zavirovaný PC ,prosím o kontrolu logu

[Slictyx]

Přeji pěkný den,
tak stále sem nevyřešil svůj problém s mechanikou a do toho se vyskytl problém s jakýmkoliv pokusem nainstalovat antivirus a udělat sken tak jsem se vrátil musel udělat obnovu tak jsem se vrátil k temu co jsme již řešili viz. http://forum.viry.cz/viewtopic.php?f=13&t=148237 ,stáhl jsem MBAM a udělal scan ,trochu jsem vytřeštil oči při zhlédnutí 314 malware zde přikládám screen a prosím o kontrolu zde i log FRST snad už tentokrát to zcela vyřešíme

[Slictyx]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by milan (administrator) on MILAN-PC92 (13-03-2016 00:56:32)
Running from C:\Users\milan\Desktop
Loaded Profiles: milan (Available Profiles: milan)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(BitTorrent Inc.) C:\Users\milan\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\milan\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\milan\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\ProgramData\Google\update\GoogleUpdate.exe
() C:\ProgramData\Google\update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\milan\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [Imperator] => C:\Program Files\Genius\Imperator\IMhid.exe
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\Run: [uTorrent] => C:\Users\milan\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-05] (BitTorrent Inc.)
HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\Run: [Google Update] => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-19] (Google Inc.)
HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\MountPoints2: {a64cccaf-d27d-11e5-b286-0019db86f6cb} - K:\Autorun.exe
HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\MountPoints2: {ddc03b54-ae22-11e5-a317-0019db86f6cb} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\MountPoints2: {e9809527-fd61-11e3-8488-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{0F399F2C-76CF-45F5-BD8D-CB10351F63CD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A69B7D48-CC23-4C8B-9B73-5A5ADCD2F6C9}: [DhcpNameServer] 192.168.2.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-970700664-739145876-1605578078-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope value is missing
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-970700664-739145876-1605578078-1001: @tools.google.com/Google Update;version=3 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-970700664-739145876-1605578078-1001: @tools.google.com/Google Update;version=9 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR Profile: C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-27]
CHR Extension: (Dokumenty Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27]
CHR Extension: (Disk Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Tabulky Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (AdBlock) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
StartMenuInternet: Google Chrome.MKCNDVG6DVYBTZV7TSRNF4RZEY - C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 gprotect; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] ()
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-08-12] (Elex do Brasil Participações Ltda)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TeamViewer9; D:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [5037888 2014-07-02] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WMModules; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-28] (Disc Soft Ltd)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [225896 2015-05-14] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2015-08-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2015-08-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2015-08-12] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-06-30] (Elex do Brasil Participações Ltda)
S3 KYEGKB; C:\Windows\System32\Drivers\KYEGKB.sys [27648 2011-07-31] ( )
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-13] (Malwarebytes)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 00:15 - 2016-03-13 00:15 - 00000000 ____D C:\Users\milan\AppData\Roaming\Elex-tech
2016-03-13 00:15 - 2015-06-30 03:50 - 00044712 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2016-03-12 23:48 - 2016-03-13 00:16 - 00100720 _____ C:\Windows\ntbtlog.txt
2016-03-12 23:45 - 2016-03-13 00:16 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 23:45 - 2016-03-12 23:45 - 22908888 _____ (Malwarebytes ) C:\Users\milan\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-12 23:45 - 2016-03-12 23:45 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-12 23:45 - 2016-03-12 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-12 23:45 - 2016-03-12 23:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 23:45 - 2016-03-12 23:45 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-12 23:45 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-12 23:45 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-12 23:45 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-12 23:43 - 2016-03-12 23:43 - 01594840 _____ (Kaspersky Lab) C:\Users\milan\Downloads\kts15.0.2.361abccs_8421.exe
2016-03-12 23:43 - 2016-03-12 23:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-03-12 23:40 - 2016-03-12 23:41 - 00000000 ____D C:\Users\milan\AppData\Local\AvgSetupLog
2016-03-12 23:40 - 2016-03-12 23:40 - 02979280 _____ (AVG Technologies CZ, s.r.o.) C:\Users\milan\Downloads\AVG_Protection_Free_1026.exe
2016-03-12 23:38 - 2016-03-12 23:41 - 00000000 ____D C:\Users\milan\AppData\Local\NPE
2016-03-12 23:38 - 2016-03-12 23:39 - 00000000 ____D C:\ProgramData\SMR501
2016-03-12 23:38 - 2016-03-12 23:38 - 10107368 _____ (Symantec Corporation) C:\Users\milan\Downloads\NPE.exe
2016-03-12 23:34 - 2016-03-12 23:34 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-03-12 23:15 - 2016-03-12 23:38 - 00000000 ____D C:\ProgramData\Norton
2016-03-12 22:50 - 2016-03-12 23:47 - 00000000 ____D C:\Program Files\Norton Internet Security
2016-03-12 22:49 - 2016-03-12 23:41 - 00000000 ____D C:\Program Files\NortonInstaller
2016-03-12 22:49 - 2016-03-12 23:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-03-12 22:15 - 2016-03-12 22:15 - 00000000 ____D C:\ProgramData\ESET
2016-03-12 22:15 - 2016-03-12 22:15 - 00000000 ____D C:\Program Files\ESET
2016-03-12 21:56 - 2016-03-12 21:56 - 00000000 ____D C:\RegBackup
2016-03-12 21:45 - 2016-03-12 21:46 - 18025373 _____ C:\Users\milan\Downloads\tweaking.com_windows_repair_aio.zip
2016-03-12 21:40 - 2016-03-12 21:40 - 00359656 _____ (Microsoft Corporation) C:\Users\milan\Downloads\msicuu2.exe
2016-03-11 15:26 - 2016-03-11 15:26 - 00000000 ____D C:\Users\milan\Desktop\Nová složka
2016-03-08 15:17 - 2016-03-12 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRTG Network Monitor
2016-03-08 15:17 - 2016-03-12 23:20 - 00000000 ____D C:\Program Files\WinPcap
2016-03-08 15:17 - 2016-03-08 15:17 - 00001024 _____ C:\.rnd
2016-03-08 15:17 - 2016-03-08 15:17 - 00000000 ____D C:\ProgramData\TEMP
2016-03-08 15:15 - 2016-03-12 23:20 - 00000000 ____D C:\Program Files\PRTG Network Monitor
2016-03-08 15:10 - 2016-03-08 15:10 - 130301427 _____ C:\Users\milan\Documents\prtg.zip
2016-03-08 12:06 - 2016-03-08 12:06 - 01524224 _____ C:\Users\milan\Downloads\adwcleaner_5.101.exe
2016-03-08 11:55 - 2016-03-13 00:13 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-08 11:47 - 2016-03-08 11:47 - 01524224 _____ C:\Users\milan\Desktop\adwcleaner_5.101.exe
2016-03-08 11:33 - 2016-03-13 00:11 - 00009528 _____ C:\Users\milan\Desktop\JRT.txt
2016-03-08 11:29 - 2016-03-08 11:29 - 01609216 _____ (Malwarebytes) C:\Users\milan\Desktop\JRT.exe
2016-03-08 01:08 - 2016-03-08 01:08 - 00000000 ____D C:\Users\milan\Downloads\Nová složka (2)
2016-03-07 18:25 - 2016-03-13 00:15 - 00000000 ____D C:\Users\milan\AppData\LocalLow\uTorrent
2016-03-07 12:06 - 2016-03-07 12:06 - 00009255 _____ C:\Users\milan\Desktop\Addition.rar
2016-03-07 11:51 - 2016-03-13 00:56 - 00011703 _____ C:\Users\milan\Desktop\FRST.txt
2016-03-07 11:50 - 2016-03-13 00:56 - 00000000 ____D C:\FRST
2016-03-07 11:47 - 2016-03-07 11:47 - 00112640 _____ (forum.viry.cz) C:\Users\milan\Desktop\FRSTLauncher.exe
2016-03-07 11:44 - 2016-03-07 11:44 - 01725440 _____ (Farbar) C:\Users\milan\Desktop\FRST.exe
2016-03-06 21:09 - 2016-03-07 00:56 - 00000000 ____D C:\Users\milan\AppData\Roaming\vlc
2016-03-06 21:09 - 2016-03-06 21:09 - 00000984 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-06 21:09 - 2016-03-06 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-06 21:08 - 2016-03-06 21:08 - 00000000 ____D C:\Program Files\VideoLAN
2016-03-06 21:03 - 2016-03-06 21:07 - 30510920 _____ C:\Users\milan\Downloads\vlc-2.2.2-win32.exe
2016-03-05 10:21 - 2016-03-05 10:21 - 00000000 ____D C:\Users\milan\Downloads\Nová složka
2016-03-05 10:20 - 2016-03-05 10:20 - 01783800 _____ C:\Users\milan\Downloads\healbot.rar
2016-03-04 23:57 - 2016-03-04 23:57 - 02211428 _____ C:\Users\milan\Downloads\HealBot_5.4.2.0_ALL.zip
2016-03-04 20:27 - 2016-03-04 20:45 - 00000000 ____D C:\Users\milan\AppData\Local\PokerStars
2016-03-04 20:27 - 2016-03-04 20:27 - 00000802 _____ C:\Users\Public\Desktop\PokerStars.lnk
2016-03-04 20:27 - 2016-03-04 20:27 - 00000802 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2016-03-04 17:09 - 2016-03-04 17:09 - 00000000 ____D C:\ProgramData\BlueStacks
2016-03-04 17:08 - 2016-03-04 17:09 - 10125176 _____ (BlueStack Systems, Inc.) C:\Users\milan\Downloads\BlueStacks-SplitInstaller.exe
