Prosím o kontrolu logu - nejdou spustit prohlížeče
Díky
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by user (administrator) on USER-PC (27-01-2016 10:43:25)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Siliten) C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Siliten) C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\wmi64.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2157056 2009-05-18] (VIA)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Launch SilverCrest STMS 2219 A1-K] => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe [3403256 2013-07-16] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest STMS 2219 A1-M] => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe [2841592 2013-07-16] (Siliten)
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [] => [X]
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-3191891479-3081992602-3358847149-1000] => hxxp://stoppblock.me/wpad.dat?bbad4e81236ac3ea2381b3fe5d3736ea3353434
Tcpip\Parameters: [DhcpNameServer] 79.127.195.194 79.127.192.230
Tcpip\..\Interfaces\{35EDDC84-5862-4BA6-9D19-1D860F2936C9}: [DhcpNameServer] 79.127.195.194 79.127.192.230
Tcpip\..\Interfaces\{6FFD468E-498F-4FF6-A449-FEAA356C3CF8}: [DhcpNameServer] 79.127.195.194 79.127.192.230
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://seznam.cz/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000 -> {F51A1236-A965-4773-9076-3D876BC613D4} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-10-10] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-13] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-13] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2012-05-31] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-10-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO-x32: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files (x86)\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll [2015-12-28] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-05-31] (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-03-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-15] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Disk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Kaspersky URL poradce) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Virtuální klávesnice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-12-06]
CHR Extension: (League of Legends Project Zed) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdgcilhemjhldjgekiomonckoomnoog [2015-12-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-10]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-10]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2015-09-06] ()
R2 Správce výběru OS; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2010-07-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-09] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458544 2012-04-13] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [85336 2012-05-29] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [640344 2012-05-29] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30000 2012-03-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54064 2012-05-12] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [172888 2012-05-24] (Kaspersky Lab)
R3 MouFilter_Mou_FlexDef4; C:\Windows\System32\DRIVERS\MouFilter_FlexDef4.sys [15360 2010-10-20] (Siliten)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 VmtkmHid_0; C:\Windows\System32\DRIVERS\VmtkmHid_0.sys [11264 2012-07-23] (0)
R3 VmtkmHid_MouFiltr_0; C:\Windows\System32\DRIVERS\VmtkmMouFiltr_0.sys [7168 2012-07-23] (0)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 secdrv; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-27 10:43 - 2016-01-27 10:43 - 00019831 _____ C:\Users\user\Desktop\FRST.txt
2016-01-27 10:42 - 2016-01-27 10:39 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2016-01-27 10:41 - 2016-01-27 10:42 - 00000564 ___SH C:\Windows\KLIF.spi
2016-01-27 10:40 - 2016-01-27 10:22 - 02370560 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-01-27 09:51 - 2016-01-27 09:51 - 00002684 _____ C:\Users\user\Documents\cc_20160127_095146.reg
2016-01-27 09:09 - 2016-01-27 09:09 - 00000000 ____D C:\Users\user\Documents\Nokia Suite
2016-01-27 09:03 - 2016-01-27 09:46 - 00000000 ____D C:\Users\user\Downloads\kontakty
2016-01-27 08:55 - 2016-01-27 08:56 - 00000000 ____D C:\Users\user\Downloads\NOKIA-kontakty
2016-01-27 08:49 - 2016-01-27 08:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Nokia Suite
2016-01-27 08:49 - 2016-01-27 08:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Nokia
2016-01-27 08:48 - 2016-01-27 08:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2016-01-27 08:48 - 2016-01-27 08:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2016-01-27 08:47 - 2016-01-27 08:47 - 00000000 ____D C:\Users\user\AppData\Local\NokiaAccount
2016-01-27 08:46 - 2016-01-27 08:48 - 00000000 ____D C:\Users\user\AppData\Roaming\PC Suite
2016-01-27 08:46 - 2016-01-27 08:48 - 00000000 ____D C:\ProgramData\PC Suite
2016-01-27 08:46 - 2016-01-27 08:46 - 00002089 _____ C:\Users\Public\Desktop\Nokia Suite.lnk
2016-01-27 08:46 - 2016-01-27 08:46 - 00000000 ____D C:\Users\user\AppData\Local\Nokia
2016-01-27 08:46 - 2016-01-27 08:46 - 00000000 ____D C:\ProgramData\Nokia
2016-01-27 08:46 - 2016-01-27 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2016-01-27 08:45 - 2016-01-27 08:45 - 00000000 ____D C:\Program Files\DIFX
2016-01-27 08:45 - 2016-01-27 08:45 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2016-01-27 08:45 - 2013-01-23 10:31 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsX64.dll
2016-01-27 08:45 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2016-01-27 08:44 - 2016-01-27 08:46 - 00000000 ____D C:\Program Files (x86)\Nokia
2016-01-27 08:44 - 2016-01-27 08:44 - 00000000 ____D C:\ProgramData\NokiaInstallerCache
2016-01-26 20:28 - 2016-01-26 20:28 - 00000801 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-01-26 20:28 - 2016-01-26 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-01-16 07:40 - 2016-01-16 07:40 - 00071666 _____ C:\Users\user\Documents\cc_20160116_074000.reg
2016-01-13 14:12 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 14:12 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 14:12 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 14:12 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 14:12 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 14:12 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 14:12 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 14:12 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 14:12 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 14:12 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 14:12 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 14:12 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 14:12 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 14:12 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 14:12 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 14:12 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 14:12 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 14:12 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 14:12 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 14:12 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 14:12 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 14:12 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 14:12 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 14:12 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 14:12 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 14:12 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 14:12 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 14:12 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 14:12 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 14:12 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 14:12 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 14:12 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 14:12 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 14:12 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 14:12 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 14:12 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 14:12 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 14:12 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 14:12 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 14:12 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 