Opět unlocker

[Márty84]

Nemusite sem davat porad logy z RSIT, az budu potrebovat aktualni, reknu si o nej


Pokud pouzivate router, resetujte ho a znovu nastavte.


Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\zoek-delete.exe

Folder::
C:\zoek_backup
c:\program files\McAfee Security Scan

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-

Regnull::
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\SecuROM\License information*]

RegLock::
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
[HKEY_USERS\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate
McComponentHostService
NAUpdate

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[yvonne_K]

Omlouvám se. Přišlo mi, že po každé akci je stejně potřeba log z RSIT, tak jsem Vám ho rovnou vnutila, abych nezdržovala...

Log:

ComboFix 16-03-01.01 - Beatrix 07.03.2016 19:16:05.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8103.6632 [GMT 1:00]
Spuštěný z: c:\users\Beatrix\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Beatrix\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\zoek-delete.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\zoek-delete.exe
C:\zoek_backup
c:\zoek_backup\C_PROGRA~3_{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
c:\zoek_backup\C_PROGRA~3_ICQ\ICQNewTab\icqtabs.css
c:\zoek_backup\C_PROGRA~3_ICQ\ICQNewTab\icqtabs.js
c:\zoek_backup\C_PROGRA~3_ICQ\ICQNewTab\img\bgLarge.gif
c:\zoek_backup\C_PROGRA~3_ICQ\ICQNewTab\img\bgSmall.gif
c:\zoek_backup\C_PROGRA~3_ICQ\ICQNewTab\img\buttonBlue.gif
c:\zoek_backup\C_PROGRA~3_ICQ\ICQNewTab\img\buttonGreen.gif
c:\zoek_backup\C_PROGRA~3_ICQ\ICQNewTab\img\searchLogo.gif
c:\zoek_backup\C_PROGRA~3_ICQ\ICQNewTab\newTab.html
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\_metadata\verified_contents.json
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\background.html
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\background.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\browserSpecificScript.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\c2c_128x128.png
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\c2c_16x16.png
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\c2c_32x32.png
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\c2c_48x48.png
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\c2c_options_handler_script.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\c2c_options_menu.css
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\c2c_options_menu.html
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\c2c_options_menu_localization.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\call_icon.png
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\call_skype_logo.png
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\contentscript.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\fpnr.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\guid.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\jquery-2.1.0.min.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\localization.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\manifest.json
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\menu_handler.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\mutation-summary.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\number_highlighting.css
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\number_highlighting_builder.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\number_highlighting_chrome.css
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\pnr.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Extensions_lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\telemetry.js
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_c.betrad.com_0.localstorage-journal.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_c.betrad.com_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_land.pckeeper.software_0.localstorage-journal.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_land.pckeeper.software_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_nps.pastaleads.com_0.localstorage-journal.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_nps.pastaleads.com_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_pstatic.bestpriceninja.com_0.localstorage-journal.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_pstatic.bestpriceninja.com_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_cdncache-a.akamaihd.net_0.localstorage-journal.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_cdncache-a.akamaihd.net_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_d19tqk5t6qcjac.cloudfront.net_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_lyrics.az_0.localstorage-journal.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_lyrics.az_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_static.olark.com_0.localstorage-journal.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_static.olark.com_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Google_Chrome_User Data_Default_Local Storage_chrome-extension_lifbcibllhkdhoafpjfnlhfpfgnpldfl_0.localstorage.vir
c:\zoek_backup\C_Users_Beatrix_AppData_Local_Unity\WebPlayer\Uninstall.exe
c:\zoek_backup\C_Users_Beatrix_AppData_LocalLow_Unity\WebPlayer\loader\info.plist
c:\zoek_backup\C_Users_Beatrix_AppData_LocalLow_Unity\WebPlayer\loader\npUnity3D32.dll
c:\zoek_backup\C_Users_Beatrix_AppData_LocalLow_Unity\WebPlayer\loader\UnityWebPlayerNP.map
c:\zoek_backup\C_Users_Beatrix_AppData_LocalLow_Unity\WebPlayer\loader\UnityWebPluginAX.ocx
c:\zoek_backup\C_Users_Beatrix_AppData_LocalLow_Unity\WebPlayer\UnityBugReporter.exe
c:\zoek_backup\C_Users_Beatrix_AppData_LocalLow_Unity\WebPlayer\UnityWebPlayerUpdate.exe
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Don't Trust the B---- in Apartment 23 - 02x15 - The D....WEBRip.English.C.orig.Addic7ed.com.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia - 01x02 - A Question Of Reality.BAJSKORV.English.C.orig.Addic7ed.com.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia - 01x03 - Lyin' and Tiger and Bare.BAJSKORV.English.C.orig.Addic7ed.com.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E02.HDTV.x264-BAJSKORV.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E03.HDTV.x264-BAJSKORV.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E04.HDTV.x264-BAJSKORV.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E05.HDTV.x264-BAJSKORV.[VTV].ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E06.HDTV.x264-BAJSKORV.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E07.HDTV.x264-BAJSKORV.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E08.HDTV.x264-BAJSKORV.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E09.HDTV.x264-BAJSKORV.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E10.HDTV.x264-BAJSKORV.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E10.HDTV.x264-BAJSKORV.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\Siberia.S01E11.HDTV.x264-BAJSKORV.ORIGINAL.srt
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\The Tunnel - 01x05 - Episode 5.TLA-TRANSLATE.English.HI.C.orig.Addic7ed.com.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\The.Tunnel.1x02.HDTV.x264-FoV.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\The.Tunnel.S01E01.HDTV.x264-TLA.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\The.Tunnel.S01E04.HDTV.x264-TLA.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\The.Tunnel.S01E05.HDTV.x264-TLA.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\The.Tunnel.S01E06.HDTV.x264-RiVER.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autoback\The.Tunnel.S01E07.HDTV.x264-TLA.ORIGINAL.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Don't Trust the B---- in Apartment 23 - 02x15 - The D....WEBRip.English.C.orig.Addic7ed.com.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia - 01x02 - A Question Of Reality.BAJSKORV.English.C.orig.Addic7ed.com.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E02.HDTV.x264-BAJSKORV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E02.HDTV.x264-BAJSKORVx.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E03.HDTV.x264-BAJSKORV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E04.HDTV.x264-BAJSKORV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E05.HDTV.x264-BAJSKORV.[VTV].AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E06.HDTV.x264-BAJSKORV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E07.HDTV.x264-BAJSKORV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E08.HDTV.x264-BAJSKORV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E09.HDTV.x264-BAJSKORV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E10.HDTV.x264-BAJSKORV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Siberia.S01E11.HDTV.x264-BAJSKORV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\The.Tunnel.1x02.HDTV.x264-FoV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\The.Tunnel.1x03.HDTV.x264-FoV.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\The.Tunnel.S01E01.HDTV.x264-TLA.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\The.Tunnel.S01E04.HDTV.x264-TLA.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\The.Tunnel.S01E05.HDTV.x264-TLA.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\The.Tunnel.S01E06.HDTV.x264-RiVER.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\The.Tunnel.S01E07.HDTV.x264-TLA.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\autosave\Untitled.AUTOSAVE.ass
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\config.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\hotkey.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1385558752.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1387226144.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1387227202.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1390582658.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1394119114.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1395587534.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1396198539.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1396198560.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1396207620.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1405863855.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\log\1411119221.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\mru.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_Aegisub\shift_history.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_ICQ Search\icq_search_shortcut.ico