2016-03-04 16:29 - 2016-03-08 15:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-03-04 16:28 - 2016-03-04 16:28 - 00000000 ____D C:\Users\milan\AppData\Local\Bluestacks
2016-03-04 14:40 - 2016-03-04 14:47 - 275097952 _____ (BlueStack Systems Inc.) C:\Users\milan\Downloads\BlueStacks2_native.exe
2016-03-03 21:22 - 2016-03-12 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Dude
2016-03-03 21:22 - 2016-03-12 23:20 - 00000000 ____D C:\Program Files\Dude
2016-03-03 21:22 - 2016-03-04 20:23 - 00000691 _____ C:\dude.conf
2016-03-03 21:21 - 2016-03-03 21:21 - 03702898 _____ C:\Users\milan\Downloads\dude-install-3.6.exe
2016-03-03 20:07 - 2016-03-03 20:07 - 00000000 ____D C:\Users\milan\AppData\Local\Mumble
2016-03-03 13:20 - 2016-03-05 10:22 - 00000000 ____D C:\Users\milan\Downloads\World of Warcraft - The Burning Crusade
2016-03-02 12:12 - 2016-03-02 12:16 - 00139144 _____ C:\Windows\ntbtlog.txt.bak
2016-03-01 14:00 - 2016-03-01 14:03 - 264113064 _____ (NVIDIA Corporation) C:\Users\milan\Downloads\Nepotvrzeno 110044.crdownload
2016-02-29 18:32 - 2016-03-02 11:47 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2016-02-29 18:32 - 2016-02-29 18:32 - 00169218 _____ C:\Users\milan\Downloads\WoW_WotLK (1).torrent
2016-02-29 18:31 - 2016-02-29 18:31 - 00169218 _____ C:\Users\milan\Downloads\WoW_WotLK.torrent
2016-02-29 18:11 - 2016-03-12 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
2016-02-29 17:15 - 2016-02-29 17:15 - 00000000 ____D C:\Users\milan\AppData\Local\AVAST Software
2016-02-29 16:37 - 2016-02-06 10:43 - 02280448 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-29 16:37 - 2016-02-06 09:54 - 01312256 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-29 16:37 - 2016-01-22 07:09 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00400896 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00171520 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00169984 ____N (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00099840 ____N (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00065536 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-29 16:37 - 2016-01-22 07:05 - 00654336 ____N (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-29 16:37 - 2016-01-22 07:05 - 00251392 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-29 16:37 - 2016-01-22 07:05 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 01060864 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00872448 ____N (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00553472 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00259584 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00223232 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-29 16:37 - 2016-01-22 07:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-29 16:37 - 2016-01-22 06:59 - 00642560 ____N (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-29 16:37 - 2016-01-22 06:59 - 00038912 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-29 16:37 - 2016-01-22 06:59 - 00017408 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-29 16:37 - 2016-01-22 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-29 16:37 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-29 16:37 - 2016-01-22 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-29 16:37 - 2016-01-22 06:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-29 16:37 - 2016-01-22 06:07 - 02120704 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-29 16:37 - 2016-01-22 05:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-29 16:37 - 2016-01-22 05:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-29 16:37 - 2016-01-22 05:51 - 00036352 ____N (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-29 16:37 - 2016-01-22 05:51 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-29 16:37 - 2016-01-22 05:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-29 12:57 - 2016-02-29 12:57 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2016-02-29 12:44 - 2016-03-02 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2016-02-29 12:44 - 2016-02-29 17:47 - 00000000 ____D C:\Users\milan\Documents\Bandicam
2016-02-23 13:37 - 2016-02-23 13:41 - 00000000 ____D C:\Users\milan\Documents\NFS Most Wanted
2016-02-23 13:12 - 2016-02-23 13:12 - 00001008 _____ C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
2016-02-22 21:49 - 2016-02-22 21:49 - 00000000 ___HD C:\Windows\PIF
2016-02-22 20:59 - 2005-05-26 14:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-02-19 16:41 - 2016-02-23 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
2016-02-19 16:41 - 2016-02-19 16:41 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
2016-02-18 23:39 - 2016-02-23 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
2016-02-18 23:39 - 2016-02-18 23:39 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 00:56 - 2014-06-28 12:44 - 00000000 ____D C:\Users\milan\AppData\Roaming\uTorrent
2016-03-13 00:26 - 2015-02-13 21:18 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-13 00:26 - 2015-02-13 21:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-13 00:26 - 2015-02-13 21:18 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-13 00:15 - 2014-06-28 11:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-13 00:15 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 00:13 - 2009-07-14 05:34 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-13 00:13 - 2009-07-14 05:34 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-13 00:08 - 2015-05-19 20:22 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job
2016-03-12 23:47 - 2014-06-27 15:27 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-12 23:41 - 2014-06-28 20:46 - 00000000 ____D C:\ProgramData\AVG
2016-03-12 23:40 - 2014-06-28 20:52 - 00000000 ____D C:\Users\milan\AppData\Local\AVG
2016-03-12 23:22 - 2014-06-26 19:52 - 00000000 ____D C:\Users\milan
2016-03-12 23:21 - 2015-10-22 19:58 - 00000000 ___RD C:\Program Files\Skype
2016-03-12 23:21 - 2015-02-13 21:18 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-12 23:21 - 2014-07-01 10:34 - 00000000 ____D C:\Users\milan\AppData\Local\PokerStars.EU
2016-03-12 23:21 - 2014-06-27 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-03-12 23:21 - 2014-06-27 15:58 - 00000000 ____D C:\Program Files\Mumble
2016-03-12 23:21 - 2014-06-27 15:55 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-12 23:21 - 2014-06-27 15:53 - 00000000 ____D C:\Users\milan\AppData\Roaming\Dropbox
2016-03-12 23:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2016-03-12 23:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-03-12 23:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2016-03-12 20:31 - 2014-06-29 19:52 - 00000000 ____D C:\Users\milan\AppData\Roaming\TS3Client
2016-03-08 12:07 - 2015-05-19 20:22 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job
2016-03-07 19:53 - 2011-04-12 02:37 - 00668138 _____ C:\Windows\system32\perfh005.dat
2016-03-07 19:53 - 2011-04-12 02:37 - 00140798 _____ C:\Windows\system32\perfc005.dat
2016-03-07 19:53 - 2010-11-20 22:01 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-03 20:07 - 2014-09-07 01:36 - 00000000 ____D C:\Users\milan\AppData\Roaming\Mumble
2016-03-03 13:36 - 2015-01-19 20:46 - 00000000 ____D C:\Users\milan\AppData\Local\ElevatedDiagnostics
2016-03-02 11:50 - 2011-04-12 02:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 11:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-02 11:48 - 2016-02-05 08:22 - 00000000 ____D C:\Users\milan\Downloads\Legalizace Windows 7
2016-03-02 11:48 - 2016-02-04 21:44 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Valve
2016-03-02 11:48 - 2016-02-04 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
2016-03-02 11:48 - 2015-10-22 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-02 11:48 - 2015-04-20 12:03 - 00000000 ____D C:\Users\milan\AppData\Local\Samsung
2016-03-02 11:48 - 2015-04-20 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-03-02 11:48 - 2014-11-15 00:32 - 00000000 ___RD C:\Users\milan\Documents\Notes
2016-03-02 11:48 - 2014-06-29 02:37 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-03-02 11:48 - 2014-06-28 20:44 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-03-02 11:48 - 2014-06-28 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-03-02 11:47 - 2015-10-22 19:58 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-02 11:47 - 2015-08-13 12:17 - 00000000 ____D C:\Program Files\Elex-tech
2016-03-02 11:47 - 2015-04-20 11:57 - 00000000 ____D C:\Program Files\Samsung
2016-03-02 11:47 - 2014-06-29 02:37 - 00000000 ____D C:\Program Files\3DO
2016-03-02 11:47 - 2014-06-28 10:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-02 11:47 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-02 11:37 - 2014-06-28 20:45 - 00000000 ____D C:\Users\milan\AppData\Roaming\DAEMON Tools Lite
2016-02-29 16:14 - 2015-04-20 12:03 - 00000000 ____D C:\Users\milan\AppData\Roaming\Samsung
2016-02-29 16:14 - 2015-04-20 11:57 - 00000000 ____D C:\ProgramData\Samsung
2016-02-23 13:27 - 2014-06-28 20:33 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-23 13:12 - 2016-02-11 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-02-19 15:21 - 2009-07-14 05:33 - 00268128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-18 14:59 - 2015-02-10 21:32 - 00000000 ____D C:\Users\milan\AppData\Local\Adobe
2016-02-17 13:57 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-17 13:57 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU(586).TXT

