Podezření na na keylogger nebo ostatní havěť

Zpráva

Blink · #1 Příspěvek od **Blink** » 04 čer 2015 13:49

Ahojte, mám takový problém. Nedávno jsem surfoval po internetu a hledal nějaké věcí, stáhl jsem dost souborů a u některých mi to Avast zahlásil jako virus. Nejsem si jistý, jestli ještě nemám nějaký v PC. Dá se nějak zjistit přítomnost keyloggeru apod. ?
Předem díky za rady.

#2 Příspěvek od **vyosek** » 04 čer 2015 13:53

Zdravim

Na uvod dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Co to melo byt za soubory??

Blink · #3 Příspěvek od **Blink** » 04 čer 2015 15:44

Stahoval jsem pár programů na přehrávání .mkv souborů a avast mi v nich našel nějakou havěť.

log z FRST dodám za chvíli.

Blink · #4 Příspěvek od **Blink** » 04 čer 2015 15:51

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Martin (administrator) on MARTIN-PC on 04-06-2015 16:47:07
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\MountPoints2: {8ba7064f-ffaf-11e4-b3f5-4061868d941a} - I:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-21] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... LYF1L0LYFX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... LYF1L0LYFX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-21] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-03] (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... LYF1L0LYFX

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\0opr5dnc.default
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&t ... LYF1L0LYFX
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=14334 ... LYF1L0LYFX
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\0opr5dnc.default\extensions\searchffv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\0opr5dnc.default\extensions\sweetsearch@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&t ... LYF1L0LYFX

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-24]
CHR Extension: (BetterTTV) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-05-03]
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
CHR Extension: (Steam inventory helper) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-04-15]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
CHR Extension: (LoungeDestroyer) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-05-09]
CHR Extension: (AdBlock) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-07]
CHR Extension: (Bookmark Manager) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-05-12]
CHR Extension: (Twitch Now) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-05-06]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe http://www.mystartsearch.com/?type=sc&t ... LYF1L0LYFX