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_QTranslate\DictionaryHistory.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_QTranslate\History.json
c:\zoek_backup\C_Users_Beatrix_AppData_Roaming_QTranslate\Options.json
c:\zoek_backup\C_Windows_SysNative_config_systemprofile_Searches\desktop.ini
c:\zoek_backup\C_Windows_SysNative_config_systemprofile_Searches\Indexed Locations.search-ms
c:\zoek_backup\restore.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_McComponentHostService
-------\Service_NAUpdate
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-07 do 2016-03-07 )))))))))))))))))))))))))))))))
.
.
2016-03-07 18:18 . 2016-03-07 18:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-03-07 18:18 . 2016-03-07 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-06 20:07 . 2016-03-07 18:18 -------- d-----w- c:\users\Beatrix\AppData\Local\Temp
2016-03-05 10:11 . 2016-03-06 09:28 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-05 10:11 . 2016-03-05 10:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-03-05 10:11 . 2016-03-05 10:11 -------- d-----w- c:\programdata\Malwarebytes
2016-03-05 10:11 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-05 10:11 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-05 10:11 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-04 21:19 . 2016-03-04 21:27 -------- d-----w- C:\AdwCleaner
2016-03-04 21:15 . 2016-03-04 21:15 -------- d-----w- C:\rsit
2016-03-03 18:11 . 2015-07-02 09:12 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E3962DA-DEAA-4DA2-9DFD-DD21AAE512DB}\gapaengine.dll
2016-02-19 16:29 . 2016-03-06 20:30 -------- d-----w- c:\program files\trend micro
2016-02-19 15:54 . 2016-02-19 15:54 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-02-09 18:34 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-09 18:33 . 2016-01-22 06:19 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-02-09 18:33 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-09 18:33 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-09 18:33 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-09 18:33 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-09 18:33 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-02-09 18:33 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-09 21:49 . 2011-11-02 11:11 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-02-09 19:24 . 2012-08-03 16:00 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-09 19:24 . 2012-08-03 16:00 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-22 06:19 . 2016-02-09 18:34 344064 ----a-w- c:\windows\system32\schannel.dll
2016-01-22 06:05 . 2016-02-09 18:34 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-01-22 05:59 . 2016-02-09 18:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-12-08 21:54 . 2016-01-13 17:16 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-13 17:16 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-13 17:16 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-13 17:16 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-13 17:16 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-13 17:16 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
2015-12-08 21:54 . 2016-01-13 17:16 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-13 17:16 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-13 17:16 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-13 17:16 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-13 17:16 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-13 17:16 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-13 17:16 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-13 17:16 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2015-12-08 21:53 . 2016-01-13 17:16 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-12-08 21:53 . 2016-01-13 17:16 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-12-08 21:53 . 2016-01-13 17:16 206848 ----a-w- c:\windows\SysWow64\qasf.dll
2015-12-08 21:53 . 2016-01-13 17:16 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-13 17:16 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-13 17:16 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-13 17:16 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-13 17:16 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-13 17:16 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-13 17:16 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-12-08 21:53 . 2016-01-13 17:16 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-12-08 21:53 . 2016-01-13 17:16 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-13 17:16 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
2015-12-08 21:53 . 2016-01-13 17:16 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-12-08 21:53 . 2016-01-13 17:16 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
2015-12-08 21:53 . 2016-01-13 17:16 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-12-08 21:53 . 2016-01-13 17:16 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2015-12-08 21:53 . 2016-01-13 17:16 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-13 17:16 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-12-08 21:53 . 2016-01-13 17:16 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-12-08 21:53 . 2016-01-13 17:16 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
2015-12-08 21:52 . 2016-01-13 17:14 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-12-08 21:50 . 2016-01-13 17:16 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-12-08 19:07 . 2016-01-13 17:16 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 19:07 . 2016-01-13 17:16 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 1026048 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 19:07 . 2016-01-13 17:16 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 19:07 . 2016-01-13 17:16 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 19:07 . 2016-01-13 17:16 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 19:07 . 2016-01-13 17:16 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 19:07 . 2016-01-13 17:16 378880 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 19:07 . 2016-01-13 17:16 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 19:07 . 2016-01-13 17:16 624640 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 19:07 . 2016-01-13 17:16 1573888 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 19:07 . 2016-01-13 17:16 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 19:07 . 2016-01-13 17:16 254464 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 19:07 . 2016-01-13 17:16 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 19:07 . 2016-01-13 17:16 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 19:07 . 2016-01-13 17:16 4121600 ----a-w- c:\windows\system32\mf.dll
2015-12-08 19:07 . 2016-01-13 17:16 1010688 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 19:07 . 2016-01-13 17:16 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 19:07 . 2016-01-13 17:16 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 19:07 . 2016-01-13 17:16 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 70144 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 19:07 . 2016-01-13 17:16 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 19:07 . 2016-01-13 17:16 206848 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 19:07 . 2016-01-13 17:16 5120 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 19:07 . 2016-01-13 17:16 632320 ----a-w- c:\windows\system32\evr.dll
2015-12-08 19:07 . 2016-01-13 17:14 405504 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 19:07 . 2016-01-13 17:16 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 19:07 . 2016-01-13 17:16 76288 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 19:07 . 2016-01-13 17:16 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 19:06 . 2016-01-13 17:16 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 19:06 . 2016-01-13 17:16 250880 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 19:04 . 2016-01-13 17:16 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 18:54 . 2016-01-13 17:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Panasonic Device Monitor Wakeup"="c:\program files (x86)\Panasonic\Device Monitor\dmwakeup.exe" [2010-01-09 413696]
"Panasonic Device Manager for Multi-Function Station software"="c:\program files (x86)\Panasonic\MFStation\PCCMFSDM.exe" [2010-02-02 135168]
"Panasonic PCFAX for Multi-Function Station software"="c:\program files (x86)\Panasonic\MFStation\KmPcFax.exe" [2010-01-18 765952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys;c:\windows\SYSNATIVE\DRIVERS\StarPortLite.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~2\PANASO~1\LocalCom\lmsrvnt.exe;c:\progra~2\PANASO~1\LocalCom\lmsrvnt.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 19:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 1340192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{A6F28AB1-875E-4A93-8171-D5A35E52DB0E}: NameServer = 192.168.13.1,81.31.33.19
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
AddRemove-4F6D5E84-5826-4394-9F40-3A9A19165651_is1 - c:\program files (x86)\PANDORA.TV\PanService\unins000.exe
AddRemove-FOTOKNIHY ONLINE_FOTOKNIHY ONLINE - c:\windows\system32\FOTOKNIHY ONLINE_FOTOKNIHY ONLINE_uninstaller.exe
AddRemove-FOTOPRINT_FOTOPRINT - c:\windows\system32\FOTOPRINT_FOTOPRINT_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\progra~2\PANASO~1\TRAPMO~1\Trapmnnt.exe
.
**************************************************************************
.
Celkový čas: 2016-03-07 19:21:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-03-07 18:21
ComboFix2.txt 2016-03-06 20:25
.
Před spuštěním: 9 549 262 848
Po spuštění: 9 574 596 608
.
- - End Of File - - C73E72854FF5EAF308185744ACE1FFB4
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Omlouvám se. Přišlo mi, že po každé akci je stejně potřeba log z RSIT, tak jsem Vám ho rovnou vnutila, abych nezdržovala...