==================== Files in the root of some directories =======

2014-11-19 17:18 - 2014-11-19 17:18 - 0000600 _____ () C:\Users\milan\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\milan\AppData\Local\Temp\45mglgtb.exe
C:\Users\milan\AppData\Local\Temp\AutoRun.exe
C:\Users\milan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\milan\AppData\Local\Temp\dmt0yfwu.exe
C:\Users\milan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaurgcy.dll
C:\Users\milan\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\milan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\milan\AppData\Local\Temp\sqlite3.dll
C:\Users\milan\AppData\Local\Temp\{C68876CD-5EC3-4334-946E-30CBA6AAF8B2}-47.0.2526.106_chrome_installer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2015-12-26 18:40] - [2015-11-10 19:39] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-09 22:55

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:75.12 GB) (Free:24.28 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:390.63 GB) (Free:335.55 GB) NTFS
Drive k: (NFSMW_DISC1) (CDROM) (Total:2.17 GB) (Free:0 GB) CDFS

Available physical RAM: 2035.66 MB
Total physical RAM: 3327.43 MB
Percentage of memory in use: 38%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C916C916)
Partition 1: (Active) - (Size=75.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\milan\Desktop" je 5 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[altrok]

Krasny den Vam preju


V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Spuste dvojklikem a extrahujte na plochu
• kliknete na Next
• Aktualizujte virovou databazi klikem na Update a pokracujte na Next
• Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
• zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
• kliknete na Cleanup a souhlaste s restartem - Yes
• obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

[Slictyx]

zde je log jinak děkuji za rychlou reakci

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.03.12.05
rootkit: v2016.03.12.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18163
milan :: MILAN-PC92 [administrator]

13.3.2016 1:12:54
mbar-log-2016-03-13 (01-12-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 296132
Time elapsed: 18 minute(s), 41 second(s)

Memory Processes Detected: 2
C:\Program Files\Elex-tech\YAC\iSafeSvc.exe (FraudTool.YAC) -> 976 -> Delete on reboot. [588d40465049211535f5aa8c847d8878]
C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe (FraudTool.YAC) -> 1052 -> Delete on reboot. [b1349aec04951b1b92986ec84eb334cc]