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-21] (Avast Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-24] (EasyAntiCheat Ltd)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-12-06] (Razer Inc.)
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-21] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-21] (Disc Soft Ltd)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-21] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 16:47 - 2015-06-04 16:47 - 00019404 _____ C:\Users\Martin\Downloads\FRST.txt
2015-06-04 16:46 - 2015-06-04 16:47 - 00000000 ____D C:\FRST
2015-06-04 16:45 - 2015-06-04 16:45 - 02108928 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2015-06-04 14:40 - 2015-06-04 14:40 - 00001207 _____ C:\Users\Martin\Desktop\Install Additional Offers.lnk
2015-06-04 14:39 - 2015-06-04 14:45 - 00000000 ____D C:\KMPlayer
2015-06-04 14:28 - 2015-06-04 14:29 - 37423096 _____ (PandoraTV) C:\Users\Martin\Downloads\3.9.1.135_20150331102851.exe
2015-06-04 14:21 - 2015-06-04 14:21 - 00003212 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe
2015-06-04 14:18 - 2015-06-04 14:21 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-06-04 14:18 - 2015-06-04 14:19 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-06-04 14:18 - 2015-06-04 14:18 - 00000000 _____ C:\Windows\prleth.sys
2015-06-04 14:18 - 2015-06-04 14:18 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-04 14:17 - 2015-06-04 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2015-06-03 22:21 - 2015-06-03 23:07 - 734117888 _____ C:\Users\Martin\Downloads\Scary-Movie-4---(CZ-Dabing,-BEZ-tit,-Komedie-Horor,-USA,-2006).avi
2015-06-03 22:20 - 2015-06-03 22:20 - 01712980 _____ C:\Users\Martin\Downloads\Scary-Movie-4---(CZ-Dabing,-BEZ-tit,-Komedie-Horor,-USA,-2006).avi.opdownload
2015-06-03 22:13 - 2015-06-04 00:36 - 2348089648 _____ C:\Users\Martin\Downloads\Mládeži-Nepřístupno-2013-(Mládeži-Neprístupné,-Movie-43)-(Czech-CS)-[720p]-[JohnyHD].avi
2015-06-03 22:12 - 2015-06-04 00:56 - 1560105870 _____ C:\Users\Martin\Downloads\Scary-Movie-5-(CZ-DABING).mkv
2015-06-03 21:52 - 2015-06-04 14:18 - 00001439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-03 21:52 - 2015-06-04 14:18 - 00001427 _____ C:\Users\Public\Desktop\Opera.lnk
2015-06-03 21:52 - 2015-06-03 21:52 - 00003824 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433361135
2015-06-03 21:51 - 2015-06-04 14:18 - 00001475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-03 21:51 - 2015-06-04 14:18 - 00001463 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-03 21:51 - 2015-06-03 21:57 - 00000000 ____D C:\Users\Martin\AppData\Local\Mozilla
2015-06-03 21:51 - 2015-06-03 21:56 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Mozilla
2015-06-03 21:51 - 2015-06-03 21:51 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-03 21:51 - 2015-06-03 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 21:51 - 2015-06-03 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 21:45 - 2015-06-03 21:45 - 00243536 _____ C:\Users\Martin\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-03 21:43 - 2015-06-03 21:43 - 00683984 _____ (Opera Software) C:\Users\Martin\Downloads\Opera_NI_stable.exe
2015-06-03 20:58 - 2015-06-03 20:58 - 00000222 _____ C:\Users\Martin\Desktop\Realms of the Haunting.url
2015-06-03 20:42 - 2015-06-03 22:17 - 1468749824 _____ C:\Users\Martin\Downloads\Meda-Ted-cz.dab-super-film-VIP-by-jaknar.avi
2015-06-03 16:04 - 2015-06-03 16:04 - 00003174 _____ C:\Windows\System32\Tasks\{B611604F-7DBB-4E02-AF55-1DD0E75DE462}
2015-06-03 15:52 - 2015-06-03 15:52 - 00001040 _____ C:\Users\Martin\Desktop\Adobe Photoshop CC 2014.lnk
2015-06-03 15:47 - 2015-06-03 15:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-06-03 15:12 - 2015-06-03 16:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-03 14:34 - 2015-06-03 14:34 - 00000000 ___RD C:\Users\Martin\Creative Cloud Files
2015-06-03 14:15 - 2015-06-03 14:15 - 00664752 _____ (Adobe Systems Incorporated) C:\Users\Martin\Downloads\CreativeCloudSet-Up.exe
2015-06-01 18:35 - 2015-06-01 18:42 - 00000000 ____D C:\Program Files (x86)\Attomey
2015-06-01 17:42 - 2015-06-01 19:28 - 966577735 _____ C:\Users\Martin\Downloads\Attomey.rar
2015-06-01 15:22 - 2015-06-01 15:22 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX
2015-05-31 11:06 - 2015-05-31 18:24 - 00000000 ____D C:\Users\Martin\AppData\Roaming\.minecraft
2015-05-31 11:05 - 2015-05-31 11:05 - 00000000 ____D C:\ProgramData\Sun
2015-05-31 11:04 - 2015-05-31 11:05 - 00000000 ____D C:\ProgramData\Oracle
2015-05-31 11:01 - 2013-03-28 11:12 - 00695296 _____ (AnjoCaido) C:\Users\Martin\Desktop\Majnkraft.exe
2015-05-31 10:56 - 2015-05-31 10:57 - 00175708 _____ C:\Users\Martin\Downloads\Minecraft-1.5.2.zip
2015-05-29 18:23 - 2015-05-29 18:23 - 00003926 _____ C:\Users\Martin\Downloads\cfg (1).rar
2015-05-28 16:59 - 2015-05-28 16:59 - 00000000 ____D C:\Users\Martin\AppData\Local\Skyrim
2015-05-28 16:07 - 2015-05-28 16:07 - 00000000 ____D C:\Users\Martin\Documents\My Games
2015-05-28 15:45 - 2015-05-28 15:45 - 00003972 _____ C:\Users\Martin\Downloads\cfg.rar
2015-05-25 15:12 - 2015-06-03 18:47 - 00000000 ____D C:\Users\Martin\Documents\ArcaniA - Gothic 4
2015-05-25 15:12 - 2015-05-25 15:12 - 00000000 __SHD C:\ProgramData\SecuROM
2015-05-25 15:07 - 2015-05-25 15:07 - 00002256 _____ C:\Users\Public\Desktop\Definitely not a warez Gothic 4.lnk
2015-05-25 15:04 - 2015-05-25 15:04 - 00000000 ____D C:\Windows\B4F3A360E1E2479DADE79BE3B07F4539.TMP
2015-05-25 15:02 - 2015-05-25 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD Entertainment AG
2015-05-25 14:55 - 2015-05-25 14:55 - 00000000 ____D C:\Program Files (x86)\JoWooD Entertainment AG
2015-05-23 08:48 - 2015-05-23 08:48 - 00001898 _____ C:\Users\Public\Desktop\Gothic III.lnk
2015-05-23 08:39 - 2015-05-23 08:46 - 00000000 ____D C:\Program Files (x86)\Gothic III
2015-05-23 08:39 - 2015-05-23 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III
2015-05-23 08:27 - 2015-05-23 08:27 - 00000000 ____D C:\Program Files (x86)\Gothic 3
2015-05-23 08:20 - 2012-04-23 23:27 - 1588961585 _____ (Nordic Games GmbH ) C:\Users\Martin\Downloads\Gothic_3_EE_Patch_v1.75.14_Int_Full.exe
2015-05-23 07:07 - 2015-05-23 07:43 - 642811423 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part5.rar
2015-05-22 23:22 - 2015-05-23 00:21 - 1048576000 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part4.rar
2015-05-22 23:21 - 2015-05-23 00:22 - 1048576000 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part3.rar
2015-05-22 22:17 - 2015-05-22 23:17 - 1048576000 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part2.rar
2015-05-22 21:00 - 2015-05-22 22:02 - 1048576000 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part1.rar
2015-05-22 12:51 - 2015-05-24 16:35 - 00000000 ____D C:\Users\Martin\Documents\gothic3
2015-05-21 21:17 - 2015-05-21 21:17 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2015-05-21 21:16 - 2015-05-23 08:18 - 00000000 ____D C:\Program Files (x86)\Gothic
2015-05-21 21:10 - 2015-05-21 21:14 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-05-21 21:10 - 2015-05-21 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-05-21 21:10 - 2015-05-21 21:10 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-05-21 21:10 - 2015-05-21 21:10 - 00001743 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-05-21 21:06 - 2015-05-21 21:07 - 13146016 _____ (Disc Soft Ltd) C:\Users\Martin\Downloads\DTLite501-0406.exe
2015-05-21 17:27 - 2015-05-21 20:35 - 3303276544 _____ C:\Users\Martin\Downloads\Gothic-3-CZ+-Comunity-Patch.iso
2015-05-17 19:47 - 2015-05-17 19:48 - 00000000 ____D C:\FOTO_tatka
2015-05-17 14:59 - 2015-05-17 14:59 - 00000222 _____ C:\Users\Martin\Desktop\Nosferatu The Wrath of Malachi.url
2015-05-17 09:48 - 2015-05-17 09:48 - 00000000 ____D C:\Users\Martin\Documents\Moje hry
2015-05-17 09:48 - 2015-05-17 09:48 - 00000000 ____D C:\Users\Martin\AppData\Local\Gas Powered Games
2015-05-16 20:34 - 2015-05-16 20:34 - 00000220 _____ C:\Users\Martin\Desktop\Supreme Commander Forged Alliance.url
2015-05-15 16:43 - 2015-05-15 16:47 - 00000000 ____D C:\Users\Martin\AppData\Local\RADical ROACH
2015-05-13 18:44 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:08 - 2015-05-13 16:08 - 00000000 ____D C:\Users\Martin\AppData\Local\SCE
2015-05-13 13:55 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:55 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 13:55 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 13:55 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 13:54 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 13:54 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 13:54 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 13:54 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 13:54 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 13:54 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 13:54 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 13:54 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 13:54 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 13:54 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 13:54 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 13:54 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 13:54 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 13:54 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 13:54 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 13:54 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 13:54 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 13:54 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 13:54 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 13:54 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 13:54 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 13:54 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 13:54 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 13:54 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 13:54 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 13:54 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 13:54 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 13:54 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 13:54 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 13:54 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 13:54 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 13:54 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 13:54 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 13:54 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 13:54 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 13:54 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 13:54 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 13:54 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 13:54 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 13:54 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 13:54 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 13:54 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 13:54 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 13:54 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 13:54 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 13:54 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 13:54 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 13:54 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 13:54 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 13:54 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 13:54 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 13:54 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 13:54 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 13:54 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 13:54 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 13:54 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 13:54 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 13:54 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 13:54 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 13:54 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 13:53 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 13:53 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 13:53 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 13:53 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 13:52 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 13:52 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 13:52 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 13:52 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 13:52 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 13:52 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 13:52 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 13:52 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 13:52 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 13:52 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 13:52 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 13:52 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 13:52 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 13:52 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 13:52 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 13:52 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 13:52 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 13:52 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 13:52 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 13:52 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 13:52 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 13:52 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:51 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:51 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:51 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 13:51 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:51 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 13:51 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 13:51 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 13:51 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 13:51 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 13:51 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 13:51 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 13:51 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 13:51 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 13:51 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 13:51 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 13:51 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 13:51 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 13:51 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 20:15 - 2015-05-12 20:15 - 00000222 _____ C:\Users\Martin\Desktop\Memories of a Vagabond.url
2015-05-12 20:15 - 2015-05-12 20:15 - 00000222 _____ C:\Users\Martin\Desktop\Enclave.url
2015-05-12 20:13 - 2015-05-12 20:13 - 00000222 _____ C:\Users\Martin\Desktop\RADical ROACH Deluxe Edition.url
2015-05-11 18:36 - 2015-05-11 18:37 - 00000222 _____ C:\Users\Martin\Desktop\PlanetSide 2.url
2015-05-09 21:43 - 2015-06-03 21:52 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Opera Software
2015-05-09 21:43 - 2015-06-03 21:52 - 00000000 ____D C:\Users\Martin\AppData\Local\Opera Software
2015-05-09 21:40 - 2015-06-04 13:42 - 00000000 ____D C:\Program Files (x86)\Opera