V pohode

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

[yvonne_K]

Chrom to stáhnout odmítnul, ale Opera byl ochotná

Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Beatrix (administrator) on COOLMASTER (07-03-2016 22:06:49)
Running from C:\Users\Beatrix\Desktop
Loaded Profiles: UpdatusUser & Beatrix (Available Profiles: UpdatusUser & Beatrix)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Panasonic System Networks Co., Ltd.) C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE
(Panasonic) C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panasonic System Networks Co., Ltd.) C:\Program Files (x86)\Panasonic\Device Monitor\DMWakeup.exe
( ) C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(forum.viry.cz) C:\Users\Beatrix\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Panasonic Device Monitor Wakeup] => C:\Program Files (x86)\Panasonic\Device Monitor\dmwakeup.exe [413696 2010-01-09] (Panasonic System Networks Co., Ltd.)
HKLM-x32\...\Run: [Panasonic Device Manager for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe [135168 2010-02-02] ( )
HKLM-x32\...\Run: [Panasonic PCFAX for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe [765952 2010-01-18] (Panasonic System Networks Co.,Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3493884222-2583266169-3365024918-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{2BE7BBB9-F462-49B8-8C01-986D31570BE3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A6F28AB1-875E-4A93-8171-D5A35E52DB0E}: [NameServer] 192.168.13.1,81.31.33.19

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3493884222-2583266169-3365024918-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3493884222-2583266169-3365024918-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-09] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3493884222-2583266169-3365024918-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Beatrix\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3493884222-2583266169-3365024918-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Beatrix\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3493884222-2583266169-3365024918-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Beatrix\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Beatrix\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-31] (Cisco WebEx LLC)