Memory Modules Detected: 79
C:\Program Files\Elex-tech\YAC\iSafeSrvMon.dll (FraudTool.YAC) -> Delete on reboot. [5d88cdb9f0a9e74f5f3fca642bdab947]
C:\Program Files\Elex-tech\YAC\iSafeSrvMon.dll (FraudTool.YAC) -> Delete on reboot. [5d88cdb9f0a9e74f5f3fca642bdab947]
C:\Program Files\Elex-tech\YAC\iSvc.dll (FraudTool.YAC) -> Delete on reboot. [60856026623792a47eac85b151b041bf]
C:\Program Files\Elex-tech\YAC\iImportLib.dll (FraudTool.YAC) -> Delete on reboot. [1bca582e86136bcbb971c076679a57a9]
C:\Program Files\Elex-tech\YAC\iImportLib.dll (FraudTool.YAC) -> Delete on reboot. [1bca582e86136bcbb971c076679a57a9]
C:\Program Files\Elex-tech\YAC\curlpp.dll (FraudTool.YAC) -> Delete on reboot. [f8ed6c1a4b4e9b9b08226fc79c659967]
C:\Program Files\Elex-tech\YAC\curlpp.dll (FraudTool.YAC) -> Delete on reboot. [f8ed6c1a4b4e9b9b08226fc79c659967]
C:\Program Files\Elex-tech\YAC\isafeupbiz.dll (FraudTool.YAC) -> Delete on reboot. [4e977313ff9aa88ee4466bcb53aea957]
C:\Program Files\Elex-tech\YAC\isafepxy.dll (FraudTool.YAC) -> Delete on reboot. [d1145a2cecaddc5ad5552e08f70aec14]
C:\Program Files\Elex-tech\YAC\isafepxy.dll (FraudTool.YAC) -> Delete on reboot. [d1145a2cecaddc5ad5552e08f70aec14]
C:\Program Files\Elex-tech\YAC\iCommu.dll (FraudTool.YAC) -> Delete on reboot. [ad38d2b41f7a3105fb2f1a1ccd34dc24]
C:\Program Files\Elex-tech\YAC\iCommu.dll (FraudTool.YAC) -> Delete on reboot. [ad38d2b41f7a3105fb2f1a1ccd34dc24]
C:\Program Files\Elex-tech\YAC\isaferpt.dll (FraudTool.YAC) -> Delete on reboot. [1acbdea85f3a8bab69c12511877ad828]
C:\Program Files\Elex-tech\YAC\isaferpt.dll (FraudTool.YAC) -> Delete on reboot. [1acbdea85f3a8bab69c12511877ad828]
C:\Program Files\Elex-tech\YAC\ipcproxy.dll (FraudTool.YAC) -> Delete on reboot. [de07dfa726733105d2589e9822df4fb1]
C:\Program Files\Elex-tech\YAC\iSvc2.dll (FraudTool.YAC) -> Delete on reboot. [04e1b0d67920cd690b1f5cdaca374eb2]
C:\Program Files\Elex-tech\YAC\isafebs.dll (FraudTool.YAC) -> Delete on reboot. [23c2ceb84b4e999d44e6033318e9f808]
C:\Program Files\Elex-tech\YAC\iSafeAdless.dll (FraudTool.YAC) -> Delete on reboot. [7c6989fd1584999dcd5d83b3f60b32ce]
C:\Program Files\Elex-tech\YAC\iSafenpf.dll (FraudTool.YAC) -> Delete on reboot. [5e87aadcf7a2c2742604989e57aad32d]
C:\Program Files\Elex-tech\YAC\iSafeCheckEngine.dll (FraudTool.YAC) -> Delete on reboot. [1ec79de97e1bec4a74b6a2945ba6817f]
C:\Program Files\Elex-tech\YAC\iSafeEngineBase.dll (FraudTool.YAC) -> Delete on reboot. [d70eeb9befaac472ea40261079884cb4]
C:\Program Files\Elex-tech\YAC\iSafeKrnlCall.dll (FraudTool.YAC) -> Delete on reboot. [db0a82043564132345e5f73f7e8306fa]
C:\Program Files\Elex-tech\YAC\iSafeKrnlMonCall.dll (FraudTool.YAC) -> Delete on reboot. [faebfc8a6f2a6fc73bef39fd06fb3cc4]
C:\Program Files\Elex-tech\YAC\iSafeDisp.dll (FraudTool.YAC) -> Delete on reboot. [33b28bfb198092a472b8e55190716898]
C:\Program Files\Elex-tech\YAC\isafemc.dll (FraudTool.YAC) -> Delete on reboot. [23c28ef82a6fd75f79b1072f6998ea16]
C:\Program Files\Elex-tech\YAC\iSafeEngineDisp.dll (FraudTool.YAC) -> Delete on reboot. [3fa6295d50492d09c961f83edb2644bc]
C:\Program Files\Elex-tech\YAC\isafebase.dll (FraudTool.YAC) -> Delete on reboot. [875ebdc90c8dcc6ab07abd7908f94ab6]
C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll (FraudTool.YAC) -> Delete on reboot. [2db85b2bc9d0a88ef43690a6bd4428d8]
C:\Program Files\Elex-tech\YAC\iSafeMon.dll (FraudTool.YAC) -> Delete on reboot. [0fd60185fa9fd85e55d5fd39e71a13ed]
C:\Program Files\Elex-tech\YAC\iSafeMon.dll (FraudTool.YAC) -> Delete on reboot. [0fd60185fa9fd85e55d5fd39e71a13ed]
C:\Program Files\Elex-tech\YAC\iSafeMon.dll (FraudTool.YAC) -> Delete on reboot. [0fd60185fa9fd85e55d5fd39e71a13ed]
C:\Program Files\Elex-tech\YAC\iSafeMon.dll (FraudTool.YAC) -> Delete on reboot. [0fd60185fa9fd85e55d5fd39e71a13ed]
C:\Program Files\Elex-tech\YAC\iSafeMon.dll (FraudTool.YAC) -> Delete on reboot. [0fd60185fa9fd85e55d5fd39e71a13ed]
C:\Program Files\Elex-tech\YAC\iSafeMon.dll (FraudTool.YAC) -> Delete on reboot. [0fd60185fa9fd85e55d5fd39e71a13ed]
C:\Program Files\Elex-tech\YAC\iSafeMon.dll (FraudTool.YAC) -> Delete on reboot. [0fd60185fa9fd85e55d5fd39e71a13ed]
C:\Program Files\Elex-tech\YAC\libcurl.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\libcurl.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\libeay32.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\libeay32.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\msvcp110.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\msvcp110.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\msvcr110.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\msvcr110.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\sqlite3.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\sqlite3.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\ssleay32.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\ssleay32.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\zlib1.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\zlib1.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\antirk.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\ctools.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\decexp.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\emlib.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\falgorit.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\fgui.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filau.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filcmn.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filcpt.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filppi.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filvss.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\fupd.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\lsf.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\message.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\plugmgr.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\psmgr.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\quarantine.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\tsc.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\twsdk.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\twsupd.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unacev2.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unchm.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unemb.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unmisc.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unrar.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unsevzip.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unzip32.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\vfst.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\w32tools.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\zipexp.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]

Registry Keys Detected: 6
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeService (FraudTool.YAC) -> Delete on reboot. [588d40465049211535f5aa8c847d8878]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlMon (FraudTool.YAC) -> Delete on reboot. [39ac3452edac8caabb6f7bbb98699868]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlKit (FraudTool.YAC) -> Delete on reboot. [7273f393594091a5d456ee48d52c629e]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnl (FraudTool.YAC) -> Delete on reboot. [14d150366336ad89df4bad894cb5ad53]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlR3 (FraudTool.YAC) -> Delete on reboot. [94515d294f4a60d62ffb6cca0cf5639d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\iSafe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 37
C:\Users\milan\AppData\Roaming\Elex-tech\YAC (FraudTool.YAC) -> Delete on reboot. [13d2f690c1d8ac8ac54123bdec16cd33]
C:\Users\milan\AppData\Roaming\Elex-tech\YAC\log (FraudTool.YAC) -> Delete on reboot. [13d2f690c1d8ac8ac54123bdec16cd33]
C:\Program Files\Elex-tech\YAC (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\data (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\engine (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\engine\cache (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\engine\defs (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\font (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\pfdatapfdata (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\pfdatapfdata\SSL (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2 (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\app (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\app\image (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\app\image\new (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\foldericon (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\image (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\image\default (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\trayplugin (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\trayplugin\iDesk (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tmp (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\logs (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\plugins (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\Quarantine (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\task (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\temp (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\trace (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\x64 (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\update (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\update\0 (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\update\1 (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\update\Engine0 (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\update\temp (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\user (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]

