 _____ () C:\Windows\javexisb.dll
2015-02-23 00:34 - 2015-02-23 00:34 - 01299198 _____ () C:\Users\Standard\Downloads\sspro_72_setup.zip
2015-02-19 17:32 - 2015-02-19 17:39 - 00000000 ____D () C:\Users\Standard\Desktop\Gossip.Girl.S03.SWESUB.AC3.DVDRip.XviD-aka
2015-02-18 22:39 - 2015-02-19 00:41 - 1101422353 _____ () C:\Users\Standard\Downloads\Vlk-z-Wall-Street-CZ-Dabing-2014.AVI.Novinka.mp4
2015-02-18 16:53 - 2015-02-18 16:53 - 00062429 _____ () C:\Users\Standard\Downloads\Gossip_Girl_S03_SWESUB_AC3_DVDRip_XviD-aka-2 (1).torrent
2015-02-18 15:28 - 2015-02-18 15:28 - 00446802 _____ () C:\Users\Standard\Downloads\Politologie-poznámky-k-otázkám.rar
2015-02-17 23:47 - 2015-02-17 23:47 - 00062429 _____ () C:\Users\Standard\Downloads\Gossip_Girl_S03_SWESUB_AC3_DVDRip_XviD-aka-2.torrent
2015-02-17 23:37 - 2015-02-17 23:37 - 00062429 _____ () C:\Users\Standard\Downloads\Gossip_Girl_S03_SWESUB_AC3_DVDRip_XviD-aka.torrent
2015-02-17 21:22 - 2015-02-17 21:22 - 00042432 _____ () C:\Users\Standard\Downloads\[CzT]Super_drbna_Gossip_Girl_Season_3_.torrent
2015-02-12 19:15 - 2015-02-12 19:15 - 00273653 _____ () C:\Users\Standard\Downloads\GAS INDUSTRY.pptx
2015-02-12 02:15 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 02:15 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 02:15 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 02:15 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 01:02 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 01:02 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 01:02 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 01:02 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 01:02 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 01:02 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 01:02 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 01:02 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 01:02 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 01:02 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 01:01 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 01:01 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 01:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 01:01 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 01:01 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 01:01 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 01:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 01:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 01:01 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 01:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 01:01 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 01:01 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 01:01 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 01:01 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 01:01 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 01:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 01:01 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 01:01 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 01:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 01:01 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 01:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 01:01 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 01:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 01:01 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 01:01 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 01:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 01:01 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 01:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 01:01 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 01:01 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 01:01 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 01:01 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 01:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 01:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 01:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 01:01 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 01:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 01:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 01:01 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 01:01 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 01:01 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 01:01 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 01:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 01:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 01:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 01:01 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 01:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 01:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 01:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 01:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 01:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 01:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 01:01 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 01:01 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 01:01 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 01:01 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 01:01 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 01:01 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 01:01 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 01:01 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 01:01 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 01:01 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 01:01 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 01:01 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 01:01 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 01:01 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 00:58 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 00:58 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 00:58 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 00:58 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 00:58 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 00:58 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 00:58 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 00:58 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 00:58 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 00:58 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 00:58 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 00:58 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 00:58 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 00:58 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 00:58 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 00:58 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 00:58 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 00:58 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 00:58 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 00:58 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 00:58 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 00:58 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 00:58 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 00:58 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 00:58 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 00:58 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 00:58 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 00:56 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 00:56 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 00:56 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 00:56 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 00:56 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 00:56 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 00:56 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 00:55 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-05 22:38 - 2015-02-05 22:38 - 01024392 _____ () C:\Users\Standard\Downloads\Gossip_Girl - season 2.en.zip