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 16:46 - 2014-12-24 11:52 - 01810505 _____ C:\Windows\WindowsUpdate.log
2015-06-04 16:25 - 2014-12-24 13:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2015-06-04 16:21 - 2014-12-24 12:53 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-04 15:53 - 2014-12-24 12:30 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 14:53 - 2014-12-24 13:12 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-04 14:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2015-06-04 14:18 - 2014-12-24 12:32 - 00002495 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-04 14:18 - 2014-12-24 11:55 - 00001721 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-04 13:53 - 2014-12-24 12:30 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 13:48 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 13:48 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 13:41 - 2014-12-24 12:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-04 13:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-04 13:37 - 2009-07-14 06:51 - 00045498 _____ C:\Windows\setupact.log
2015-06-04 07:07 - 2014-12-24 11:53 - 00000000 ____D C:\Users\Martin
2015-06-03 20:58 - 2014-12-24 13:58 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-03 20:30 - 2015-01-18 19:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-03 20:30 - 2015-01-18 19:50 - 00000000 ____D C:\ProgramData\Adobe
2015-06-03 20:30 - 2014-12-24 13:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe
2015-06-03 20:29 - 2014-12-24 12:52 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2015-06-03 17:59 - 2009-07-14 17:18 - 00668866 _____ C:\Windows\system32\perfh005.dat
2015-06-03 17:59 - 2009-07-14 17:18 - 00141526 _____ C:\Windows\system32\perfc005.dat
2015-06-03 17:59 - 2009-07-14 07:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-03 14:30 - 2014-12-30 11:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-01 15:36 - 2014-12-24 13:22 - 00000000 ____D C:\ProgramData\Skype
2015-05-29 17:02 - 2015-04-01 17:00 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client
2015-05-28 21:15 - 2015-02-24 20:20 - 00000000 ____D C:\Users\Martin\Desktop\škola
2015-05-28 21:06 - 2014-12-24 12:47 - 00674076 _____ C:\Windows\PFRO.log
2015-05-28 13:48 - 2014-12-24 13:13 - 00000000 ____D C:\Sdílená složka_Martin
2015-05-25 14:55 - 2014-12-24 19:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-22 12:50 - 2015-03-30 14:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 21:15 - 2015-03-29 13:35 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2015-05-21 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-21 17:50 - 2014-12-24 13:29 - 00083870 _____ C:\Windows\DirectX.log
2015-05-20 18:56 - 2015-04-04 18:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 18:56 - 2015-04-04 18:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-17 13:48 - 2014-12-24 12:30 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 13:48 - 2014-12-24 12:30 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 13:37 - 2015-01-18 19:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 13:28 - 2014-12-28 10:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 13:28 - 2014-12-28 10:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 13:28 - 2009-07-14 06:45 - 00412040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 19:01 - 2009-07-14 17:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 19:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 18:57 - 2014-12-31 13:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-13 18:56 - 2014-12-24 12:08 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 18:49 - 2014-12-24 12:08 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 17:05 - 2014-12-28 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 14:51 - 2015-02-28 10:43 - 00000000 ____D C:\Users\Martin\Desktop\texty

==================== Files in the root of some directories =======

2014-12-28 12:40 - 2014-12-28 12:40 - 0003584 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-18 19:25 - 2015-01-18 19:25 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\fsd38EB.exe
C:\Users\Martin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Martin\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\Martin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Martin\AppData\Local\Temp\utils.dll
C:\Users\Martin\AppData\Local\Temp\_is1462.exe
C:\Users\Martin\AppData\Local\Temp\_is2E16.exe
C:\Users\Martin\AppData\Local\Temp\_is3065.exe
C:\Users\Martin\AppData\Local\Temp\_is33AF.exe
C:\Users\Martin\AppData\Local\Temp\_is567A.exe
C:\Users\Martin\AppData\Local\Temp\_is583F.exe
C:\Users\Martin\AppData\Local\Temp\_is5D2F.exe
C:\Users\Martin\AppData\Local\Temp\_is5DC.exe
C:\Users\Martin\AppData\Local\Temp\_is6AB6.exe
C:\Users\Martin\AppData\Local\Temp\_is7071.exe
C:\Users\Martin\AppData\Local\Temp\_is7C71.exe
C:\Users\Martin\AppData\Local\Temp\_is8A86.exe
C:\Users\Martin\AppData\Local\Temp\_is8DE0.exe
C:\Users\Martin\AppData\Local\Temp\_is9B94.exe
C:\Users\Martin\AppData\Local\Temp\_isA4F8.exe
C:\Users\Martin\AppData\Local\Temp\_isCF81.exe
C:\Users\Martin\AppData\Local\Temp\_isDE8F.exe
C:\Users\Martin\AppData\Local\Temp\_isDFC5.exe
C:\Users\Martin\AppData\Local\Temp\_isF2D9.exe
C:\Users\Martin\AppData\Local\Temp\_isF844.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-03 23:27

==================== End of log ============================

Blink · #5 Příspěvek od **Blink** » 04 čer 2015 15:52

Jinak http://vyosek.ic.cz/pro_usery/FRSTLauncher.exe jsem nestáhnul, protože mi to prohlížeč chrome zablokoval. Pokud bude potřeba nějak to pořeším.

#6 Příspěvek od **vyosek** » 04 čer 2015 17:01

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Blink · #7 Příspěvek od **Blink** » 04 čer 2015 18:40

Díky, log dodám za chvíli.

Blink · #8 Příspěvek od **Blink** » 04 čer 2015 18:40

# AdwCleaner v4.206 - Log vytvořen 04/06/2015 v 19:35:04
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-01.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Martin - MARTIN-PC
# Spuštěno z : C:\Users\Martin\Downloads\adwcleaner_4.206.exe
# Nastavení : Čištění

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
Složka Smazáno : C:\Users\Martin\AppData\LocalLow\Toolbar4
Soubor Smazáno : C:\Users\Martin\AppData\Local\Temp\Utils.dll
Soubor Smazáno : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Soubor Smazáno : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Soubor Smazáno : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
Soubor Smazáno : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

Zástupce Vyléčeno : C:\Users\Public\Desktop\Google Chrome.lnk
Zástupce Vyléčeno : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Zástupce Vyléčeno : C:\Users\Public\Desktop\Opera.lnk
Zástupce Vyléčeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Zástupce Vyléčeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Zástupce Vyléčeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Zástupce Vyléčeno : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Zástupce Vyléčeno : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Zástupce Vyléčeno : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Zástupce Vyléčeno : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Zástupce Vyléčeno : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk

***** [ Registry ] *****

Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com]
Klíč Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Klíč Smazáno : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Klíč Smazáno : HKCU\Software\Mozilla\Extends
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Data Obnoveno : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Obnoveno : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKCU\Software\APN PIP
Klíč Smazáno : HKCU\Software\AskPartnerNetwork
Klíč Smazáno : HKCU\Software\HomeTab
Klíč Smazáno : HKCU\Software\simplytech
Klíč Smazáno : HKCU\Software\WajIEnhance
Klíč Smazáno : HKCU\Software\TNT2
Klíč Smazáno : HKCU\Software\WajIntEnhance
Klíč Smazáno : HKCU\Software\SearchProtectWS
Klíč Smazáno : HKCU\Software\Linkey
Klíč Smazáno : HKLM\SOFTWARE\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\Iminent
Klíč Smazáno : HKLM\SOFTWARE\SearchProtect
Klíč Smazáno : HKLM\SOFTWARE\SupDp
Klíč Smazáno : HKLM\SOFTWARE\SupTab
Klíč Smazáno : HKLM\SOFTWARE\supWindowsMangerProtect
Klíč Smazáno : HKLM\SOFTWARE\mystartsearchSoftware
Klíč Smazáno : HKLM\SOFTWARE\WajIntEnhance
Klíč Smazáno : HKLM\SOFTWARE\SpeedBit
Klíč Smazáno : HKLM\SOFTWARE\AIM Toolbar
Klíč Smazáno : HKLM\SOFTWARE\FFPluginHp
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17801

Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v38.0.5 (x86 cs)

[0opr5dnc.default\prefs.js] - Řádek Smazáno : user_pref("browser.newtab.url", "hxxp://www.mystartsearch.com/newtab/?type=nt&t ... LYF1L0LYFX");
[0opr5dnc.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.alias", "mystartsearch");
[0opr5dnc.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[0opr5dnc.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.name", "mystartsearch");
[0opr5dnc.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... ME1L0LYF1L[...]
[0opr5dnc.default\prefs.js] - Řádek Smazáno : user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hp&ts=14334 ... LYF1L0LYFX");

-\\ Google Chrome v43.0.2357.81

[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www.borsice.cz/?page=websearch&srchtext={searchTerms}

-\\ Opera v29.0.1795.60

*************************

AdwCleaner[R0].txt - [13891 bytů] - [04/06/2015 19:33:41]
AdwCleaner[S0].txt - [11133 bytů] - [04/06/2015 19:35:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11192 bytů] ##########

#9 Příspěvek od **vyosek** » 05 čer 2015 18:43

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Blink · #10 Příspěvek od **Blink** » 05 čer 2015 20:23

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Martin on p 05.06.2015 at 20:44:34,11.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Martin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

5.6.2015 20:45:38 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Gothic 3 deleted successfully
C:\Users\Martin\AppData\Roaming\Publish Providers deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\0opr5dnc.default\prefs.js:

Added to C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\0opr5dnc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\0opr5dnc.default

user.js not found
---- Lines Sweet modified from prefs.js ----

user_pref("extensions.enabledAddons", "sweetsearch%40gmail.com:1.0.0.1031,searchffv2%40gmail.com:0.0.4,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_05.06.2015_2109_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command]
@="C:\\Program Files (x86)\\Opera\\Launcher.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Gothic 3 not found
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\Tasks\avastBCLRestart_chrome.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\0opr5dnc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21.04.2015 12:50]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[21.04.2015 12:50]

BTTV - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
SIH - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl
LoungeDestroyer - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl
AdBlock - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Bookmark Manager - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Auto Replay for YouTubeâ„˘ - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
Twitch Now - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk

==== Chromium Startpages ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences
.de:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.google.sk:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":235436}},"www.googleadservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.googleadservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.googletagmanager.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.googletagmanager.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.indiegala.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.youtube-nocookie.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.youtube-nocookie.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www1.blogblog.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www2.blogblog.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"youtu.be:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"youtu.be:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"youtube.com:443":{"alternative_service":[{"port":443,"probability":0.5,"protocol_str":"quic"}]},"youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true}},"supports_quic":{"address":"10.0.0.7","used_quic":true},"version":3}},"ntp":{"app_page_names":["Aplikace"]},"partition":{"per_host_zoom_levels":{"2166136261":{"www.esuba.eu":1.2239010857415449}}},"password_bubble":{"nopes":1},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"Save as PDF\",\"selectedDestinationOrigin\":\"local\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":null,\"selectedDestinationName\":\"UloĹľit jako PDF\",\"mediaSize\":{\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"width_microns\":210000,\"custom_display_name\":\"A4\"}}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":26,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]www.nip.gl,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]www.nip.gl,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"PrvnĂ uĹľivatel","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Martin\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Martin\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13063890792225893"},"sync_promo":{"show_on_first_run_allowed":false},"translate_accepted_count":{"en":0,"sk":0},"translate_blocked_languages":["cs"],"translate_denied_count":{"en":1,"sk":1},"translate_last_denied_time":1419424365075.417,"translate_site_blacklist":[],"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
04F154ABF1B8504E10F903AA4533157DB6D505F58B","gighmmpiobklfepjocnamgkkbiglidom":"722F45EEB5C211771905BB69A7E65A52BD5AD09835D9CA56371F536D1FC706A3","gmlllbghnfkpflemihljekbapjopfjik":"5C6FB67767EE8CD345E2D1D906AE39FEE852D00FAF4B8A344A22EB12853C8D30","gomekmidlodglbbmalcneegieacbdmki":"4865D4CB8285BD2A3886A600B770A821A752FEB4227FC9282E38BFD3676FB807","kanbnempkjnhadplbfgdaagijdbdbjeb":"F45E32A108FCBB0E639CFAB746916EB0AC8551D0ACCECAD013BCDEDA0B207C09","kmendfapggjehodndflmmgagdbamhnfd":"2E00FB44296499D428DC4855AB367106BADC0E4D961262D3EAEF9FA9A3C53D32","mfehgcgbbipciphmccgaenjidiccnmng":"73F7A629BFF4DA4BCAD828674A949391FB788D71FF6E623361AC7F83DE62C99E","mgndgikekgjfcpckkfioiadnlibdjbkf":"7BD85BC1362AB997CA0DCE515FF44433BA195E8C1553FC4CBBB2BB4294BA1020","mhjfbmdgcfjbbpaeojofohoefgiehjai":"615FAD83B438B3C4655E2CFA0350567047706470533AA2C4D0FEDC88E2E525BA","neajdppkdcdipfabeoofebfddakdcjhd":"B818BB13880FB6D18480AAF5449D48E9CFA3656842579897CD4CCF5CC587928B","nkeimhogjdpnpccoofpliimaahmaaome":"FC04C5F0F37F8D553650823D3E91C5B50679B31F4398B61341D882323F2B0CB3","nlmbdmpjmlijibeockamioakdpmhjnpk":"6E8D28FB0754F00EB32D4C581CAA8B52D5E98177F1EB99637B87E999B8CED725","nmmhkkegccagdldgiimedpiccmgmieda":"CC75A5EAF3D64AC2B541807FCBD65E428DC72DC6252C8870696298C3A2492948","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"5CB67B91FDDE97568BDEB3DCB234D4C49C38EC9F2978CAFB3C1413F26FA019FD","pjkljhegncpnkpknbcohdijeoejaedia":"B5922D82AC29AB0D4DE82A7A387DA06700890557835A499906D70FC2D8CC6489"}},"google":{"services":{"last_username":"41CEFBA5AE1632E8551FE0BC5B7D5515150996ACDB3D3846589898F37CA4A5D2","username":"FD3D52B14240466A6ABB52E8CD0F6E7F1BBB40FE7404D39169AFA733C0783250"}},"homepage":"6FB35BE66F0DA13DF168B03DECF72FC1C109F3E8F429ACB60FDE0B6497EDB6F5","homepage_is_newtabpage":"15AC11171B04AECA06780B751BC9F3FC6D9C3F6C7F7EFF85F4BAC3AEBE45B0A8","pinned_tabs":"DCD4FA90DACCD8C582107CEB1B9C02B9D32579850C260CC6E3FDE9E0A2E1F57C","prefs":{"preference_reset_time":"21488DAD159D21B6F766D557117C3FC4257E529B56922B0CA736986E8480925E"},"profile":{"reset_prompt_memento":"C40C5CB41924C14E6D7480A24089E1B851BA07C7BA71E5329FC6F15E34825762"},"safebrowsing":{"incidents_sent":"C8324D13E10852E2D43B3E051C554A401ECCDCFEE19DCED93C42E6D77BDC824D"},"search_provider_overrides":"19113B4B4185F9D611E020515D189DD11AD07AE5246139CDDEC1ABAB7978D5CE","session":{"restore_on_startup":"7C65D6CF5D3E251525D2222D8C14BBDA8D925D6BC3FFC06E77FFF90A8B831872","startup_urls":"35411C9471E7500C95B070229C81006AC8FD2525F5CCEFD687440C0FFD2ACDFF"},"software_reporter":{"prompt_reason":"2C8010D30FBD0E45E4930D21F2EABAA04BCB3DA573898EEDF201FD4DDC25B9AE","prompt_seed":"7E7C804FBAF754876478C6BBA0FB2FF6E585152483C2DF107C69CCFEAE09DF61","prompt_version":"C15270CF887F2F8BB47755D56E7091A3DF96ECD2BFF7A739627B7D64A653576D"},"sync":{"remaining_rollback_tries":"10C4F419D36126E709B21B99AAA37720437BCC997A53783542A3252F33E1114E"}},"super_mac":"DD3C87513CEABF71ED72DB464888923867778F2A584AA5F7B5DA5D9AE78414D3"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":null,"startup_urls":["https://www.google.com/?trackid=sp-006"],"urls_to_restore_on_startup":null}}
04F154ABF1B8504E10F903AA4533157DB6D505F58B","gighmmpiobklfepjocnamgkkbiglidom":"722F45EEB5C211771905BB69A7E65A52BD5AD09835D9CA56371F536D1FC706A3","gmlllbghnfkpflemihljekbapjopfjik":"5C6FB67767EE8CD345E2D1D906AE39FEE852D00FAF4B8A344A22EB12853C8D30","gomekmidlodglbbmalcneegieacbdmki":"4865D4CB8285BD2A3886A600B770A821A752FEB4227FC9282E38BFD3676FB807","kanbnempkjnhadplbfgdaagijdbdbjeb":"F45E32A108FCBB0E639CFAB746916EB0AC8551D0ACCECAD013BCDEDA0B207C09","kmendfapggjehodndflmmgagdbamhnfd":"2E00FB44296499D428DC4855AB367106BADC0E4D961262D3EAEF9FA9A3C53D32","mfehgcgbbipciphmccgaenjidiccnmng":"73F7A629BFF4DA4BCAD828674A949391FB788D71FF6E623361AC7F83DE62C99E","mgndgikekgjfcpckkfioiadnlibdjbkf":"7BD85BC1362AB997CA0DCE515FF44433BA195E8C1553FC4CBBB2BB4294BA1020","mhjfbmdgcfjbbpaeojofohoefgiehjai":"615FAD83B438B3C4655E2CFA0350567047706470533AA2C4D0FEDC88E2E525BA","neajdppkdcdipfabeoofebfddakdcjhd":"B818BB13880FB6D18480AAF5449D48E9CFA3656842579897CD4CCF5CC587928B","nkeimhogjdpnpccoofpliimaahmaaome":"FC04C5F0F37F8D553650823D3E91C5B50679B31F4398B61341D882323F2B0CB3","nlmbdmpjmlijibeockamioakdpmhjnpk":"6E8D28FB0754F00EB32D4C581CAA8B52D5E98177F1EB99637B87E999B8CED725","nmmhkkegccagdldgiimedpiccmgmieda":"CC75A5EAF3D64AC2B541807FCBD65E428DC72DC6252C8870696298C3A2492948","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"5CB67B91FDDE97568BDEB3DCB234D4C49C38EC9F2978CAFB3C1413F26FA019FD","pjkljhegncpnkpknbcohdijeoejaedia":"B5922D82AC29AB0D4DE82A7A387DA06700890557835A499906D70FC2D8CC6489"}},"google":{"services":{"last_username":"41CEFBA5AE1632E8551FE0BC5B7D5515150996ACDB3D3846589898F37CA4A5D2","username":"FD3D52B14240466A6ABB52E8CD0F6E7F1BBB40FE7404D39169AFA733C0783250"}},"homepage":"6FB35BE66F0DA13DF168B03DECF72FC1C109F3E8F429ACB60FDE0B6497EDB6F5","homepage_is_newtabpage":"15AC11171B04AECA06780B751BC9F3FC6D9C3F6C7F7EFF85F4BAC3AEBE45B0A8","pinned_tabs":"DCD4FA90DACCD8C582107CEB1B9C02B9D32579850C260CC6E3FDE9E0A2E1F57C","prefs":{"preference_reset_time":"21488DAD159D21B6F766D557117C3FC4257E529B56922B0CA736986E8480925E"},"profile":{"reset_prompt_memento":"C40C5CB41924C14E6D7480A24089E1B851BA07C7BA71E5329FC6F15E34825762"},"safebrowsing":{"incidents_sent":"C8324D13E10852E2D43B3E051C554A401ECCDCFEE19DCED93C42E6D77BDC824D"},"search_provider_overrides":"19113B4B4185F9D611E020515D189DD11AD07AE5246139CDDEC1ABAB7978D5CE","session":{"restore_on_startup":"7C65D6CF5D3E251525D2222D8C14BBDA8D925D6BC3FFC06E77FFF90A8B831872","startup_urls":"35411C9471E7500C95B070229C81006AC8FD2525F5CCEFD687440C0FFD2ACDFF"},"software_reporter":{"prompt_reason":"2C8010D30FBD0E45E4930D21F2EABAA04BCB3DA573898EEDF201FD4DDC25B9AE","prompt_seed":"7E7C804FBAF754876478C6BBA0FB2FF6E585152483C2DF107C69CCFEAE09DF61","prompt_version":"C15270CF887F2F8BB47755D56E7091A3DF96ECD2BFF7A739627B7D64A653576D"},"sync":{"remaining_rollback_tries":"10C4F419D36126E709B21B99AAA37720437BCC997A53783542A3252F33E1114E"}},"super_mac":"DD3C87513CEABF71ED72DB464888923867778F2A584AA5F7B5DA5D9AE78414D3"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":null,"startup_urls":["https://www.google.com/?trackid=sp-006"],"urls_to_restore_on_startup":null}}