Files Detected: 189
C:\WINDOWS\SYSTEM32\drivers\iSafeNetFilter.sys (FraudTool.YAC) -> Delete on reboot. [a365032f4d58e9a66d231b49a6975a9e]
C:\Program Files\Elex-tech\YAC\iSafeSrvMon.dll (FraudTool.YAC) -> Delete on reboot. [5d88cdb9f0a9e74f5f3fca642bdab947]
C:\Program Files\Elex-tech\YAC\iSafeSvc.exe (FraudTool.YAC) -> Delete on reboot. [588d40465049211535f5aa8c847d8878]
C:\Program Files\Elex-tech\YAC\iSvc.dll (FraudTool.YAC) -> Delete on reboot. [60856026623792a47eac85b151b041bf]
C:\Program Files\Elex-tech\YAC\iImportLib.dll (FraudTool.YAC) -> Delete on reboot. [1bca582e86136bcbb971c076679a57a9]
C:\Program Files\Elex-tech\YAC\curlpp.dll (FraudTool.YAC) -> Delete on reboot. [f8ed6c1a4b4e9b9b08226fc79c659967]
C:\Program Files\Elex-tech\YAC\isafeupbiz.dll (FraudTool.YAC) -> Delete on reboot. [4e977313ff9aa88ee4466bcb53aea957]
C:\Program Files\Elex-tech\YAC\isafepxy.dll (FraudTool.YAC) -> Delete on reboot. [d1145a2cecaddc5ad5552e08f70aec14]
C:\Program Files\Elex-tech\YAC\iCommu.dll (FraudTool.YAC) -> Delete on reboot. [ad38d2b41f7a3105fb2f1a1ccd34dc24]
C:\Program Files\Elex-tech\YAC\isaferpt.dll (FraudTool.YAC) -> Delete on reboot. [1acbdea85f3a8bab69c12511877ad828]
C:\Program Files\Elex-tech\YAC\ipcproxy.dll (FraudTool.YAC) -> Delete on reboot. [de07dfa726733105d2589e9822df4fb1]
C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe (FraudTool.YAC) -> Delete on reboot. [b1349aec04951b1b92986ec84eb334cc]
C:\Program Files\Elex-tech\YAC\iSvc2.dll (FraudTool.YAC) -> Delete on reboot. [04e1b0d67920cd690b1f5cdaca374eb2]
C:\Program Files\Elex-tech\YAC\isafebs.dll (FraudTool.YAC) -> Delete on reboot. [23c2ceb84b4e999d44e6033318e9f808]
C:\Program Files\Elex-tech\YAC\iSafeAdless.dll (FraudTool.YAC) -> Delete on reboot. [7c6989fd1584999dcd5d83b3f60b32ce]
C:\Program Files\Elex-tech\YAC\iSafenpf.dll (FraudTool.YAC) -> Delete on reboot. [5e87aadcf7a2c2742604989e57aad32d]
C:\Program Files\Elex-tech\YAC\iSafeCheckEngine.dll (FraudTool.YAC) -> Delete on reboot. [1ec79de97e1bec4a74b6a2945ba6817f]
C:\Program Files\Elex-tech\YAC\iSafeEngineBase.dll (FraudTool.YAC) -> Delete on reboot. [d70eeb9befaac472ea40261079884cb4]
C:\Program Files\Elex-tech\YAC\iSafeKrnlCall.dll (FraudTool.YAC) -> Delete on reboot. [db0a82043564132345e5f73f7e8306fa]
C:\Program Files\Elex-tech\YAC\iSafeKrnlMonCall.dll (FraudTool.YAC) -> Delete on reboot. [faebfc8a6f2a6fc73bef39fd06fb3cc4]
C:\Program Files\Elex-tech\YAC\iSafeDisp.dll (FraudTool.YAC) -> Delete on reboot. [33b28bfb198092a472b8e55190716898]
C:\Program Files\Elex-tech\YAC\isafemc.dll (FraudTool.YAC) -> Delete on reboot. [23c28ef82a6fd75f79b1072f6998ea16]
C:\Program Files\Elex-tech\YAC\iSafeEngineDisp.dll (FraudTool.YAC) -> Delete on reboot. [3fa6295d50492d09c961f83edb2644bc]
C:\Program Files\Elex-tech\YAC\isafebase.dll (FraudTool.YAC) -> Delete on reboot. [875ebdc90c8dcc6ab07abd7908f94ab6]
C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll (FraudTool.YAC) -> Delete on reboot. [2db85b2bc9d0a88ef43690a6bd4428d8]
C:\Program Files\Elex-tech\YAC\iSafeMon.dll (FraudTool.YAC) -> Delete on reboot. [0fd60185fa9fd85e55d5fd39e71a13ed]
C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys (FraudTool.YAC) -> Delete on reboot. [39ac3452edac8caabb6f7bbb98699868]
C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys (FraudTool.YAC) -> Delete on reboot. [7273f393594091a5d456ee48d52c629e]
C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys (FraudTool.YAC) -> Delete on reboot. [14d150366336ad89df4bad894cb5ad53]
C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys (FraudTool.YAC) -> Delete on reboot. [94515d294f4a60d62ffb6cca0cf5639d]
C:\ProgramData\SMR501\Archive\iSafeKrnl.sys (FraudTool.YAC) -> Delete on reboot. [eef7b5d1e4b578be1a10e84ee8195da3]
C:\ProgramData\SMR501\Archive\iSafeKrnlKit.sys (FraudTool.YAC) -> Delete on reboot. [62834a3cd3c6fa3c2505c76f837eb24e]
C:\ProgramData\SMR501\Archive\iSafeKrnlMon.sys (FraudTool.YAC) -> Delete on reboot. [c81d0d79bcdddb5b969437ffd42ddd23]
C:\ProgramData\SMR501\Archive\iSafeKrnlR3.sys (FraudTool.YAC) -> Delete on reboot. [875eaadc8d0c48ee4dddf73f3ec3a858]
C:\ProgramData\SMR501\Archive\iSafeNetFilter.sys (FraudTool.YAC) -> Delete on reboot. [df062e587f1a74c29e8ce2548c75e41c]
C:\Windows\System32\lcpmncnwwai.exe (Trojan.Agent.BCM) -> Delete on reboot. [50958df989101d195824d4e6ce328977]
C:\Users\milan\AppData\Local\Temp\ir_ext_temp_4\AutoPlay\Scripts\hosts.exe (Trojan.Qhost) -> Delete on reboot. [6184681ef2a7f3438e8449fb4eb439c7]
C:\Users\milan\AppData\Local\Temp\ir_ext_temp_7\AutoPlay\Scripts\hosts.exe (Trojan.Qhost) -> Delete on reboot. [18cdea9c7821ee48db3767dda959ec14]
C:\Users\milan\AppData\Local\Temp\WzEFDEF.tmp\crack KB971033.eXe (HackTool.ChewWGA) -> Delete on reboot. [d213dcaa3c5de35349c5d262c938b24e]
C:\Users\milan\AppData\Local\Temp\WzE704F.tmp\crack KB971033.eXe (HackTool.ChewWGA) -> Delete on reboot. [d21325616c2d6ec80608e35131d055ab]
C:\Users\milan\AppData\Local\Temp\WzE9897.tmp\crack KB971033.eXe (HackTool.ChewWGA) -> Delete on reboot. [12d3582ecfca96a0cd416ec6897818e8]
C:\Users\milan\AppData\Local\Temp\WzEB921.tmp\crack KB971033.eXe (HackTool.ChewWGA) -> Delete on reboot. [578e5b2be1b891a50a04ac88f50c926e]
C:\Users\milan\AppData\Local\Temp\WzED588.tmp\crack KB971033.eXe (HackTool.ChewWGA) -> Delete on reboot. [cc19e4a25049dc5a20ee191be31e4db3]
C:\Users\milan\AppData\Roaming\Elex-tech\YAC\log\iSafeTray.log (FraudTool.YAC) -> Delete on reboot. [13d2f690c1d8ac8ac54123bdec16cd33]
C:\Program Files\Elex-tech\YAC\bugreport.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\eDelayinfo.edb (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\feedback.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iCommon.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iddmgr.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iDesk.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iDskDllPatch64.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\ipcdl.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafe.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafeadfv.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafeBugReport.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafechlp.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafeclc.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafeclcv.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafeclean.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafeKrnlBoot.sys (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafeKrnlCall64.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafeKrnlShell.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafemadwc.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafembp.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafemclv.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafemgc.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafemoptv.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafemsmv.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafemvsv.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafeNetFilter.sys (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafeRKScanShell.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafesmgr.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafesopt.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafesptv.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafesv.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\isafetbv.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafeTHlp.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafeTray.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iSafeVirusScanner.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iStart.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTPAutoClean.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTPDesk.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTPFeedback.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTPFloaty.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTPMsgCenter.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTpNodisturb.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTPProtect.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTPPush.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTPStartupAssist.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\iTPVirus.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\libcurl.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\libeay32.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\libpng.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\main (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\msvcp110.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\msvcr110.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\ouilibx.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\sqlite3.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\ssleay32.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\uninstall.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\YACcleaner.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\zlib1.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\data\bas.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\data\eas.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\data\ess.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\data\mic.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\data\nlu.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\data\sta.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\data\stu.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\data\was.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\engine\cache\index.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\font\segoeui.ttf (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\font\segoeuib.ttf (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log\bugreport.ini (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log\bugreport.zip (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log\ipcproxy.log (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log\iSafeBS.log (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log\iSafeKrnlCall.log (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log\iSafeKrnlMonCall.log (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log\iSafeSvc.LOG (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log\iSafeSvc2.LOG (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\log\iSafeTaskHelper.LOG (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\app\image\new\startmenu_deepclean.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\foldericon\app.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\foldericon\file.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\foldericon\folder.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\foldericon\picture.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\image\default\app.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\image\default\file.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\image\default\folder.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\iDesk\image\default\picture.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\app.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\file.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\folder.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\picture.ico (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tmp\1ae38df221198838b232b53e05b253f9.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tmp\4736fc41fd2ddc4745534688d4cd0180.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tmp\ec2349a8841a3422d0dbee598874a77e.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tmp\fb8ea96a939d3beeb94751afb695f977.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\mca.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\antirk.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\common.ini (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\ctools.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\decexp.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\emlib.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\falgorit.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\fddslog.txt (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\fgui.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filau.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filcmn.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filcpt.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filppi.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filpps.ini (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filup.ini (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filvss.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\filvss.ini (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\fupd.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\iSafeSvc2.exe (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\lsf.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\message.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\plugmgr.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\psmgr.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\quarantine.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\tsc.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\twsdk.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\twsupd.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\twsupd.ini (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unacev2.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unchm.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unemb.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unmisc.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unrar.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unsevzip.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\unzip32.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\vfst.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\w32tools.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\zipexp.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\zlib1.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\plugins\filavutd.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\Quarantine\catalog.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\tws\x64\psmgr.dll (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\update\Engine0\upcfg.ini (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\update\temp\upcfg.ini (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\user\brset.ini (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\user\cbss.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\user\softcache2.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\user\srd.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\user\svc2.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]
C:\Program Files\Elex-tech\YAC\user\svc2_com.dat (FraudTool.YAC) -> Delete on reboot. [11d41c6acacf8ea847c0548c1be7718f]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[altrok]