Chrome:
=======
CHR Profile: C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-06]
CHR Extension: (Dokumenty Google) - C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-06]
CHR Extension: (Disk Google) - C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-06]
CHR Extension: (YouTube) - C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-06]
CHR Extension: (Tabulky Google) - C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-06]
CHR Extension: (AdBlock) - C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-06]
CHR Extension: (Gmail) - C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-06]
StartMenuInternet: Google Chrome.CO6RFXSD6LNILUKEFJQC5HIIZQ - C:\Users\Beatrix\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Panasonic Local Printer Service; C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed]
R2 Panasonic Trap Monitor Service; C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-26] (Panasonic) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [867824 2012-09-13] () [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [118888 2011-06-29] (Rocket Division Software)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-07 22:06 - 2016-03-07 22:06 - 00012018 _____ C:\Users\Beatrix\Desktop\FRST.txt
2016-03-07 22:06 - 2016-03-07 22:06 - 00000000 ____D C:\FRST
2016-03-07 22:03 - 2016-03-07 22:03 - 00112640 _____ (forum.viry.cz) C:\Users\Beatrix\Desktop\FRSTLauncher.exe
2016-03-07 21:59 - 2016-03-07 21:59 - 02374144 _____ (Farbar) C:\Users\Beatrix\Desktop\FRST64.exe
2016-03-07 19:21 - 2016-03-07 19:21 - 00034088 _____ C:\ComboFix.txt
2016-03-06 21:20 - 2016-03-07 19:21 - 00000000 ____D C:\Qoobox
2016-03-06 21:20 - 2016-03-07 19:18 - 00000000 ____D C:\Windows\erdnt
2016-03-06 21:20 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-06 21:20 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-06 21:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-06 21:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-06 21:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-06 21:20 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-06 21:20 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-06 21:20 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-06 21:13 - 2016-03-06 21:13 - 05658435 ____R (Swearware) C:\Users\Beatrix\Desktop\ComboFix.exe
2016-03-06 20:54 - 2016-03-06 20:54 - 01309184 _____ C:\Users\Beatrix\Desktop\zoek.exe
2016-03-06 20:46 - 2016-03-06 20:46 - 00002313 _____ C:\Users\Beatrix\Desktop\JRT.txt
2016-03-06 20:44 - 2016-03-06 20:45 - 01609216 _____ (Malwarebytes) C:\Users\Beatrix\Desktop\JRT.exe
2016-03-05 22:13 - 2016-03-05 22:13 - 00001333 _____ C:\Users\Beatrix\Desktop\xxx.txt
2016-03-05 12:59 - 2016-03-05 12:59 - 00004939 _____ C:\Users\Beatrix\Desktop\test.txt
2016-03-05 11:11 - 2016-03-06 10:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-05 11:11 - 2016-03-05 11:11 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-05 11:11 - 2016-03-05 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-05 11:11 - 2016-03-05 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 11:11 - 2016-03-05 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-05 11:11 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-05 11:11 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-05 11:11 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-05 11:10 - 2016-03-05 11:08 - 22908888 _____ (Malwarebytes ) C:\Users\Beatrix\Desktop\mbam-setup-2.2.0.1024.exe
2016-03-04 22:40 - 2016-03-04 22:40 - 00001491 _____ C:\Users\Beatrix\Desktop\AdwCleaner[C2].txt
2016-03-04 22:19 - 2016-03-04 22:27 - 00000000 ____D C:\AdwCleaner
2016-03-04 22:17 - 2016-03-04 22:17 - 01518592 _____ C:\Users\Beatrix\Desktop\adwcleaner_5.037.exe
2016-03-04 22:15 - 2016-03-04 22:15 - 00000000 ____D C:\rsit
2016-02-28 16:37 - 2016-02-29 17:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-02-22 20:11 - 2016-02-23 22:05 - 00000000 ____D C:\Users\Beatrix\Desktop\Livingroom
2016-02-19 17:29 - 2016-03-06 21:30 - 00000000 ____D C:\Program Files\trend micro
2016-02-19 17:28 - 2016-02-19 17:28 - 01222144 _____ C:\Users\Beatrix\Desktop\RSITx64.exe
2016-02-19 16:54 - 2016-02-19 16:54 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-02-19 16:52 - 2016-02-19 16:52 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-19 16:52 - 2016-02-19 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-02-15 18:04 - 2015-04-30 08:10 - 02800950 _____ C:\Users\Beatrix\Desktop\ZC1 Homepage M.pdf
2016-02-09 19:35 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 19:35 - 2016-02-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 19:35 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 19:35 - 2016-02-06 11:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 19:35 - 2016-02-06 11:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 19:35 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-09 19:35 - 2016-02-06 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-09 19:35 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 19:35 - 2016-02-06 10:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-09 19:35 - 2016-02-06 10:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-09 19:35 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 19:35 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-09 19:35 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 19:35 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 19:35 - 2016-01-22 21:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 19:35 - 2016-01-22 21:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-09 19:35 - 2016-01-22 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-09 19:35 - 2016-01-22 07:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-09 19:35 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 19:35 - 2016-01-22 07:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 19:35 - 2016-01-22 07:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-09 19:35 - 2016-01-22 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-09 19:35 - 2016-01-22 07:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 19:35 - 2016-01-22 07:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-09 19:35 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 19:35 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 19:35 - 2016-01-22 07:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-09 19:35 - 2016-01-22 07:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-09 19:35 - 2016-01-22 07:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-09 19:35 - 2016-01-22 07:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 19:35 - 2016-01-22 07:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-09 19:35 - 2016-01-22 07:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-09 19:35 - 2016-01-22 07:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-09 19:35 - 2016-01-22 07:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 19:35 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-09 19:35 - 2016-01-22 07:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 19:35 - 2016-01-22 07:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-09 19:35 - 2016-01-22 07:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-09 19:35 - 2016-01-22 07:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-09 19:35 - 