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=s ... earchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=s ... earchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=s ... earchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=s ... earchTerms}"

==== Reset Google Chrome ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Martin\AppData\Local\Mozilla\Firefox\Profiles\0opr5dnc.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Martin\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=33 folders=32 29076855 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Martin\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Martin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on p 05.06.2015 at 21:21:58,66 ======================

#11 Příspěvek od **vyosek** » 05 čer 2015 21:53

Poprosim o novy log z FRST

Blink · #12 Příspěvek od **Blink** » 06 čer 2015 08:06

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Martin (administrator) on MARTIN-PC on 06-06-2015 09:03:56
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\MountPoints2: {8ba7064f-ffaf-11e4-b3f5-4061868d941a} - I:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-21] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-21] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\0opr5dnc.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-23]

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-24]
CHR Extension: (BetterTTV) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-06-05]
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
CHR Extension: (Steam inventory helper) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-06-05]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
CHR Extension: (Google Sheets) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-05]
CHR Extension: (LoungeDestroyer) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-06-05]
CHR Extension: (AdBlock) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-05]
CHR Extension: (Bookmark Manager) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-04]
CHR Extension: (Twitch Now) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-06-05]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-21] (Avast Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-24] (EasyAntiCheat Ltd)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-12-06] (Razer Inc.)
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-21] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-21] (Disc Soft Ltd)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-21] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 09:03 - 2015-06-06 09:03 - 02108928 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2015-06-06 09:03 - 2015-06-06 09:03 - 00000000 ____D C:\FRST
2015-06-05 22:37 - 2015-06-06 01:50 - 2830350446 _____ C:\Users\Martin\Downloads\Postradatelni.2.720p.BDRip.XviD.AC3.CZ.avi
2015-06-05 22:37 - 2015-06-06 00:13 - 1151848351 _____ C:\Users\Martin\Downloads\Postradatelni-2-cz-(1080p,-XVID,-AC3-5.1).mp4
2015-06-05 21:15 - 2015-06-05 20:44 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-05 20:45 - 2015-06-05 21:21 - 00022280 _____ C:\zoek-results.log
2015-06-05 20:42 - 2015-06-05 21:09 - 00000000 ____D C:\zoek_backup
2015-06-05 15:46 - 2015-06-05 15:46 - 00000000 ____D C:\Users\Public\Documents\Explorer Suite Signatures
2015-06-05 15:46 - 2015-06-05 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite
2015-06-05 15:46 - 2015-06-05 15:46 - 00000000 ____D C:\Program Files\NTCore
2015-06-05 15:45 - 2015-06-05 15:46 - 03613174 _____ ( ) C:\Users\Martin\Downloads\ExplorerSuite.exe
2015-06-05 15:21 - 2015-06-05 21:35 - 00000000 ____D C:\Attomey
2015-06-05 14:09 - 2015-06-05 15:24 - 1137120951 _____ C:\Users\Martin\Downloads\Attomey.rar
2015-06-04 19:58 - 2015-06-04 19:58 - 01711444 _____ C:\Users\Martin\Downloads\cervik.dem
2015-06-04 19:33 - 2015-06-04 19:35 - 00000000 ____D C:\AdwCleaner
2015-06-04 16:48 - 2015-06-04 16:48 - 00049657 _____ C:\Users\Martin\Downloads\Addition.txt
2015-06-04 16:47 - 2015-06-06 09:04 - 00014619 _____ C:\Users\Martin\Downloads\FRST.txt
2015-06-04 14:18 - 2015-06-04 14:19 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-06-04 14:18 - 2015-06-04 14:18 - 00000000 _____ C:\Windows\prleth.sys
2015-06-04 14:18 - 2015-06-04 14:18 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-03 22:21 - 2015-06-03 23:07 - 734117888 _____ C:\Users\Martin\Downloads\Scary-Movie-4---(CZ-Dabing,-BEZ-tit,-Komedie-Horor,-USA,-2006).avi
2015-06-03 22:20 - 2015-06-03 22:20 - 01712980 _____ C:\Users\Martin\Downloads\Scary-Movie-4---(CZ-Dabing,-BEZ-tit,-Komedie-Horor,-USA,-2006).avi.opdownload
2015-06-03 22:13 - 2015-06-04 00:36 - 2348089648 _____ C:\Users\Martin\Downloads\Mládeži-Nepřístupno-2013-(Mládeži-Neprístupné,-Movie-43)-(Czech-CS)-[720p]-[JohnyHD].avi
2015-06-03 22:12 - 2015-06-04 00:56 - 1560105870 _____ C:\Users\Martin\Downloads\Scary-Movie-5-(CZ-DABING).mkv
2015-06-03 21:52 - 2015-06-04 19:35 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-03 21:52 - 2015-06-04 19:35 - 00000986 _____ C:\Users\Public\Desktop\Opera.lnk
2015-06-03 21:52 - 2015-06-03 21:52 - 00003824 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433361135
2015-06-03 21:51 - 2015-06-04 19:35 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-03 21:51 - 2015-06-04 19:35 - 00001053 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-03 21:51 - 2015-06-03 21:57 - 00000000 ____D C:\Users\Martin\AppData\Local\Mozilla
2015-06-03 21:51 - 2015-06-03 21:56 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Mozilla
2015-06-03 21:51 - 2015-06-03 21:51 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-03 21:51 - 2015-06-03 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 21:51 - 2015-06-03 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 21:45 - 2015-06-03 21:45 - 00243536 _____ C:\Users\Martin\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-03 21:43 - 2015-06-03 21:43 - 00683984 _____ (Opera Software) C:\Users\Martin\Downloads\Opera_NI_stable.exe
2015-06-03 20:58 - 2015-06-03 20:58 - 00000222 _____ C:\Users\Martin\Desktop\Realms of the Haunting.url
2015-06-03 20:42 - 2015-06-03 22:17 - 1468749824 _____ C:\Users\Martin\Downloads\Meda-Ted-cz.dab-super-film-VIP-by-jaknar.avi
2015-06-03 16:04 - 2015-06-03 16:04 - 00003174 _____ C:\Windows\System32\Tasks\{B611604F-7DBB-4E02-AF55-1DD0E75DE462}
2015-06-03 15:52 - 2015-06-03 15:52 - 00001040 _____ C:\Users\Martin\Desktop\Adobe Photoshop CC 2014.lnk
2015-06-03 15:47 - 2015-06-03 15:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-06-03 15:12 - 2015-06-03 16:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-03 14:34 - 2015-06-03 14:34 - 00000000 ___RD C:\Users\Martin\Creative Cloud Files
2015-06-03 14:15 - 2015-06-03 14:15 - 00664752 _____ (Adobe Systems Incorporated) C:\Users\Martin\Downloads\CreativeCloudSet-Up.exe
2015-06-01 18:35 - 2015-06-01 18:42 - 00000000 ____D C:\Program Files (x86)\Attomey
2015-06-01 15:22 - 2015-06-01 15:22 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX
2015-05-31 11:06 - 2015-05-31 18:24 - 00000000 ____D C:\Users\Martin\AppData\Roaming\.minecraft
2015-05-31 11:05 - 2015-05-31 11:05 - 00000000 ____D C:\ProgramData\Sun
2015-05-31 11:04 - 2015-05-31 11:05 - 00000000 ____D C:\ProgramData\Oracle
2015-05-31 11:01 - 2013-03-28 11:12 - 00695296 _____ (AnjoCaido) C:\Users\Martin\Desktop\Majnkraft.exe
2015-05-31 10:56 - 2015-05-31 10:57 - 00175708 _____ C:\Users\Martin\Downloads\Minecraft-1.5.2.zip
2015-05-29 18:23 - 2015-05-29 18:23 - 00003926 _____ C:\Users\Martin\Downloads\cfg (1).rar
2015-05-28 16:59 - 2015-05-28 16:59 - 00000000 ____D C:\Users\Martin\AppData\Local\Skyrim
2015-05-28 16:07 - 2015-05-28 16:07 - 00000000 ____D C:\Users\Martin\Documents\My Games
2015-05-28 15:45 - 2015-05-28 15:45 - 00003972 _____ C:\Users\Martin\Downloads\cfg.rar
2015-05-25 15:12 - 2015-06-03 18:47 - 00000000 ____D C:\Users\Martin\Documents\ArcaniA - Gothic 4
2015-05-25 15:12 - 2015-05-25 15:12 - 00000000 __SHD C:\ProgramData\SecuROM
2015-05-25 15:07 - 2015-05-25 15:07 - 00002256 _____ C:\Users\Public\Desktop\Definitely not a warez Gothic 4.lnk
2015-05-25 15:04 - 2015-05-25 15:04 - 00000000 ____D C:\Windows\B4F3A360E1E2479DADE79BE3B07F4539.TMP
2015-05-25 15:02 - 2015-05-25 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD Entertainment AG
2015-05-25 14:55 - 2015-05-25 14:55 - 00000000 ____D C:\Program Files (x86)\JoWooD Entertainment AG
2015-05-23 08:48 - 2015-05-23 08:48 - 00001898 _____ C:\Users\Public\Desktop\Gothic III.lnk
2015-05-23 08:39 - 2015-05-23 08:46 - 00000000 ____D C:\Program Files (x86)\Gothic III
2015-05-23 08:39 - 2015-05-23 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III
2015-05-23 08:20 - 2012-04-23 23:27 - 1588961585 _____ (Nordic Games GmbH ) C:\Users\Martin\Downloads\Gothic_3_EE_Patch_v1.75.14_Int_Full.exe
2015-05-23 07:07 - 2015-05-23 07:43 - 642811423 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part5.rar
2015-05-22 23:22 - 2015-05-23 00:21 - 1048576000 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part4.rar
2015-05-22 23:21 - 2015-05-23 00:22 - 1048576000 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part3.rar