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.com
• obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
• nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete antiviry a vsechny real-time ochrany
• spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
• s licencnimi podminkami souhlaste - Ano
• pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
• v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
• vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

[Slictyx]

tady je log z rkillu a jdu na combofix

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/13/2016 09:16:03 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll : 811 520 : 11/10/2015 07:39 PM : 8626f0c30d4e3564ffdd25c90f4426f1 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 811 520 : 11/20/2010 10:29 PM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_cf068ea4cbca196c\user32.dll : 811 520 : 11/10/2015 07:39 PM : 4c5a23ae4f5157f579c89736ea5d42ce [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll : 811 520 : 11/10/2015 07:36 PM : e175dd0a22ec01ba2e2efcf0b14b8426 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

Program finished at: 03/13/2016 09:18:29 AM
Execution time: 0 hours(s), 2 minute(s), and 26 seconds(s)

[Slictyx]

tak tady je :

ComboFix 16-03-07.01 - milan 13.03.2016 9:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3327.2481 [GMT 1:00]
Spuštěný z: c:\users\milan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinPCap
c:\program files\WinPCap\LICENSE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-13 do 2016-03-13 )))))))))))))))))))))))))))))))
.
.
2016-03-13 08:35 . 2016-03-13 08:35 -------- d-----w- c:\users\milan\AppData\Local\temp
2016-03-13 08:35 . 2016-03-13 08:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-13 08:32 . 2016-03-13 08:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA8CC8FF-D748-412A-88B6-FF40064ABAC2}\offreg.3352.dll
2016-03-13 00:12 . 2016-03-13 08:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-03-12 23:15 . 2016-03-13 00:34 -------- d-----w- c:\users\milan\AppData\Roaming\Elex-tech
2016-03-12 22:45 . 2016-03-13 00:50 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-12 22:45 . 2016-03-13 00:10 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-12 22:45 . 2016-03-12 22:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-03-12 22:45 . 2016-03-12 22:45 -------- d-----w- c:\programdata\Malwarebytes
2016-03-12 22:45 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-12 22:45 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-12 22:43 . 2016-03-12 22:43 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-03-12 22:40 . 2016-03-12 22:41 -------- d-----w- c:\users\milan\AppData\Local\AvgSetupLog
2016-03-12 22:38 . 2016-03-12 22:39 -------- d-----w- c:\programdata\SMR501
2016-03-12 22:38 . 2016-03-12 22:41 -------- d-----w- c:\users\milan\AppData\Local\NPE
2016-03-12 22:34 . 2016-03-12 22:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2016-03-12 22:15 . 2016-03-12 22:38 -------- d-----w- c:\programdata\Norton
2016-03-12 21:50 . 2016-03-12 22:47 -------- d-----w- c:\program files\Norton Internet Security
2016-03-12 21:49 . 2016-03-12 22:41 -------- d-----w- c:\program files\NortonInstaller
2016-03-12 21:15 . 2016-03-12 21:15 -------- d-----w- c:\program files\ESET
2016-03-12 20:56 . 2016-03-12 20:56 -------- d-----w- C:\RegBackup
2016-03-08 14:17 . 2016-03-08 14:17 -------- d-----w- c:\programdata\Logs
2016-03-08 14:15 . 2016-03-12 22:20 -------- d-----w- c:\program files\PRTG Network Monitor
2016-03-08 10:55 . 2016-03-12 23:13 -------- d-----w- c:\program files\AdwCleaner
2016-03-07 10:50 . 2016-03-12 23:57 -------- d-----w- C:\FRST
2016-03-06 20:09 . 2016-03-06 23:56 -------- d-----w- c:\users\milan\AppData\Roaming\vlc
2016-03-06 20:08 . 2016-03-06 20:08 -------- d-----w- c:\program files\VideoLAN
2016-03-04 19:27 . 2016-03-04 19:45 -------- d-----w- c:\users\milan\AppData\Local\PokerStars
2016-03-04 16:09 . 2016-03-04 16:09 -------- d-----w- c:\programdata\BlueStacks
2016-03-04 15:28 . 2016-03-04 15:28 -------- d-----w- c:\users\milan\AppData\Local\Bluestacks
2016-03-03 20:22 . 2016-03-12 22:20 -------- d-----w- c:\program files\Dude
2016-03-03 19:07 . 2016-03-03 19:07 -------- d-----w- c:\users\milan\AppData\Local\Mumble
2016-02-29 16:15 . 2016-02-29 16:15 -------- d-----w- c:\users\milan\AppData\Local\AVAST Software
2016-02-22 20:49 . 2016-02-22 20:49 -------- d--h--w- c:\windows\PIF
2016-02-22 19:59 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-12 23:26 . 2015-02-13 20:18 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-12 23:26 . 2015-02-13 20:18 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-22 06:05 . 2016-02-29 15:37 251392 ------w- c:\windows\system32\schannel.dll
2015-12-30 18:47 . 2016-01-14 10:42 3938240 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-30 18:47 . 2016-01-14 10:42 3993536 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-30 18:47 . 2016-01-14 10:42 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-12-30 18:47 . 2016-01-14 10:42 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-12-30 18:44 . 2016-01-14 10:42 1308160 ----a-w- c:\windows\system32\ntdll(571).dll
2015-12-30 18:41 . 2016-01-14 10:42 171520 ----a-w- c:\windows\system32\wdigest(582).dll
2015-12-30 18:41 . 2016-01-14 10:42 65536 ----a-w- c:\windows\system32\TSpkg(580).dll
2015-12-30 18:41 . 2016-01-14 10:42 99840 ----a-w- c:\windows\system32\sspicli(578).dll
2015-12-30 18:41 . 2016-01-14 10:42 43008 ----a-w- c:\windows\system32\srclient.dll
2015-12-30 18:41 . 2016-01-14 10:42 400896 ----a-w- c:\windows\system32\srcore(577).dll
2015-12-30 18:40 . 2016-01-14 10:42 22016 ----a-w- c:\windows\system32\secur32(575).dll
2015-12-30 18:40 . 2016-01-14 10:42 251392 ----a-w- c:\windows\system32\schannel(574).dll
2015-12-30 18:40 . 2016-01-14 10:42 654336 ----a-w- c:\windows\system32\rpcrt4(573).dll
2015-12-30 18:39 . 2016-01-14 10:42 223232 ----a-w- c:\windows\system32\ncrypt(570).dll
2015-12-30 18:39 . 2016-01-14 10:42 259584 ----a-w- c:\windows\system32\msv1_0(569).dll
2015-12-30 18:39 . 2016-01-14 10:42 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-12-30 18:39 . 2016-01-14 10:42 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-12-30 18:39 . 2016-01-14 10:42 1060864 ----a-w- c:\windows\system32\lsasrv(565).dll
2015-12-30 18:38 . 2016-01-14 10:42 552960 ----a-w- c:\windows\system32\kerberos(562).dll
2015-12-30 18:38 . 2016-01-14 10:42 38912 ----a-w- c:\windows\system32\csrsrv(558).dll
2015-12-30 18:38 . 2016-01-14 10:42 17408 ----a-w- c:\windows\system32\credssp(554).dll
2015-12-30 18:37 . 2016-01-14 10:42 6656 ----a-w- c:\windows\system32\apisetschema(552).dll
2015-12-30 18:37 . 2016-01-14 10:42 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-12-30 17:44 . 2016-01-14 10:42 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-12-30 17:38 . 2016-01-14 10:42 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-12-30 17:32 . 2016-01-14 10:42 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10(559).sys
2015-12-30 17:32 . 2016-01-14 10:42 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-12-30 17:32 . 2016-01-14 10:42 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-12-30 17:30 . 2016-01-14 10:42 36352 ----a-w- c:\windows\system32\cryptbase(555).dll
2015-12-30 17:30 . 2016-01-14 10:42 22016 ----a-w- c:\windows\system32\lsass(566).exe
2015-12-30 17:30 . 2016-01-14 10:42 15872 ----a-w- c:\windows\system32\sspisrv(579).dll
2015-12-30 17:30 . 2016-01-14 10:42 69632 ----a-w- c:\windows\system32\smss(576).exe
2015-12-16 09:15 . 2016-01-24 20:51 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA8CC8FF-D748-412A-88B6-FF40064ABAC2}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2015-11-10 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2015-11-10 . 4C5A23AE4F5157F579C89736EA5D42CE . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_cf068ea4cbca196c\user32.dll
[7] 2015-11-10 . E175DD0A22EC01BA2E2EFCF0B14B8426 . 811520 . . [6.1.7601.23265] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\milan\AppData\Roaming\uTorrent\uTorrent.exe" [2015-12-05 2026520]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2015-02-24 311616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys [x]
R2 gprotect;Google Protect Service(gprotect);c:\programdata\Google\update\GoogleUpdate.exe [2016-01-28 315008]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R2 WMModules;Windows Monitor Modules;c:\programdata\Google\update\GoogleUpdate.exe [2016-01-28 315008]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-10-13 89856]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-12-12 102912]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys [x]
R3 KYEGKB;IMPERATOR Gaming Keyboard;c:\windows\system32\Drivers\KYEGKB.sys [2011-07-31 27648]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-10-13 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2014-10-13 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2014-06-27 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-06-28 243128]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
S2 TeamViewer9;TeamViewer 9;d:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13 23:26]
.
2016-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-19 19:22]
.
2016-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-19 19:22]
.
.
------- Doplňkový sken -------
.
mSearch Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
TCP: DhcpNameServer = 192.168.2.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-Imperator - c:\program files\Genius\Imperator\IMhid.exe
AddRemove-TeamViewer 9 - d:\program files\TeamViewer\Version9\uninstall.exe
AddRemove-{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1 - c:\program files\Free YouTube Downloader\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-03-13 09:37:16
ComboFix-quarantined-files.txt 2016-03-13 08:37
.
Před spuštěním: Volných bajtů: 25 207 451 648
Po spuštění: Volných bajtů: 33 301 692 416
.
- - End Of File - - 0E248FCDE65B8281B8E248005B5F03D2
A36C5E4F47E84449FF07ED3517B43A31