2016-01-22 07:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-09 19:35 - 2016-01-22 07:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-09 19:35 - 2016-01-22 06:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-09 19:35 - 2016-01-22 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-09 19:35 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-09 19:35 - 2016-01-22 06:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-09 19:35 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 19:35 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 19:35 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 19:35 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 19:35 - 2016-01-22 06:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-09 19:35 - 2016-01-22 06:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-09 19:35 - 2016-01-22 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-09 19:35 - 2016-01-22 06:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-09 19:35 - 2016-01-22 06:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-09 19:35 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-09 19:35 - 2016-01-22 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-09 19:35 - 2016-01-22 06:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-09 19:35 - 2016-01-22 06:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-09 19:35 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 19:35 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-09 19:35 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-09 19:35 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-09 19:35 - 2016-01-22 06:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-09 19:35 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 19:35 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 19:35 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-09 19:35 - 2016-01-16 20:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 19:35 - 2016-01-16 19:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 19:35 - 2016-01-11 15:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 19:35 - 2016-01-11 15:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 19:35 - 2016-01-11 15:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 19:35 - 2016-01-11 15:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 19:35 - 2016-01-11 15:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 19:35 - 2016-01-06 20:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 19:35 - 2016-01-06 20:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 19:35 - 2016-01-06 19:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 19:34 - 2016-01-22 07:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 19:34 - 2016-01-22 07:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 19:34 - 2016-01-22 07:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 19:34 - 2016-01-22 07:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 19:34 - 2016-01-22 07:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 19:34 - 2016-01-22 07:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 19:34 - 2016-01-22 07:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 19:34 - 2016-01-22 07:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 19:34 - 2016-01-22 07:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 19:34 - 2016-01-22 07:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 19:34 - 2016-01-22 07:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 19:34 - 2016-01-22 07:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 19:34 - 2016-01-22 07:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 19:34 - 2016-01-22 07:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 19:34 - 2016-01-22 07:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 19:34 - 2016-01-22 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 19:34 - 2016-01-22 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 19:34 - 2016-01-22 07:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 19:34 - 2016-01-22 07:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 19:34 - 2016-01-22 07:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 19:34 - 2016-01-22 07:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 19:34 - 2016-01-22 07:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 19:34 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 19:34 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 19:34 - 2016-01-22 07:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 07:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 19:34 - 2016-01-22 07:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 19:34 - 2016-01-22 07:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 19:34 - 2016-01-22 07:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 19:34 - 2016-01-22 07:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 19:34 - 2016-01-22 07:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 19:34 - 2016-01-22 07:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 19:34 - 2016-01-22 07:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 19:34 - 2016-01-22 07:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 19:34 - 2016-01-22 07:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 19:34 - 2016-01-22 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 19:34 - 2016-01-22 07:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 19:34 - 2016-01-22 07:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 19:34 - 2016-01-22 07:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 19:34 - 2016-01-22 07:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 19:34 - 2016-01-22 07:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 19:34 - 2016-01-22 07:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 19:34 - 2016-01-22 07:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 19:34 - 2016-01-22 07:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 19:34 - 2016-01-22 07:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 19:34 - 2016-01-22 06:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 19:34 - 2016-01-22 06:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 19:34 - 2016-01-22 06:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 19:34 - 2016-01-22 05:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 19:34 - 2016-01-22 05:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 19:34 - 2016-01-22 05:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 19:34 - 2016-01-22 05:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 19:34 - 2016-01-22 05:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 19:34 - 2016-01-22 05:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 19:34 - 2016-01-22 05:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 19:34 - 2016-01-22 05:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 19:34 - 2016-01-22 05:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 19:34 - 2016-01-22 05:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 19:34 - 2016-01-22 05:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 05:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 05:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 19:34 - 2016-01-22 05:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 19:34 - 2016-01-16 20:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 