2015-05-22 22:17 - 2015-05-22 23:17 - 1048576000 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part2.rar
2015-05-22 21:00 - 2015-05-22 22:02 - 1048576000 _____ C:\Users\Martin\Downloads\Gothic-3-Enhanced-Edition-1.75-CZ-2015.part1.rar
2015-05-22 12:51 - 2015-05-24 16:35 - 00000000 ____D C:\Users\Martin\Documents\gothic3
2015-05-21 21:17 - 2015-05-21 21:17 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2015-05-21 21:16 - 2015-05-23 08:18 - 00000000 ____D C:\Program Files (x86)\Gothic
2015-05-21 21:10 - 2015-05-21 21:14 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-05-21 21:10 - 2015-05-21 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-05-21 21:10 - 2015-05-21 21:10 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-05-21 21:10 - 2015-05-21 21:10 - 00001743 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-05-21 21:06 - 2015-05-21 21:07 - 13146016 _____ (Disc Soft Ltd) C:\Users\Martin\Downloads\DTLite501-0406.exe
2015-05-21 17:27 - 2015-05-21 20:35 - 3303276544 _____ C:\Users\Martin\Downloads\Gothic-3-CZ+-Comunity-Patch.iso
2015-05-17 19:47 - 2015-05-17 19:48 - 00000000 ____D C:\FOTO_tatka
2015-05-17 14:59 - 2015-05-17 14:59 - 00000222 _____ C:\Users\Martin\Desktop\Nosferatu The Wrath of Malachi.url
2015-05-17 09:48 - 2015-05-17 09:48 - 00000000 ____D C:\Users\Martin\Documents\Moje hry
2015-05-17 09:48 - 2015-05-17 09:48 - 00000000 ____D C:\Users\Martin\AppData\Local\Gas Powered Games
2015-05-16 20:34 - 2015-05-16 20:34 - 00000220 _____ C:\Users\Martin\Desktop\Supreme Commander Forged Alliance.url
2015-05-15 16:43 - 2015-05-15 16:47 - 00000000 ____D C:\Users\Martin\AppData\Local\RADical ROACH
2015-05-13 18:44 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:08 - 2015-05-13 16:08 - 00000000 ____D C:\Users\Martin\AppData\Local\SCE
2015-05-13 13:55 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:55 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 13:55 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 13:55 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 13:54 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 13:54 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 13:54 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 13:54 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 13:54 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 13:54 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 13:54 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 13:54 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 13:54 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 13:54 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 13:54 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 13:54 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 13:54 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 13:54 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 13:54 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 13:54 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 13:54 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 13:54 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 13:54 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 13:54 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 13:54 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 13:54 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 13:54 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 13:54 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 13:54 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 13:54 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 13:54 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 13:54 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 13:54 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 13:54 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 13:54 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 13:54 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 13:54 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 13:54 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 13:54 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 13:54 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 13:54 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 13:54 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 13:54 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 13:54 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 13:54 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 13:54 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 13:54 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 13:54 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 13:54 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 13:54 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 13:54 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 13:54 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 13:54 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 13:54 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 13:54 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 13:54 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 13:54 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 13:54 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 13:54 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 13:54 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 13:54 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 13:54 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 13:54 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 13:54 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 13:53 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 13:53 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 13:53 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 13:53 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 13:52 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 13:52 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 13:52 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 13:52 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 13:52 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 13:52 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 13:52 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 13:52 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 13:52 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 13:52 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 13:52 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 13:52 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 13:52 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 13:52 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 13:52 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 13:52 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 13:52 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 13:52 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 13:52 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 13:52 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 13:52 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 13:52 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 13:52 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 13:52 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 13:52 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 13:52 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 13:52 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 13:51 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:51 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:51 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 13:51 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:51 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 13:51 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 13:51 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 13:51 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 13:51 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 13:51 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 13:51 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 13:51 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 13:51 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 13:51 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 13:51 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 13:51 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 13:51 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 13:51 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 20:15 - 2015-05-12 20:15 - 00000222 _____ C:\Users\Martin\Desktop\Memories of a Vagabond.url
2015-05-12 20:15 - 2015-05-12 20:15 - 00000222 _____ C:\Users\Martin\Desktop\Enclave.url
2015-05-12 20:13 - 2015-05-12 20:13 - 00000222 _____ C:\Users\Martin\Desktop\RADical ROACH Deluxe Edition.url
2015-05-11 18:36 - 2015-05-11 18:37 - 00000222 _____ C:\Users\Martin\Desktop\PlanetSide 2.url
2015-05-09 21:43 - 2015-06-03 21:52 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Opera Software
2015-05-09 21:43 - 2015-06-03 21:52 - 00000000 ____D C:\Users\Martin\AppData\Local\Opera Software
2015-05-09 21:40 - 2015-06-04 13:42 - 00000000 ____D C:\Program Files (x86)\Opera