2015-02-04 20:27 - 2015-02-05 22:39 - 00000000 ____D () C:\Users\Standard\Desktop\Gossip Girl Season 2 Complete 720p
2015-02-04 20:25 - 2015-02-04 20:25 - 00142375 _____ () C:\Users\Standard\Downloads\[kickass.so]gossip.girl.season.2.complete.720p.torrent
2015-02-03 20:56 - 2015-02-03 20:56 - 00131364 _____ () C:\Users\Standard\Downloads\aqueda (2).mpe
2015-02-03 20:55 - 2015-02-03 20:56 - 00131364 _____ () C:\Users\Standard\Downloads\aqueda (1).mpe
2015-02-03 20:54 - 2015-02-03 20:56 - 00131364 _____ () C:\Users\Standard\Downloads\aqueda.mpe
2015-02-02 01:31 - 2015-02-27 14:33 - 00000458 ____H () C:\Windows\Tasks\Norton Security Scan for Standard.job
2015-02-02 01:31 - 2015-02-02 01:32 - 00000000 ____D () C:\ProgramData\Norton
2015-02-02 01:31 - 2015-02-02 01:31 - 00003628 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Standard
2015-02-02 01:27 - 2015-02-02 01:27 - 00721568 _____ (malavida) C:\Users\Standard\Downloads\Malavida_Download_Manager.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 14:37 - 2013-07-27 21:04 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\uTorrent
2015-03-03 14:32 - 2010-11-19 02:32 - 02026138 _____ () C:\Windows\WindowsUpdate.log
2015-03-03 14:31 - 2013-10-27 11:44 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
2015-03-03 14:31 - 2011-08-16 10:59 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 14:22 - 2012-06-05 16:57 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 14:19 - 2011-09-01 16:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-03 14:19 - 2011-08-16 10:59 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 14:18 - 2014-02-17 12:48 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2882767032-2900810182-58851670-1001UA.job
2015-03-03 14:18 - 2014-02-17 12:48 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2882767032-2900810182-58851670-1001Core.job
2015-03-03 14:18 - 2014-02-10 22:00 - 00000304 _____ () C:\Windows\Tasks\Funmoods.job
2015-03-03 14:18 - 2012-12-27 03:55 - 00000368 _____ () C:\Windows\Tasks\AmiUpdXp.job
2015-03-03 00:08 - 2014-11-24 00:33 - 00006328 _____ () C:\Windows\setupact.log
2015-03-02 23:35 - 2013-09-30 06:49 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC31FEB1-6C58-4DDC-9E44-966B4786E428}
2015-03-01 21:25 - 2009-07-14 05:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 21:25 - 2009-07-14 05:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 21:16 - 2011-08-01 08:31 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-03-01 21:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 21:14 - 2010-11-18 10:40 - 01013124 _____ () C:\Windows\PFRO.log
2015-02-26 14:35 - 2010-11-19 03:23 - 00672386 _____ () C:\Windows\system32\perfh005.dat
2015-02-26 14:35 - 2010-11-19 03:23 - 00142950 _____ () C:\Windows\system32\perfc005.dat
2015-02-26 14:35 - 2009-07-14 06:13 - 01593150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-22 22:27 - 2014-11-24 00:59 - 00000000 ____D () C:\Users\Standard\Desktop\Dokumenty
2015-02-18 15:10 - 2011-08-28 14:49 - 00000000 ___RD () C:\Users\Standard\Desktop\OBRÁZKY
2015-02-12 03:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 01:57 - 2009-07-14 05:45 - 00420184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 01:54 - 2014-12-11 13:15 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 01:54 - 2014-04-30 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 13:41 - 2011-08-15 14:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 13:34 - 2013-07-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 13:17 - 2011-08-15 12:39 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 13:23 - 2012-06-05 16:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:23 - 2012-06-05 16:57 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 13:23 - 2011-08-16 10:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 12:03 - 2011-08-16 10:59 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 12:03 - 2011-08-16 10:59 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2012-08-12 15:30 - 2014-11-22 04:23 - 0000616 _____ () C:\Users\Standard\AppData\Roaming\Rim.Desktop.Exception.log
2012-08-12 15:29 - 2014-11-23 15:15 - 0002021 _____ () C:\Users\Standard\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-08-12 15:30 - 2014-11-22 04:23 - 0000616 _____ () C:\Users\Standard\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-09-22 21:00 - 2014-11-17 14:00 - 0000136 _____ () C:\Users\Standard\AppData\Roaming\WB.CFG
2013-10-27 11:49 - 2013-10-27 11:49 - 0384844 _____ () C:\Users\Standard\AppData\Local\funmoods-speeddial.crx
2012-12-18 13:58 - 2012-12-18 13:57 - 0368102 _____ () C:\Users\Standard\AppData\Local\funmoods-speeddial_sf.crx
2012-12-18 13:58 - 2013-10-27 11:49 - 0031465 _____ () C:\Users\Standard\AppData\Local\funmoods.crx
2014-10-23 10:34 - 2014-11-06 11:13 - 0000600 _____ () C:\Users\Standard\AppData\Local\PUTTY.RND
2012-02-15 20:52 - 2012-02-15 20:52 - 0017408 _____ () C:\Users\Standard\AppData\Local\WebpageIcons.db
2014-10-20 21:55 - 2014-10-20 21:55 - 0000000 _____ () C:\Users\Standard\AppData\Local\{4DEEF610-58D0-40A4-AD3B-FD42AD9AA7AC}
2011-08-01 08:37 - 2010-01-16 06:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-11-18 09:53 - 2010-11-18 09:53 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-11-18 09:51 - 2010-11-18 09:52 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-11-18 09:48 - 2010-11-18 09:49 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-11-18 09:52 - 2010-11-18 09:53 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-11-18 09:48 - 2010-11-18 09:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-11-18 09:49 - 2010-11-18 09:51 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Standard\AppData\Local\Temp\Bit483E.tmp.exe
C:\Users\Standard\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Standard\AppData\Local\Temp\eauninstall.exe
C:\Users\Standard\AppData\Local\Temp\ose00000.exe
C:\Users\Standard\AppData\Local\Temp\ResetDevice.exe
C:\Users\Standard\AppData\Local\Temp\SearchProtectionSetup.exe