19:34 - 2016-01-16 19:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 19:34 - 2016-01-11 20:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 19:34 - 2016-01-11 20:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 19:34 - 2016-01-11 20:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 19:34 - 2016-01-11 19:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 19:34 - 2016-01-11 19:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 19:34 - 2016-01-11 19:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 19:34 - 2016-01-11 19:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 19:34 - 2016-01-11 19:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 19:34 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 19:34 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 19:34 - 2016-01-11 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 19:34 - 2016-01-11 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 19:34 - 2016-01-11 19:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 19:34 - 2016-01-11 19:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 19:34 - 2016-01-11 19:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 19:34 - 2016-01-11 19:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 19:34 - 2016-01-07 18:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 19:34 - 2016-01-07 18:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 19:34 - 2015-12-20 19:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-09 19:34 - 2015-12-20 19:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 19:34 - 2015-12-20 15:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 19:33 - 2016-01-22 07:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 19:33 - 2016-01-22 07:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 19:33 - 2016-01-22 07:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 19:33 - 2016-01-22 07:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 19:33 - 2016-01-22 07:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 19:33 - 2016-01-22 06:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 19:33 - 2016-01-22 06:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 19:33 - 2016-01-22 06:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-07 21:55 - 2009-07-14 05:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-07 21:55 - 2009-07-14 05:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-07 21:24 - 2013-07-08 10:50 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-07 19:30 - 2011-04-12 09:34 - 00668914 _____ C:\Windows\system32\perfh005.dat
2016-03-07 19:30 - 2011-04-12 09:34 - 00141572 _____ C:\Windows\system32\perfc005.dat
2016-03-07 19:30 - 2009-07-14 06:13 - 01584756 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-07 19:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-07 19:24 - 2011-11-02 11:53 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-07 19:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-07 19:19 - 2009-07-14 03:34 - 89128960 _____ C:\Windows\system32\config\software.bak
2016-03-07 19:19 - 2009-07-14 03:34 - 48496640 _____ C:\Windows\system32\config\components.bak
2016-03-07 19:19 - 2009-07-14 03:34 - 24379392 _____ C:\Windows\system32\config\system.bak
2016-03-07 19:19 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2016-03-07 19:19 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-03-07 19:19 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-03-07 19:19 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-03-06 20:10 - 2012-08-04 01:22 - 00000000 ____D C:\Users\Beatrix\AppData\Roaming\uTorrent
2016-03-05 22:26 - 2005-01-02 11:30 - 01559470 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-05 20:03 - 2012-08-04 12:01 - 00000000 ____D C:\Windows\PCHEALTH
2016-03-05 11:00 - 2012-08-21 16:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-04 22:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-03 22:20 - 2016-01-14 21:26 - 00000000 ____D C:\Users\Beatrix\Desktop\Zertifikat Švandová
2016-03-03 22:20 - 2012-08-04 13:56 - 00000000 ____D C:\Users\Beatrix\Documents\Bildry
2016-03-03 19:02 - 2012-08-03 17:07 - 00002348 _____ C:\Users\Beatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-03 19:02 - 2012-08-03 17:07 - 00002340 _____ C:\Users\Beatrix\Desktop\Google Chrome.lnk
2016-03-01 22:01 - 2012-08-07 16:03 - 00000000 ____D C:\Users\Beatrix\AppData\Roaming\Skype
2016-03-01 19:00 - 2012-08-07 16:02 - 00000000 ____D C:\ProgramData\Skype
2016-02-28 17:10 - 2012-08-21 20:44 - 00000000 ____D C:\Users\Beatrix\Desktop\Linxx
2016-02-28 17:02 - 2014-10-13 13:29 - 00000000 ____D C:\Users\Beatrix\Desktop\Výukový plány
2016-02-28 16:49 - 2012-11-16 12:09 - 00000000 ____D C:\Users\Beatrix\AppData\Local\CrashDumps
2016-02-28 16:37 - 2015-11-17 10:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-28 16:37 - 2012-08-20 15:42 - 00000000 ____D C:\ProgramData\Adobe
2016-02-26 23:09 - 2015-04-05 01:11 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 23:09 - 2015-04-05 01:11 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 22:18 - 2005-01-02 11:30 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-24 22:18 - 2005-01-02 11:30 - 00001912 _____ C:\Windows\epplauncher.mif
2016-02-24 22:17 - 2005-01-02 11:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-24 22:17 - 2005-01-02 11:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-21 12:00 - 2012-09-17 23:28 - 00000000 ____D C:\Users\Beatrix\Desktop\Torrenty
2016-02-19 19:36 - 2012-08-07 16:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-19 18:59 - 2012-02-27 08:48 - 00000000 ____D C:\Users\UpdatusUser
2016-02-19 16:55 - 2012-08-03 13:16 - 00000000 ____D C:\Users\Beatrix
2016-02-19 16:50 - 2012-09-10 08:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-02-19 16:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-02-13 15:39 - 2013-01-02 23:59 - 00000000 ____D C:\Users\Beatrix\Documents\Historie 2013
2016-02-11 20:10 - 2012-08-04 17:07 - 00000000 ____D C:\Users\Beatrix\Documents\CrimeTime
2016-02-10 20:56 - 2012-09-12 18:31 - 00017408 _____ C:\Users\Beatrix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-10 17:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-02-10 16:01 - 2009-07-14 05:45 - 00334768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 16:00 - 2014-12-12 00:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 16:00 - 2014-05-07 00:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 16:00 - 2011-04-12 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-09 22:52 - 2013-08-09 21:19 - 00000000 ____D C:\Windows\system32\MRT
2016-02-09 22:49 - 2011-11-02 12:11 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-09 20:24 - 2013-07-08 10:50 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 20:24 - 2012-08-03 17:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 20:24 - 2012-08-03 17:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-12-25 20:22 - 2012-12-25 20:28 - 247158155 _____ () C:\Program Files (x86)\Office2003_Professional_CZ_Latest.rar
2013-07-14 19:44 - 2014-06-14 19:11 - 0002298 _____ () C:\Users\Beatrix\AppData\Roaming\ASSDraw3.cfg
2012-09-12 18:31 - 2016-02-10 20:56 - 0017408 _____ () C:\Users\Beatrix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-16 20:08 - 2015-02-16 20:08 - 0004096 ____H () C:\Users\Beatrix\AppData\Local\keyfile3.drm