14:12 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 14:12 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 14:12 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 14:12 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 14:12 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 14:12 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 14:12 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 14:12 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 14:12 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 14:12 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 14:12 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 14:12 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 14:12 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 14:12 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 14:12 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 14:11 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 14:11 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 14:11 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 14:11 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 14:11 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 14:11 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 14:11 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 14:11 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 14:11 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 14:11 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 14:11 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 14:11 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 14:11 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 14:11 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 14:11 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 14:11 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 14:11 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 14:11 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 14:11 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 14:11 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 14:11 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 14:11 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 14:11 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 14:11 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 14:11 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 14:11 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 14:11 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 14:11 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 14:11 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 14:11 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 14:11 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 14:11 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 14:11 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 14:11 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 14:11 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 14:11 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 14:11 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 14:11 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 14:11 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 14:11 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 14:11 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 14:11 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 14:11 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 14:11 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 14:11 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 14:11 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 14:11 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 14:11 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 14:11 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 14:11 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 14:11 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 14:11 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 14:11 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 14:11 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 14:11 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 14:11 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 14:11 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 14:11 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 14:11 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 14:11 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 14:11 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 14:11 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 14:11 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 14:11 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 14:10 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 14:10 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 14:10 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 14:10 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-06 07:31 - 2016-01-06 07:31 - 00000000 ____D C:\Users\user\AppData\Local\CEF
2015-12-29 11:40 - 2015-12-29 11:40 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard
2015-12-29 10:47 - 2015-12-29 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-12-29 10:35 - 2016-01-26 20:24 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-29 10:35 - 2015-12-29 10:35 - 00000000 ____D C:\Data
2015-12-29 10:34 - 2016-01-26 20:45 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2015-12-29 10:34 - 2015-12-29 10:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Battle.net
2015-12-29 10:34 - 2015-12-29 10:34 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment
2015-12-29 10:34 - 2015-12-29 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-12-29 10:34 - 2015-12-29 10:34 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-12-29 10:33 - 2016-01-26 20:24 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-29 10:32 - 2015-12-29 10:32 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-28 14:30 - 2015-12-28 14:33 - 00000000 ____D C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
2015-12-28 14:30 - 2015-12-28 14:30 - 00000000 ____D C:\Program Files (x86)\Discover Treasure
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-27 10:43 - 2014-11-23 23:07 - 00000000 ____D C:\FRST
2016-01-27 10:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-27 10:38 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-27 10:38 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-27 10:37 - 2013-03-15 06:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-27 10:37 - 2013-02-09 07:45 - 00000000 ___RD C:\Users\user\Dropbox
2016-01-27 10:37 - 2013-02-09 07:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2016-01-27 10:35 - 2015-05-31 15:57 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 10:35 - 2012-03-20 11:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-27 10:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 10:28 - 2015-05-31 15:57 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 10:10 - 2015-06-19 11:59 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000UA.job
2016-01-27 10:06 - 2010-11-21 10:27 - 01699338 _____ C:\Windows\system32\perfh005.dat
2016-01-27 10:06 - 2010-11-21 10:27 - 00492270 _____ C:\Windows\system32\perfc005.dat
2016-01-27 10:06 - 2009-07-14 06:13 - 00006516 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-27 09:57 - 2015-07-30 09:14 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-27 09:52 - 2012-04-23 19:22 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-01-27 08:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-26 19:51 - 2014-08-31 06:29 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2016-01-24 11:10 - 2015-06-19 11:59 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000Core.job
2016-01-23 07:38 - 2014-10-29 10:04 - 00000000 ____D C:\Users\user\Desktop\Štěpán
2016-01-20 15:57 - 2012-04-09 09:22 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 15:57 - 2012-04-09 09:22 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 15:57 - 2012-03-20 11:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-17 14:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-16 07:30 - 2013-12-06 14:56 - 00002545 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-16 07:27 - 2009-07-14 05:45 - 00483512 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 15:50 - 2013-03-13 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 15:50 - 2012-03-20 10:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 15:49 - 2013-03-13 17:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 15:49 - 2013-03-13 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 15:38 - 2013-08-15 08:20 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 15:38 - 2012-03-20 11:23 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 13:55 - 2015-05-17 06:28 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 13:54 - 2015-05-17 06:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-04 14:16 - 2014-12-19 14:44 - 00000000 ____D C:\Program Files (x86)\Half-Life 2