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 08:53 - 2014-12-24 12:30 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-06 08:52 - 2014-12-24 13:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2015-06-06 08:21 - 2014-12-24 12:53 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-06 08:04 - 2014-12-24 11:52 - 01926825 _____ C:\Windows\WindowsUpdate.log
2015-06-06 07:52 - 2014-12-24 13:12 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-06 06:38 - 2009-07-14 17:18 - 00668866 _____ C:\Windows\system32\perfh005.dat
2015-06-06 06:38 - 2009-07-14 17:18 - 00141526 _____ C:\Windows\system32\perfc005.dat
2015-06-06 06:38 - 2009-07-14 07:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-05 22:40 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-05 22:40 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-05 22:30 - 2014-12-24 12:30 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 22:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-05 22:30 - 2009-07-14 06:51 - 00047466 _____ C:\Windows\setupact.log
2015-06-05 21:17 - 2014-12-24 12:47 - 00677180 _____ C:\Windows\PFRO.log
2015-06-04 19:35 - 2014-12-24 12:32 - 00001290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-04 19:35 - 2014-12-24 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-04 19:35 - 2014-12-24 11:55 - 00000971 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-04 14:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2015-06-04 13:41 - 2014-12-24 12:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-04 07:07 - 2014-12-24 11:53 - 00000000 ____D C:\Users\Martin
2015-06-03 20:58 - 2014-12-24 13:58 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-03 20:30 - 2015-01-18 19:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-03 20:30 - 2015-01-18 19:50 - 00000000 ____D C:\ProgramData\Adobe
2015-06-03 20:30 - 2014-12-24 13:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe
2015-06-03 20:29 - 2014-12-24 12:52 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2015-06-01 15:36 - 2014-12-24 13:22 - 00000000 ____D C:\ProgramData\Skype
2015-05-29 17:02 - 2015-04-01 17:00 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client
2015-05-28 21:15 - 2015-02-24 20:20 - 00000000 ____D C:\Users\Martin\Desktop\škola
2015-05-28 13:48 - 2014-12-24 13:13 - 00000000 ____D C:\Sdílená složka_Martin
2015-05-25 14:55 - 2014-12-24 19:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-22 12:50 - 2015-03-30 14:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 21:15 - 2015-03-29 13:35 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2015-05-21 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-21 17:50 - 2014-12-24 13:29 - 00083870 _____ C:\Windows\DirectX.log
2015-05-20 18:56 - 2015-04-04 18:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 18:56 - 2015-04-04 18:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-17 13:48 - 2014-12-24 12:30 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 13:48 - 2014-12-24 12:30 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 13:37 - 2015-01-18 19:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 13:28 - 2014-12-28 10:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 13:28 - 2014-12-28 10:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 13:28 - 2009-07-14 06:45 - 00412040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 19:01 - 2009-07-14 17:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 19:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 18:57 - 2014-12-31 13:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-13 18:56 - 2014-12-24 12:08 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 18:49 - 2014-12-24 12:08 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 17:05 - 2014-12-28 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 14:51 - 2015-02-28 10:43 - 00000000 ____D C:\Users\Martin\Desktop\texty

==================== Files in the root of some directories =======

2014-12-28 12:40 - 2014-12-28 12:40 - 0003584 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-18 19:25 - 2015-01-18 19:25 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-03 23:27

==================== End of log ============================

#13 Příspěvek od **vyosek** » 06 čer 2015 09:54

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\MountPoints2: {8ba7064f-ffaf-11e4-b3f5-4061868d941a} - I:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-26] (Microsoft Corporation)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

2015-06-05 21:15 - 2015-06-05 20:44 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-05 20:45 - 2015-06-05 21:21 - 00022280 _____ C:\zoek-results.log
2015-06-05 20:42 - 2015-06-05 21:09 - 00000000 ____D C:\zoek_backup
2015-06-04 19:33 - 2015-06-04 19:35 - 00000000 ____D C:\AdwCleaner
2015-06-04 16:48 - 2015-06-04 16:48 - 00049657 _____ C:\Users\Martin\Downloads\Addition.txt
2015-06-04 16:47 - 2015-06-06 09:04 - 00014619 _____ C:\Users\Martin\Downloads\FRST.txt

2015-06-06 08:53 - 2014-12-24 12:30 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-06 08:21 - 2014-12-24 12:53 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-05 22:30 - 2014-12-24 12:30 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Blink · #14 Příspěvek od **Blink** » 07 čer 2015 07:25

Fix result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by Martin at 2015-06-07 08:20:12 Run:1
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\...\MountPoints2: {8ba7064f-ffaf-11e4-b3f5-4061868d941a} - I:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-26] (Microsoft Corporation)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2506453747-3470151250-3056151774-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

2015-06-05 21:15 - 2015-06-05 20:44 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-05 20:45 - 2015-06-05 21:21 - 00022280 _____ C:\zoek-results.log
2015-06-05 20:42 - 2015-06-05 21:09 - 00000000 ____D C:\zoek_backup
2015-06-04 19:33 - 2015-06-04 19:35 - 00000000 ____D C:\AdwCleaner
2015-06-04 16:48 - 2015-06-04 16:48 - 00049657 _____ C:\Users\Martin\Downloads\Addition.txt
2015-06-04 16:47 - 2015-06-06 09:04 - 00014619 _____ C:\Users\Martin\Downloads\FRST.txt

2015-06-06 08:53 - 2014-12-24 12:30 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-06 08:21 - 2014-12-24 12:53 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-05 22:30 - 2014-12-24 12:30 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
"HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ba7064f-ffaf-11e4-b3f5-4061868d941a}" => key removed successfully
HKCR\CLSID\{8ba7064f-ffaf-11e4-b3f5-4061868d941a} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2506453747-3470151250-3056151774-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Windows\zoek-delete.exe => moved successfully.
C:\zoek-results.log => moved successfully.
C:\zoek_backup => moved successfully.
C:\AdwCleaner => moved successfully.
C:\Users\Martin\Downloads\Addition.txt => moved successfully.
C:\Users\Martin\Downloads\FRST.txt => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 777.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 08:21:44 ====

#15 Příspěvek od **vyosek** » 07 čer 2015 07:45

Jak se chova PC??

VIRY.CZ

Podezření na na keylogger nebo ostatní havěť

Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť

Re: Podezření na na keylogger nebo ostatní havěť