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-29 19:35

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:55.8 GB) (Free:8.6 GB) NTFS
Drive e: (E - Dokumenty) (Fixed) (Total:430.53 GB) (Free:176.99 GB) NTFS
Drive f: (F - Filmy) (Fixed) (Total:500.98 GB) (Free:73.01 GB) NTFS

Available physical RAM: 6714.9 MB
Total physical RAM: 8103.24 MB
Percentage of memory in use: 17%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DB1B7FB9)
Partition 1: (Not Active) - (Size=430.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=501 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 5814E5E1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:3201AC76 [114]

==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Beatrix\Desktop" je 849 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Beatrix\Desktop" je 849 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3493884222-2583266169-3365024918-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

2016-02-19 16:52 - 2016-02-19 16:52 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-19 16:52 - 2016-02-19 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-03-05 11:00 - 2012-08-21 16:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-19 16:50 - 2012-09-10 08:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {23E172A5-DB6C-4551-9909-071AD8A7F039} - \{0D0F7D47-057F-7E05-0D11-0B7E0B7D110E} -> No File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:3201AC76 [114]

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM

FirewallRules: [{DBEC25BC-FC10-46FF-82B5-217C59AEACF3}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{E6CA8E9A-2340-4208-82E0-11879D5AFC46}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{BC388641-BF2F-4592-98C9-72F5EB095D61}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{E1F84A1E-24FC-4A60-BD63-56A9A2BBA0EE}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[yvonne_K]

Děkuji za upozornění. Řeším vše zástupci, ale teď tam mám vícero dočasných záležitostí, proto ta velikost. Pročistím to.