2015-12-28 14:30 - 2012-07-09 16:41 - 00001565 _____ C:\Users\user\Desktop\Internet Explorer.lnk
2015-12-28 14:30 - 2012-03-20 10:48 - 00001599 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
==================== Files in the root of some directories =======
2012-03-22 05:37 - 2012-03-22 05:37 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-22 06:12 - 2012-03-22 06:12 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\NEventMessages.dll
C:\Users\user\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-20 16:27
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:188.17 GB) (Free:25.69 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:510.46 GB) (Free:140.9 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:14.64 GB) (Free:10.51 GB) FAT32
Available physical RAM: 2507.65 MB
Total physical RAM: 4095.05 MB
Percentage of memory in use: 38%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 698.6 GB) (Disk ID: BE24BE24)
Partition 1: (Active) - (Size=188.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=510.5 GB) - (Type=OF Extended)
Disk: 1 (MBR Code: Windows XP) (Size: 14.7 GB) (Disk ID: 9FC09BFE)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000Core.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000UA.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Kaspersky Anti-Virus (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\user\Desktop" je 20411 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Kontrola logu
- Přílohy
-
- Addition.rar
- (12.07 KiB) Staženo 66 x
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Zdravcím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
tady je log
# AdwCleaner v5.031 - Logfile created 27/01/2016 at 19:09:01
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_5.031.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Discover Treasure
***** [ Files ] *****
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myradioaccess.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myradioaccess.dl.tb.ask.com_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games\Mafia II\Mafia II Launcher.lnk
[-] Shortcut Disinfected : C:\users\user\Desktop\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\users\user\Desktop\Štěpán\Hry\Half-Life 2.lnk
[-] Shortcut Disinfected : C:\users\user\Desktop\Štěpán\Hry\War Thunder.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bfa55139-82af-4663-a19b-e135dac8d043}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395DA725-A162-43FF-B885-27BD92F112E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04FEAF9C-DC32-41C7-95CA-790E93488E7D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfa55139-82af-4663-a19b-e135dac8d043}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfa55139-82af-4663-a19b-e135dac8d043}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{bfa55139-82af-4663-a19b-e135dac8d043}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395DA725-A162-43FF-B885-27BD92F112E8}
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discover Treasure
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4345 bytes] ##########
# AdwCleaner v5.031 - Logfile created 27/01/2016 at 19:09:01
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_5.031.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Discover Treasure
***** [ Files ] *****
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myradioaccess.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myradioaccess.dl.tb.ask.com_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games\Mafia II\Mafia II Launcher.lnk
[-] Shortcut Disinfected : C:\users\user\Desktop\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\users\user\Desktop\Štěpán\Hry\Half-Life 2.lnk
[-] Shortcut Disinfected : C:\users\user\Desktop\Štěpán\Hry\War Thunder.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bfa55139-82af-4663-a19b-e135dac8d043}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395DA725-A162-43FF-B885-27BD92F112E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04FEAF9C-DC32-41C7-95CA-790E93488E7D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfa55139-82af-4663-a19b-e135dac8d043}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfa55139-82af-4663-a19b-e135dac8d043}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{bfa55139-82af-4663-a19b-e135dac8d043}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395DA725-A162-43FF-B885-27BD92F112E8}
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discover Treasure
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4345 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
log FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by user (administrator) on USER-PC (27-01-2016 23:08:44)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\wmi64.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Siliten) C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe
(Siliten) C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2157056 2009-05-18] (VIA)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Launch SilverCrest STMS 2219 A1-K] => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe [3403256 2013-07-16] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest STMS 2219 A1-M] => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe [2841592 2013-07-16] (Siliten)
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [] => [X]
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-3191891479-3081992602-3358847149-1000] => hxxp://stoppblock.me/wpad.dat?bbad4e81236ac3ea2381b3fe5d3736ea3353434
Tcpip\Parameters: [DhcpNameServer] 79.127.195.194 79.127.192.230
Tcpip\..\Interfaces\{35EDDC84-5862-4BA6-9D19-1D860F2936C9}: [DhcpNameServer] 79.127.195.194 79.127.192.230
Tcpip\..\Interfaces\{6FFD468E-498F-4FF6-A449-FEAA356C3CF8}: [DhcpNameServer] 79.127.195.194 79.127.192.230
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://seznam.cz/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000 -> {F51A1236-A965-4773-9076-3D876BC613D4} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-10-10] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-13] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-13] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2012-05-31] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-10-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-05-31] (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-03-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-15] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Disk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Kaspersky URL poradce) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Virtuální klávesnice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-12-06]
CHR Extension: (League of Legends Project Zed) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdgcilhemjhldjgekiomonckoomnoog [2015-12-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-10]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-10]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2015-09-06] ()
R2 Správce výběru OS; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2010-07-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-09] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458544 2012-04-13] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [85336 2012-05-29] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [640344 2012-05-29] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30000 2012-03-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54064 2012-05-12] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [172888 2012-05-24] (Kaspersky Lab)
R3 MouFilter_Mou_FlexDef4; C:\Windows\System32\DRIVERS\MouFilter_FlexDef4.sys [15360 2010-10-20] (Siliten)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 VmtkmHid_0; C:\Windows\System32\DRIVERS\VmtkmHid_0.sys [11264 2012-07-23] (0)
R3 VmtkmHid_MouFiltr_0; C:\Windows\System32\DRIVERS\VmtkmMouFiltr_0.sys [7168 2012-07-23] (0)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 secdrv; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-27 23:08 - 2016-01-27 23:09 - 00019654 _____ C:\Users\user\Desktop\FRST.txt