Some zero byte size files/folders:
==========================
C:\Windows\cr2gui32.dll
C:\Windows\javexisa.dll
C:\Windows\javexisb.dll
C:\Windows\stdensrv.dll
C:\Windows\winid332.dll
C:\Windows\wnsperf32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-22 23:34

==================== End Of Log ============================

#4 Příspěvek od **vyosek** » 03 bře 2015 14:57

Keyloggera nevidno, ale za to tam vidim spoooousty dalsiho bordelu, takze jej vyzenem

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

kacikk · #5 Příspěvek od **kacikk** » 03 bře 2015 15:01

2015-02-23 01:07 - 2015-02-23 01:08 - 14156128 _____ (Roman Svihalek, ActivityMon Software) C:\Users\Standard\Downloads\ActivityMonHomeSetupCZ.exe

měl by to být tento soubor, ale když jdu do složky Standard, nemohu tam najít složku Downloads

#6 Příspěvek od **vyosek** » 03 bře 2015 15:29

Pak jej odpalime tedy

Aplikujte AdwCleaner

kacikk · #7 Příspěvek od **kacikk** » 03 bře 2015 19:10

tak hotovo, zde je log

:

# AdwCleaner v4.111 - Logfile created 03/03/2015 at 18:45:10
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Standard - STANDARD-PC
# Running from : C:\Users\Standard\Downloads\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService
Service Deleted : RelevantKnowledge

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\SimilarSites
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\FlvPlayer
Folder Deleted : C:\Program Files (x86)\Funmoods
Folder Deleted : C:\Program Files (x86)\RelevantKnowledge
Folder Deleted : C:\Program Files (x86)\SimilarSites
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files (x86)\GotClip
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Standard\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Standard\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Standard\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Standard\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Standard\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Standard\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
Folder Deleted : C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Folder Deleted : C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl
Folder Deleted : C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Folder Deleted : C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\Windows\SysWOW64\rlls.dll
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Standard\AppData\Local\funmoods.crx
File Deleted : C:\Users\Standard\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Standard\AppData\Local\funmoods-speeddial_sf.crx
File Deleted : C:\Users\Standard\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default\searchplugins\SweetIM Search.xml
File Deleted : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default\searchplugins\yahoo_ff.xml
File Deleted : C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage

***** [ Scheduled tasks ] *****

Task Deleted : AmiUpdXp
Task Deleted : Funmoods

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F90EC64D-B306-4CF7-B6F0-18793F4BE687}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{391FA572-650A-18A8-847B-02118A10DC20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Funmoods
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\SimilarSites
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\WNLT
Key Deleted : HKLM\SOFTWARE\Better-Surf
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimilarSites
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sweetpacks Bundle Uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (cs)

[rzqw8tx1.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[rzqw8tx1.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[rzqw8tx1.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=443898&p=");

-\\ Google Chrome v40.0.2214.115

*************************

AdwCleaner[R0].txt - [31451 bytes] - [03/03/2015 18:38:22]
AdwCleaner[S0].txt - [29581 bytes] - [03/03/2015 18:45:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29641 bytes] ##########

#8 Příspěvek od **vyosek** » 03 bře 2015 19:15

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

kacikk · #9 Příspěvek od **kacikk** » 04 bře 2015 11:12

dám spustit jako správce, ale žádné okno mi tam nevyskočí, co s tím?

kacikk · #10 Příspěvek od **kacikk** » 04 bře 2015 22:31

tak už

tady je log:

Zoek.exe v5.0.0.0 Updated 03-March-2015
Tool run by Standard on st 04.03.2015 at 11:09:21,28.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Standard\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4.3.2015 11:14:45 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\BitComet deleted successfully
C:\PROGRA~2\COMMON~1\XCPCSync.OEM deleted successfully
C:\Program Files\Common Files\EasyInfo deleted successfully
C:\Users\Standard\AppData\Local\GHISLER deleted successfully
C:\Users\Standard\AppData\Local\Research In Motion deleted successfully
C:\Users\Standard\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2882767032-2900810182-58851670-1001\Software\Microsoft\Internet Explorer\SearchScopes\{391FA572-650A-18A8-847B-02118A10DC20} deleted successfully
HKEY_USERS\S-1-5-21-2882767032-2900810182-58851670-1001\Software\Microsoft\Internet Explorer\SearchScopes\{447D8EF1-70E6-40B9-B87D-FA4C673A8561} deleted successfully
HKEY_USERS\S-1-5-21-2882767032-2900810182-58851670-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default\prefs.js:
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "https://search.yahoo.com/search?fr=gree ... =443898&p=");

Added to C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Standard\AppData\Roaming\Thunderbird\Profiles\h2fgqb27.default\prefs.js:

Added to C:\Users\Standard\AppData\Roaming\Thunderbird\Profiles\h2fgqb27.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default

user.js not found
---- Lines {C7AE725D-FA5C-4027-BB4C-787EF9F8248A} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"url_advisor@kaspersky.com\":{\"descriptor\":\"C:\\\\Program Files
---- FireFox user.js and prefs.js backups ----

prefs_04.03.2015_1212_.backup

ProfilePath: C:\Users\Standard\AppData\Roaming\Thunderbird\Profiles\h2fgqb27.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_04.03.2015_1212_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\BitComet not found
C:\extensions.sqlite deleted
C:\ESETUninstaller.exe deleted
C:\Users\Standard\AppData\Roaming\WB.CFG deleted
C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\Users\Standard\Downloads\iLividSetup.exe deleted
C:\Users\Standard\Downloads\SoftonicDownloader_for_zune-software (1).exe deleted
C:\Users\Standard\Downloads\SoftonicDownloader_for_zune-software.exe deleted
C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted
C:\Windows\SysNative\rlls64.dll deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\mjcm deleted
C:\windows\SysNative\tprb deleted
C:\Users\Standard\AppData\Roaming\Thunderbird\Profiles\h2fgqb27.default\extensions\staged deleted
"C:\Users\Standard\AppData\Local\{4DEEF610-58D0-40A4-AD3B-FD42AD9AA7AC}" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Standard\AppData\Roaming\Thunderbird\Profiles\h2fgqb27.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [16.12.2014 15:28]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Standard\AppData\Roaming\Thunderbird\Profiles\h2fgqb27.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\rzqw8tx1.default
ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/deta ... ddbepgkeaa[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[20.10.2013 07:07]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[20.10.2013 07:07]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[16.12.2014 15:24]

Allin1Convert - Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj

==== Chromium Fix ======================

C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfkanglmmnniiolknlhaajllgmlgcdkj_0.localstorage deleted successfully
C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfkanglmmnniiolknlhaajllgmlgcdkj_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
"Backup.Old.Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
"Backup.Old.Start Page"="http://google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IQP731E will be deleted at reboot
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3IO6CE7 will be deleted at reboot
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKUKPFLY will be deleted at reboot
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHQ53CCH will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Standard\AppData\Local\Mozilla\Firefox\Profiles\rzqw8tx1.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=282 folders=100 42833780 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Standard\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Standard\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj" deleted
"C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IQP731E" not found
"C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3IO6CE7" not found
"C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKUKPFLY" not found
"C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHQ53CCH" not found
"C:\Users\Standard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3VD6XZTW\oddcast.com" not found

==== EOF on st 04.03.2015 at 22:28:59,82 ======================

#11 Příspěvek od **vyosek** » 05 bře 2015 07:32

Stažení Farbar Recovery Scan Tool

Odkaz ke stažení: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Na stránce vybereme dle verze svého systému verzi FRST (32bit nebo 64bit), tu si stáhneme.
FRST.exe či FRST64.exe uložíme na Plochu.

Spustte FRST, odsouhlaste licencni podminky a kliknete na Scan - nasledne se vytvorit dva logy (FRST.txt a Addition.txt), oba sem vlozte

VIRY.CZ

Jak najít keylogger v PC?

Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?

Re: Jak najít keylogger v PC?