Fixlog zde:


Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Beatrix (2016-03-08 19:00:18) Run:1
Running from C:\Users\Beatrix\Desktop
Loaded Profiles: UpdatusUser & Beatrix (Available Profiles: UpdatusUser & Beatrix)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3493884222-2583266169-3365024918-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

2016-02-19 16:52 - 2016-02-19 16:52 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-19 16:52 - 2016-02-19 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-03-05 11:00 - 2012-08-21 16:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-19 16:50 - 2012-09-10 08:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {23E172A5-DB6C-4551-9909-071AD8A7F039} - \{0D0F7D47-057F-7E05-0D11-0B7E0B7D110E} -> No File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:3201AC76 [114]

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM

FirewallRules: [{DBEC25BC-FC10-46FF-82B5-217C59AEACF3}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{E6CA8E9A-2340-4208-82E0-11879D5AFC46}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{BC388641-BF2F-4592-98C9-72F5EB095D61}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{E1F84A1E-24FC-4A60-BD63-56A9A2BBA0EE}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3493884222-2583266169-3365024918-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-3493884222-2583266169-3365024918-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
EsgScanner => service removed successfully
catchme => service removed successfully
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\ProgramData\McAfee Security Scan => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23E172A5-DB6C-4551-9909-071AD8A7F039}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23E172A5-DB6C-4551-9909-071AD8A7F039}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D0F7D47-057F-7E05-0D11-0B7E0B7D110E} => key not found.
C:\ProgramData\TEMP => ":3201AC76" ADS removed successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBEC25BC-FC10-46FF-82B5-217C59AEACF3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6CA8E9A-2340-4208-82E0-11879D5AFC46} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC388641-BF2F-4592-98C9-72F5EB095D61} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1F84A1E-24FC-4A60-BD63-56A9A2BBA0EE} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 322.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:00:28 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada. Nastala nejaka zmena?

[yvonne_K]

Dobrý večer,

včera jsem vše provedla, měla jsem starší verzi CC, tak jsem ho odinstalovala a nainstalovala Vaši a vypadá být všechno v pořádku. Z plochy se uklidily logy a programy, které jsem v týdnu instalovala, reklamy nevyskakují, internet jede v pohodě. Včera jsem provedla defragmentaci jednoho disku, jelo to nejspíš pak i celou noc. Dnes dám defragmentovat druhý.

Moc děkuji za pomoc a chtěla bych se ještě zeptat - toho trojana jsem chytla jen tak někde na netu, nebo jsem udělala něco špatně? A měla bych si naisntalovat jiný antivir, než Essentials?

[Márty84]

chtěla bych se ještě zeptat - toho trojana jsem chytla jen tak někde na netu, nebo jsem udělala něco špatně?

Tezko rict Dneska neni tak tezke chytit nejakou havet. Nekdy to jde ovlivnit, jindy ne. Hlavne ze je fuc

A měla bych si naisntalovat jiný antivir, než Essentials?

Ano, doporucil bych zmenu.



Nemate vubec zac, rado se stalo

Dalsi pocitace jedou taky v pohode? Predtim jste psala, ze zlobi i druhy...

[yvonne_K]

Mě zaráží, že jsem to teď chytla dvakrát po sobě...je to takové znepokojující.

Už jsem se dívala po jiném antiviru - ještě si chci dočíst recenze tady na föru, tak ho brzo změním. Snad to zajistí, abych se sem vrátila až zase za hodně dlouhou dobu Jinak defragmentaci jsem tady již dokončila - asi je lepší pustit to přes noc, neznervozňuje mě pak jak dlouho to trvá.

Notebook je v pořádku. Projela jsem ho antiviry a všechno se tváří dobře. I ten net po znovunastavení jede. Možná nějaká kolize v síti s IP adresami v domácnosti, potom už se nic divného nedělo.

Ještě jednou moc děkuji a přeji hodně dalších vyléčených PC!

[Márty84]

No, lepsi chytit tohle, nez treba toho brouka, co vam zasifruje data

Ja pouzivam uz 10 let Avast free a zatim spokojenost Samozrejme neni stoprocentni, ale to zadny, vcetne tech placenych. Jinak ale slusne uzivatele tady vzdycky vidime radi, takze obcas prijdte aspon na preventivku
Defragmentace byva dlouha, zvlast pokud se dlouho nedelala. V nekterych pripadech trva i par dnu

To jsem rad, ze notas jede jak ma

Jeste jednou nemate zac! Dekuji za prani

Mejte se krasne a treba zase nekdy