2016-01-27 23:08 - 2016-01-27 10:39 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2016-01-27 19:07 - 2016-01-27 19:09 - 00000000 ____D C:\AdwCleaner
2016-01-27 19:05 - 2016-01-27 19:03 - 01507840 _____ C:\Users\user\Desktop\adwcleaner_5.031.exe
2016-01-27 19:04 - 2016-01-27 19:04 - 01507840 _____ C:\Users\user\Downloads\adwcleaner_5.031 (1).exe
2016-01-27 19:03 - 2016-01-27 19:03 - 01507840 _____ C:\Users\user\Downloads\adwcleaner_5.031.exe
2016-01-27 10:40 - 2016-01-27 10:22 - 02370560 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-01-27 09:51 - 2016-01-27 09:51 - 00002684 _____ C:\Users\user\Documents\cc_20160127_095146.reg
2016-01-27 09:09 - 2016-01-27 09:09 - 00000000 ____D C:\Users\user\Documents\Nokia Suite
2016-01-27 09:03 - 2016-01-27 09:46 - 00000000 ____D C:\Users\user\Downloads\kontakty
2016-01-27 08:55 - 2016-01-27 08:56 - 00000000 ____D C:\Users\user\Downloads\NOKIA-kontakty
2016-01-27 08:49 - 2016-01-27 08:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Nokia Suite
2016-01-27 08:49 - 2016-01-27 08:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Nokia
2016-01-27 08:48 - 2016-01-27 08:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2016-01-27 08:48 - 2016-01-27 08:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2016-01-27 08:47 - 2016-01-27 08:47 - 00000000 ____D C:\Users\user\AppData\Local\NokiaAccount
2016-01-27 08:46 - 2016-01-27 08:48 - 00000000 ____D C:\Users\user\AppData\Roaming\PC Suite
2016-01-27 08:46 - 2016-01-27 08:48 - 00000000 ____D C:\ProgramData\PC Suite
2016-01-27 08:46 - 2016-01-27 08:46 - 00002089 _____ C:\Users\Public\Desktop\Nokia Suite.lnk
2016-01-27 08:46 - 2016-01-27 08:46 - 00000000 ____D C:\Users\user\AppData\Local\Nokia
2016-01-27 08:46 - 2016-01-27 08:46 - 00000000 ____D C:\ProgramData\Nokia
2016-01-27 08:46 - 2016-01-27 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2016-01-27 08:45 - 2016-01-27 08:45 - 00000000 ____D C:\Program Files\DIFX
2016-01-27 08:45 - 2016-01-27 08:45 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2016-01-27 08:45 - 2013-01-23 10:31 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsX64.dll
2016-01-27 08:45 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2016-01-27 08:44 - 2016-01-27 08:46 - 00000000 ____D C:\Program Files (x86)\Nokia
2016-01-27 08:44 - 2016-01-27 08:44 - 00000000 ____D C:\ProgramData\NokiaInstallerCache
2016-01-26 20:28 - 2016-01-26 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-01-16 07:40 - 2016-01-16 07:40 - 00071666 _____ C:\Users\user\Documents\cc_20160116_074000.reg
2016-01-13 14:12 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 14:12 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 14:12 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 14:12 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 14:12 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 14:12 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 14:12 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 14:12 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 14:12 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 14:12 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 14:12 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 14:12 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 14:12 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 14:12 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 14:12 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 14:12 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 14:12 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 14:12 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 14:12 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 14:12 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 14:12 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 14:12 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 14:12 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 14:12 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 14:12 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 14:12 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 14:12 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 14:12 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 14:12 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 14:12 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 14:12 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 14:12 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 14:12 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 14:12 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 14:12 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 14:12 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 14:12 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 14:12 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 14:12 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 14:12 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 14:12 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 14:12 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 14:12 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 14:12 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 14:12 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 14:12 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 14:12 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 14:12 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 14:12 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 14:12 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 14:12 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 14:12 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 14:12 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 14:12 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 14:12 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 14:11 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 14:11 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 14:11 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 14:11 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 14:11 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 14:11 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 14:11 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 14:11 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 14:11 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 14:11 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 14:11 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 14:11 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 14:11 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 14:11 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 14:11 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 14:11 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 14:11 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 14:11 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 14:11 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 14:11 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 14:11 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 14:11 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 14:11 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 14:11 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 14:11 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 14:11 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 14:11 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 14:11 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 14:11 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 14:11 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 14:11 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 14:11 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 14:11 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 14:11 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 14:11 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 14:11 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 14:11 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 14:11 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 14:11 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 14:11 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 14:11 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 14:11 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 14:11 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 14:11 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 14:11 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 14:11 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 14:11 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 14:11 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 14:11 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 14:11 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 14:11 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 14:11 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 14:11 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 14:11 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 14:11 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 14:11 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 14:11 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 14:11 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 14:11 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 14:11 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 14:11 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 14:11 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 14:11 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 14:11 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 14:10 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 14:10 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 14:10 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 14:10 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-06 07:31 - 2016-01-06 07:31 - 00000000 ____D C:\Users\user\AppData\Local\CEF
2015-12-29 11:40 - 2015-12-29 11:40 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard
2015-12-29 10:47 - 2015-12-29 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-12-29 10:35 - 2016-01-26 20:24 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-29 10:35 - 2015-12-29 10:35 - 00000000 ____D C:\Data
2015-12-29 10:34 - 2016-01-27 16:12 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2015-12-29 10:34 - 2015-12-29 10:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Battle.net
2015-12-29 10:34 - 2015-12-29 10:34 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment
2015-12-29 10:34 - 2015-12-29 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-12-29 10:34 - 2015-12-29 10:34 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-12-29 10:33 - 2016-01-27 16:12 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-29 10:32 - 2015-12-29 10:32 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-28 14:30 - 2015-12-28 14:33 - 00000000 ____D C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-27 23:08 - 2014-11-23 23:07 - 00000000 ____D C:\FRST
2016-01-27 23:07 - 2013-02-09 07:45 - 00000000 ___RD C:\Users\user\Dropbox
2016-01-27 23:06 - 2013-03-15 06:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-27 23:06 - 2013-02-09 07:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2016-01-27 23:05 - 2015-05-31 15:57 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 23:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 23:04 - 2012-03-20 11:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-27 19:17 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-27 19:17 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-27 19:09 - 2014-09-13 07:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2016-01-27 19:09 - 2013-12-06 14:56 - 00001290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-27 19:09 - 2013-12-06 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-27 19:09 - 2012-07-09 16:41 - 00000937 _____ C:\Users\user\Desktop\Internet Explorer.lnk
2016-01-27 19:09 - 2012-03-20 10:48 - 00000967 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-27 18:57 - 2015-07-30 09:14 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-27 18:28 - 2015-05-31 15:57 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 18:10 - 2015-06-19 11:59 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000UA.job
2016-01-27 14:25 - 2014-10-29 10:04 - 00000000 ____D C:\Users\user\Desktop\Štěpán
2016-01-27 14:25 - 2014-09-27 08:02 - 00000000 ____D C:\Riot Games
2016-01-27 14:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-27 10:06 - 2010-11-21 10:27 - 01699338 _____ C:\Windows\system32\perfh005.dat
2016-01-27 10:06 - 2010-11-21 10:27 - 00492270 _____ C:\Windows\system32\perfc005.dat
2016-01-27 10:06 - 2009-07-14 06:13 - 00006516 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-27 09:52 - 2012-04-23 19:22 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-01-27 08:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-26 19:51 - 2014-08-31 06:29 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2016-01-24 11:10 - 2015-06-19 11:59 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000Core.job
2016-01-20 15:57 - 2012-04-09 09:22 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 15:57 - 2012-04-09 09:22 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 15:57 - 2012-03-20 11:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-17 14:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-16 07:27 - 2009-07-14 05:45 - 00483512 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 15:50 - 2013-03-13 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 15:50 - 2012-03-20 10:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 15:49 - 2013-03-13 17:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 15:49 - 2013-03-13 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 15:38 - 2013-08-15 08:20 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 15:38 - 2012-03-20 11:23 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 13:55 - 2015-05-17 06:28 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 13:54 - 2015-05-17 06:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-04 14:16 - 2014-12-19 14:44 - 00000000 ____D C:\Program Files (x86)\Half-Life 2
==================== Files in the root of some directories =======
2012-03-22 05:37 - 2012-03-22 05:37 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-22 06:12 - 2012-03-22 06:12 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\NEventMessages.dll
C:\Users\user\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000Core.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000UA.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Kaspersky Anti-Virus (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\user\Desktop" je 20412 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by user (administrator) on USER-PC (27-01-2016 23:08:44)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\wmi64.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Siliten) C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe
(Siliten) C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2157056 2009-05-18] (VIA)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Launch SilverCrest STMS 2219 A1-K] => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe [3403256 2013-07-16] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest STMS 2219 A1-M] => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe [2841592 2013-07-16] (Siliten)
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [] => [X]
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-3191891479-3081992602-3358847149-1000] => hxxp://stoppblock.me/wpad.dat?bbad4e81236ac3ea2381b3fe5d3736ea3353434
Tcpip\Parameters: [DhcpNameServer] 79.127.195.194 79.127.192.230
Tcpip\..\Interfaces\{35EDDC84-5862-4BA6-9D19-1D860F2936C9}: [DhcpNameServer] 79.127.195.194 79.127.192.230
Tcpip\..\Interfaces\{6FFD468E-498F-4FF6-A449-FEAA356C3CF8}: [DhcpNameServer] 79.127.195.194 79.127.192.230
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://seznam.cz/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000 -> {F51A1236-A965-4773-9076-3D876BC613D4} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-10-10] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-13] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-13] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2012-05-31] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-10-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-05-31] (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-03-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-15] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Disk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Kaspersky URL poradce) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Virtuální klávesnice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-12-06]
CHR Extension: (League of Legends Project Zed) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdgcilhemjhldjgekiomonckoomnoog [2015-12-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-10]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-10]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2015-09-06] ()
R2 Správce výběru OS; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2010-07-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-09] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458544 2012-04-13] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [85336 2012-05-29] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [640344 2012-05-29] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30000 2012-03-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54064 2012-05-12] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [172888 2012-05-24] (Kaspersky Lab)
R3 MouFilter_Mou_FlexDef4; C:\Windows\System32\DRIVERS\MouFilter_FlexDef4.sys [15360 2010-10-20] (Siliten)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 VmtkmHid_0; C:\Windows\System32\DRIVERS\VmtkmHid_0.sys [11264 2012-07-23] (0)
R3 VmtkmHid_MouFiltr_0; C:\Windows\System32\DRIVERS\VmtkmMouFiltr_0.sys [7168 2012-07-23] (0)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 secdrv; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-27 23:08 - 2016-01-27 23:09 - 00019654 _____ C:\Users\user\Desktop\FRST.txt
2016-01-27 23:08 - 2016-01-27 10:39 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2016-01-27 19:07 - 2016-01-27 19:09 - 00000000 ____D C:\AdwCleaner
2016-01-27 19:05 - 2016-01-27 19:03 - 01507840 _____ C:\Users\user\Desktop\adwcleaner_5.031.exe
2016-01-27 19:04 - 2016-01-27 19:04 - 01507840 _____ C:\Users\user\Downloads\adwcleaner_5.031 (1).exe
2016-01-27 19:03 - 2016-01-27 19:03 - 01507840 _____ C:\Users\user\Downloads\adwcleaner_5.031.exe
2016-01-27 10:40 - 2016-01-27 10:22 - 02370560 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-01-27 09:51 - 2016-01-27 09:51 - 00002684 _____ C:\Users\user\Documents\cc_20160127_095146.reg
2016-01-27 09:09 - 2016-01-27 09:09 - 00000000 ____D C:\Users\user\Documents\Nokia Suite
2016-01-27 09:03 - 2016-01-27 09:46 - 00000000 ____D C:\Users\user\Downloads\kontakty
2016-01-27 08:55 - 2016-01-27 08:56 - 00000000 ____D C:\Users\user\Downloads\NOKIA-kontakty
2016-01-27 08:49 - 2016-01-27 08:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Nokia Suite
2016-01-27 08:49 - 2016-01-27 08:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Nokia
2016-01-27 08:48 - 2016-01-27 08:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2016-01-27 08:48 - 2016-01-27 08:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2016-01-27 08:47 - 2016-01-27 08:47 - 00000000 ____D C:\Users\user\AppData\Local\NokiaAccount
2016-01-27 08:46 - 2016-01-27 08:48 - 00000000 ____D C:\Users\user\AppData\Roaming\PC Suite
2016-01-27 08:46 - 2016-01-27 08:48 - 00000000 ____D C:\ProgramData\PC Suite
2016-01-27 08:46 - 2016-01-27 08:46 - 00002089 _____ C:\Users\Public\Desktop\Nokia Suite.lnk
2016-01-27 08:46 - 2016-01-27 08:46 - 00000000 ____D C:\Users\user\AppData\Local\Nokia
2016-01-27 08:46 - 2016-01-27 08:46 - 00000000 ____D C:\ProgramData\Nokia
2016-01-27 08:46 - 2016-01-27 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2016-01-27 08:45 - 2016-01-27 08:45 - 00000000 ____D C:\Program Files\DIFX
2016-01-27 08:45 - 2016-01-27 08:45 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2016-01-27 08:45 - 2013-01-23 10:31 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsX64.dll
2016-01-27 08:45 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2016-01-27 08:44 - 2016-01-27 08:46 - 00000000 ____D C:\Program Files (x86)\Nokia
2016-01-27 08:44 - 2016-01-27 08:44 - 00000000 ____D C:\ProgramData\NokiaInstallerCache
2016-01-26 20:28 - 2016-01-26 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-01-16 07:40 - 2016-01-16 07:40 - 00071666 _____ C:\Users\user\Documents\cc_20160116_074000.reg
2016-01-13 14:12 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 14:12 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 14:12 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 14:12 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 14:12 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 14:12 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 14:12 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 14:12 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 14:12 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 14:12 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 14:12 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 14:12 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 14:12 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 14:12 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 14:12 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 14:12 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 14:12 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 14:12 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 14:12 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 14:12 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 14:12 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 14:12 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 14:12 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 14:12 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 14:12 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 14:12 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 14:12 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 14:12 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 14:12 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 14:12 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 14:12 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 14:12 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 14:12 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 14:12 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 14:12 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 14:12 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 14:12 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 14:12 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 14:12 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 14:12 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 14:12 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 14:12 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 14:12 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 14:12 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 14:12 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 14:12 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 14:12 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 14:12 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 14:12 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 14:12 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 14:12 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 14:12 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 14:12 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 14:12 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 14:12 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 14:12 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 14:12 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 14:12 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 14:12 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 14:12 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 14:12 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 14:11 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 14:11 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 14:11 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 14:11 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 14:11 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 14:11 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 14:11 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 14:11 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 14:11 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 14:11 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 14:11 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 14:11 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 14:11 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 14:11 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 14:11 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 14:11 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 14:11 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 14:11 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 14:11 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 14:11 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 14:11 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 14:11 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 14:11 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 14:11 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 14:11 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 14:11 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 14:11 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 14:11 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 14:11 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 14:11 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 14:11 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 14:11 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 14:11 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 14:11 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 14:11 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 14:11 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 14:11 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 14:11 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 14:11 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 14:11 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 14:11 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 14:11 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 14:11 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 14:11 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 14:11 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 14:11 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 14:11 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 14:11 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 14:11 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 14:11 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 14:11 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 14:11 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 14:11 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 14:11 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 14:11 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 14:11 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 14:11 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 14:11 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 14:11 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 14:11 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 14:11 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 14:11 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 14:11 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 14:11 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 14:11 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 14:11 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 14:11 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 14:11 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 14:10 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 14:10 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 14:10 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 14:10 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 14:10 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-06 07:31 - 2016-01-06 07:31 - 00000000 ____D C:\Users\user\AppData\Local\CEF
2015-12-29 11:40 - 2015-12-29 11:40 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard
2015-12-29 10:47 - 2015-12-29 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-12-29 10:35 - 2016-01-26 20:24 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-29 10:35 - 2015-12-29 10:35 - 00000000 ____D C:\Data
2015-12-29 10:34 - 2016-01-27 16:12 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2015-12-29 10:34 - 2015-12-29 10:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Battle.net
2015-12-29 10:34 - 2015-12-29 10:34 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment
2015-12-29 10:34 - 2015-12-29 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-12-29 10:34 - 2015-12-29 10:34 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-12-29 10:33 - 2016-01-27 16:12 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-29 10:32 - 2015-12-29 10:32 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-28 14:30 - 2015-12-28 14:33 - 00000000 ____D C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-27 23:08 - 2014-11-23 23:07 - 00000000 ____D C:\FRST
2016-01-27 23:07 - 2013-02-09 07:45 - 00000000 ___RD C:\Users\user\Dropbox
2016-01-27 23:06 - 2013-03-15 06:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-27 23:06 - 2013-02-09 07:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2016-01-27 23:05 - 2015-05-31 15:57 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 23:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 23:04 - 2012-03-20 11:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-27 19:17 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-27 19:17 - 2009-07-14 05:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-27 19:09 - 2014-09-13 07:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2016-01-27 19:09 - 2013-12-06 14:56 - 00001290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-27 19:09 - 2013-12-06 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-27 19:09 - 2012-07-09 16:41 - 00000937 _____ C:\Users\user\Desktop\Internet Explorer.lnk
2016-01-27 19:09 - 2012-03-20 10:48 - 00000967 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-27 18:57 - 2015-07-30 09:14 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-27 18:28 - 2015-05-31 15:57 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 18:10 - 2015-06-19 11:59 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000UA.job
2016-01-27 14:25 - 2014-10-29 10:04 - 00000000 ____D C:\Users\user\Desktop\Štěpán
2016-01-27 14:25 - 2014-09-27 08:02 - 00000000 ____D C:\Riot Games
2016-01-27 14:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-27 10:06 - 2010-11-21 10:27 - 01699338 _____ C:\Windows\system32\perfh005.dat
2016-01-27 10:06 - 2010-11-21 10:27 - 00492270 _____ C:\Windows\system32\perfc005.dat
2016-01-27 10:06 - 2009-07-14 06:13 - 00006516 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-27 09:52 - 2012-04-23 19:22 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-01-27 08:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-26 19:51 - 2014-08-31 06:29 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2016-01-24 11:10 - 2015-06-19 11:59 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000Core.job
2016-01-20 15:57 - 2012-04-09 09:22 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 15:57 - 2012-04-09 09:22 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 15:57 - 2012-03-20 11:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-17 14:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-16 07:27 - 2009-07-14 05:45 - 00483512 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 15:50 - 2013-03-13 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 15:50 - 2012-03-20 10:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 15:49 - 2013-03-13 17:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 15:49 - 2013-03-13 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 15:38 - 2013-08-15 08:20 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 15:38 - 2012-03-20 11:23 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 13:55 - 2015-05-17 06:28 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 13:54 - 2015-05-17 06:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-04 14:16 - 2014-12-19 14:44 - 00000000 ____D C:\Program Files (x86)\Half-Life 2
==================== Files in the root of some directories =======
2012-03-22 05:37 - 2012-03-22 05:37 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-22 06:12 - 2012-03-22 06:12 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\NEventMessages.dll
C:\Users\user\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000Core.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000UA.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Kaspersky Anti-Virus (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\user\Desktop" je 20412 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (5.38 KiB) Staženo 57 x
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U4 secdrv; no ImagePath
c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\user\AppData\Local\Temp
End
Z logu:
To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\user novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu pak pro snazší přístup dejte zástupce té složky.Velikost slozky "C:\Users\user\Desktop" je 20411 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by user (2016-01-28 18:15:45) Run:3
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U4 secdrv; no ImagePath
c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\user\AppData\Local\Temp
End
*****************
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
C:\Program Files (x86)\Google\Google Toolbar => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
secdrv => service removed successfully
c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"C:\Users\user\AppData\Local\Temp" folder move:
Could not move "C:\Users\user\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-28 18:17:01)
C:\Users\user\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:17:03 ====
Ran by user (2016-01-28 18:15:45) Run:3
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U4 secdrv; no ImagePath
c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\user\AppData\Local\Temp
End
*****************
HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
C:\Program Files (x86)\Google\Google Toolbar => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
secdrv => service removed successfully
c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"C:\Users\user\AppData\Local\Temp" folder move:
Could not move "C:\Users\user\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-28 18:17:01)
C:\Users\user\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:17:03 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
Občas při kliknutí na nějaký odkaz vyskočí okno s reklamou a to u IE i Google
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Udělejte ještě následující skeny:
1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by user on p 29.01.2016 at 13:53:46,70.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2016-01-28-220505.log 16457 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"virtual_keyboard@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com" [15.03.2013 06:41]
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[10.10.2012 16:14]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[10.10.2012 16:14]
League of Legends Project Zed - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdgcilhemjhldjgekiomonckoomnoog
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://seznam.cz/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://seznam.cz/"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKCU\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... NI_csCZ522
HKCU\SearchScopes\{E1669911-8207-4D0E-AD6C-CEBAF9BA16FE} - http://www.google.com/search?q={searchT ... NI_csCZ522
HKCU\SearchScopes\{F51A1236-A965-4773-9076-3D876BC613D4} - http://tv.seznam.cz/hledej?w={searchTer ... arch_12902
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=21 folders=20 14456156 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Users\user\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\user\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF120685.TMP" not found
==== EOF on p 29.01.2016 at 14:13:03,90 ======================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by user (Administrator) on p 29.01.2016 at 14:18:08,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QSRFJGC (Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQVQXEIA (Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTM0QEAH (Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8B84LDM (Folder)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-2DF23FA2.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_32479C6A-C9FDA613.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-5F22D041.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-02747EB8.pf (File)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 29.01.2016 at 14:20:59,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tool run by user on p 29.01.2016 at 13:53:46,70.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2016-01-28-220505.log 16457 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"virtual_keyboard@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com" [15.03.2013 06:41]
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[10.10.2012 16:14]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[10.10.2012 16:14]
League of Legends Project Zed - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdgcilhemjhldjgekiomonckoomnoog
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://seznam.cz/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://seznam.cz/"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKCU\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... NI_csCZ522
HKCU\SearchScopes\{E1669911-8207-4D0E-AD6C-CEBAF9BA16FE} - http://www.google.com/search?q={searchT ... NI_csCZ522
HKCU\SearchScopes\{F51A1236-A965-4773-9076-3D876BC613D4} - http://tv.seznam.cz/hledej?w={searchTer ... arch_12902
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=21 folders=20 14456156 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Users\user\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\user\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF120685.TMP" not found
==== EOF on p 29.01.2016 at 14:13:03,90 ======================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by user (Administrator) on p 29.01.2016 at 14:18:08,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QSRFJGC (Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQVQXEIA (Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTM0QEAH (Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8B84LDM (Folder)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-2DF23FA2.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_32479C6A-C9FDA613.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-5F22D041.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-02747EB8.pf (File)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 29.01.2016 at 14:20:59,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
OK. Jak to vypadá nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
pořád občas vyskočí nějaká stránka reklamy při kliknutí na nějaký odkaz a při zavření vyskočí hláška zda chci opravdu stránku opustit
Díky
Díky
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Tu hlášku o opuštění stráky tam dává sám ten web. Ještě zkusíme kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 29.1.2016
Čas skenování: 19:32
Protokol: log.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2016.01.29.05
Databáze rootkitů: v2016.01.20.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: user
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 399665
Uplynulý čas: 10 min, 51 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 1
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\DiscoverTreasure, , [e58491ae9affa78ff3059f45a35f1de3],
Hodnoty registru: 1
Hijack.AutoConfigURL, HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://stoppblock.me/wpad.dat?bbad4e812 ... 6ea3353434, , [e58464dba1f8b185d9b6c21ea65ce818]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 2
PUP.Optional.CrossRider, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [d7921c232b6e8fa7e6048eb603017d83],
PUP.Optional.CrossRider, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [8edb95aa8f0a6bcb22c872d2867ed42c],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
www.malwarebytes.org
Datum skenování: 29.1.2016
Čas skenování: 19:32
Protokol: log.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2016.01.29.05
Databáze rootkitů: v2016.01.20.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: user
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 399665
Uplynulý čas: 10 min, 51 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 1
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\DiscoverTreasure, , [e58491ae9affa78ff3059f45a35f1de3],
Hodnoty registru: 1
Hijack.AutoConfigURL, HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://stoppblock.me/wpad.dat?bbad4e812 ... 6ea3353434, , [e58464dba1f8b185d9b6c21ea65ce818]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 2
PUP.Optional.CrossRider, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [d7921c232b6e8fa7e6048eb603017d83],
PUP.Optional.CrossRider, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [8edb95aa8f0a6bcb22c872d2867ed42c],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Přispějete na provoz fóra?