[altrok]

Otestujte na virustotal.com c:\programdata\Google\update\GoogleUpdate.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.



Pokud jeste nemate, presunte ComboFix na plochu.

• Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
• zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

  Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NvBackend"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
  
• Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Slictyx]

zde je link - https://www.virustotal.com/cs/file/30fb ... 457873493/

za chvilku vložím log z combofixu

[Slictyx]

tak zde přikládám log

ComboFix 16-03-07.01 - milan 13.03.2016 13:59:26.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3327.2428 [GMT 1:00]
Spuštěný z: c:\users\milan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\milan\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-13 do 2016-03-13 )))))))))))))))))))))))))))))))
.
.
2016-03-13 13:06 . 2016-03-13 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-13 08:37 . 2016-03-13 13:08 -------- d-----w- c:\users\milan\AppData\Local\temp
2016-03-13 08:32 . 2016-03-13 08:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA8CC8FF-D748-412A-88B6-FF40064ABAC2}\offreg.3352.dll
2016-03-13 00:12 . 2016-03-13 08:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-03-12 23:15 . 2016-03-13 00:34 -------- d-----w- c:\users\milan\AppData\Roaming\Elex-tech
2016-03-12 22:45 . 2016-03-13 00:50 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-12 22:45 . 2016-03-13 00:10 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-12 22:45 . 2016-03-12 22:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-03-12 22:45 . 2016-03-12 22:45 -------- d-----w- c:\programdata\Malwarebytes
2016-03-12 22:45 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-12 22:45 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-12 22:43 . 2016-03-12 22:43 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-03-12 22:40 . 2016-03-12 22:41 -------- d-----w- c:\users\milan\AppData\Local\AvgSetupLog
2016-03-12 22:38 . 2016-03-12 22:39 -------- d-----w- c:\programdata\SMR501
2016-03-12 22:38 . 2016-03-12 22:41 -------- d-----w- c:\users\milan\AppData\Local\NPE
2016-03-12 22:34 . 2016-03-12 22:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2016-03-12 22:15 . 2016-03-12 22:38 -------- d-----w- c:\programdata\Norton
2016-03-12 21:50 . 2016-03-12 22:47 -------- d-----w- c:\program files\Norton Internet Security
2016-03-12 21:49 . 2016-03-12 22:41 -------- d-----w- c:\program files\NortonInstaller
2016-03-12 21:15 . 2016-03-12 21:15 -------- d-----w- c:\program files\ESET
2016-03-12 20:56 . 2016-03-12 20:56 -------- d-----w- C:\RegBackup
2016-03-08 14:17 . 2016-03-08 14:17 -------- d-----w- c:\programdata\Logs
2016-03-08 14:15 . 2016-03-12 22:20 -------- d-----w- c:\program files\PRTG Network Monitor
2016-03-08 10:55 . 2016-03-12 23:13 -------- d-----w- c:\program files\AdwCleaner
2016-03-07 10:50 . 2016-03-12 23:57 -------- d-----w- C:\FRST
2016-03-06 20:09 . 2016-03-06 23:56 -------- d-----w- c:\users\milan\AppData\Roaming\vlc
2016-03-06 20:08 . 2016-03-06 20:08 -------- d-----w- c:\program files\VideoLAN
2016-03-04 19:27 . 2016-03-04 19:45 -------- d-----w- c:\users\milan\AppData\Local\PokerStars
2016-03-04 16:09 . 2016-03-04 16:09 -------- d-----w- c:\programdata\BlueStacks
2016-03-04 15:28 . 2016-03-04 15:28 -------- d-----w- c:\users\milan\AppData\Local\Bluestacks
2016-03-03 20:22 . 2016-03-12 22:20 -------- d-----w- c:\program files\Dude
2016-03-03 19:07 . 2016-03-03 19:07 -------- d-----w- c:\users\milan\AppData\Local\Mumble
2016-02-29 16:15 . 2016-02-29 16:15 -------- d-----w- c:\users\milan\AppData\Local\AVAST Software
2016-02-22 20:49 . 2016-02-22 20:49 -------- d--h--w- c:\windows\PIF
2016-02-22 19:59 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-12 23:26 . 2015-02-13 20:18 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-12 23:26 . 2015-02-13 20:18 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-22 06:05 . 2016-02-29 15:37 251392 ------w- c:\windows\system32\schannel.dll
2015-12-30 18:47 . 2016-01-14 10:42 3938240 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-30 18:47 . 2016-01-14 10:42 3993536 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-30 18:47 . 2016-01-14 10:42 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-12-30 18:47 . 2016-01-14 10:42 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-12-30 18:44 . 2016-01-14 10:42 1308160 ----a-w- c:\windows\system32\ntdll(571).dll
2015-12-30 18:41 . 2016-01-14 10:42 171520 ----a-w- c:\windows\system32\wdigest(582).dll
2015-12-30 18:41 . 2016-01-14 10:42 65536 ----a-w- c:\windows\system32\TSpkg(580).dll
2015-12-30 18:41 . 2016-01-14 10:42 99840 ----a-w- c:\windows\system32\sspicli(578).dll
2015-12-30 18:41 . 2016-01-14 10:42 43008 ----a-w- c:\windows\system32\srclient.dll
2015-12-30 18:41 . 2016-01-14 10:42 400896 ----a-w- c:\windows\system32\srcore(577).dll
2015-12-30 18:40 . 2016-01-14 10:42 22016 ----a-w- c:\windows\system32\secur32(575).dll
2015-12-30 18:40 . 2016-01-14 10:42 251392 ----a-w- c:\windows\system32\schannel(574).dll
2015-12-30 18:40 . 2016-01-14 10:42 654336 ----a-w- c:\windows\system32\rpcrt4(573).dll
2015-12-30 18:39 . 2016-01-14 10:42 223232 ----a-w- c:\windows\system32\ncrypt(570).dll
2015-12-30 18:39 . 2016-01-14 10:42 259584 ----a-w- c:\windows\system32\msv1_0(569).dll
2015-12-30 18:39 . 2016-01-14 10:42 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-12-30 18:39 . 2016-01-14 10:42 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-12-30 18:39 . 2016-01-14 10:42 1060864 ----a-w- c:\windows\system32\lsasrv(565).dll
2015-12-30 18:38 . 2016-01-14 10:42 552960 ----a-w- c:\windows\system32\kerberos(562).dll
2015-12-30 18:38 . 2016-01-14 10:42 38912 ----a-w- c:\windows\system32\csrsrv(558).dll
2015-12-30 18:38 . 2016-01-14 10:42 17408 ----a-w- c:\windows\system32\credssp(554).dll
2015-12-30 18:37 . 2016-01-14 10:42 6656 ----a-w- c:\windows\system32\apisetschema(552).dll
2015-12-30 18:37 . 2016-01-14 10:42 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-12-30 17:44 . 2016-01-14 10:42 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-12-30 17:38 . 2016-01-14 10:42 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-12-30 17:32 . 2016-01-14 10:42 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10(559).sys
2015-12-30 17:32 . 2016-01-14 10:42 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-12-30 17:32 . 2016-01-14 10:42 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-12-30 17:30 . 2016-01-14 10:42 36352 ----a-w- c:\windows\system32\cryptbase(555).dll
2015-12-30 17:30 . 2016-01-14 10:42 22016 ----a-w- c:\windows\system32\lsass(566).exe
2015-12-30 17:30 . 2016-01-14 10:42 15872 ----a-w- c:\windows\system32\sspisrv(579).dll
2015-12-30 17:30 . 2016-01-14 10:42 69632 ----a-w- c:\windows\system32\smss(576).exe
2015-12-16 09:15 . 2016-01-24 20:51 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA8CC8FF-D748-412A-88B6-FF40064ABAC2}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2015-11-10 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2015-11-10 . 4C5A23AE4F5157F579C89736EA5D42CE . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_cf068ea4cbca196c\user32.dll
[7] 2015-11-10 . E175DD0A22EC01BA2E2EFCF0B14B8426 . 811520 . . [6.1.7601.23265] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\milan\AppData\Roaming\uTorrent\uTorrent.exe" [2015-12-05 2026520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2015-02-24 311616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-10-13 89856]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-12-12 102912]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys [x]
R3 KYEGKB;IMPERATOR Gaming Keyboard;c:\windows\system32\Drivers\KYEGKB.sys [2011-07-31 27648]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-10-13 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2014-10-13 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2014-06-27 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-06-28 243128]
S2 gprotect;Google Protect Service(gprotect);c:\programdata\Google\update\GoogleUpdate.exe [2016-01-28 315008]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
S2 TeamViewer9;TeamViewer 9;d:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S2 WMModules;Windows Monitor Modules;c:\programdata\Google\update\GoogleUpdate.exe [2016-01-28 315008]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13 23:26]
.
2016-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-19 19:22]
.
2016-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-19 19:22]
.
.
------- Doplňkový sken -------
.
mSearch Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
TCP: DhcpNameServer = 192.168.2.254
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2016-03-13 14:12:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-03-13 13:12
ComboFix2.txt 2016-03-13 08:37
.
Před spuštěním: Volných bajtů: 29 751 414 784
Po spuštění: Volných bajtů: 29 710 503 936
.
- - End Of File - - DA992C6F8DE38823E2750409D4C422D1
A36C5E4F47E84449FF07ED3517B43A31

[altrok]

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

[Slictyx]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by milan (administrator) on MILAN-PC92 (13-03-2016 14:25:19)
Running from C:\Users\milan\Desktop
Loaded Profiles: milan (Available Profiles: milan)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(BitTorrent Inc.) C:\Users\milan\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\ProgramData\Google\update\GoogleUpdate.exe
() C:\ProgramData\Google\update\GoogleUpdate.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\milan\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\Run: [uTorrent] => C:\Users\milan\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-05] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{0F399F2C-76CF-45F5-BD8D-CB10351F63CD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A69B7D48-CC23-4C8B-9B73-5A5ADCD2F6C9}: [DhcpNameServer] 192.168.2.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-970700664-739145876-1605578078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-970700664-739145876-1605578078-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-970700664-739145876-1605578078-1001: @tools.google.com/Google Update;version=3 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-970700664-739145876-1605578078-1001: @tools.google.com/Google Update;version=9 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR Profile: C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-27]
CHR Extension: (Dokumenty Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27]
CHR Extension: (Disk Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Tabulky Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (AdBlock) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
StartMenuInternet: Google Chrome.MKCNDVG6DVYBTZV7TSRNF4RZEY - C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 gprotect; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TeamViewer9; D:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [5037888 2014-07-02] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WMModules; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-28] (Disc Soft Ltd)
S3 KYEGKB; C:\Windows\System32\Drivers\KYEGKB.sys [27648 2011-07-31] ( )
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\milan\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
U3 mbr; \??\C:\Users\milan\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 14:25 - 2016-03-13 14:25 - 00009732 _____ C:\Users\milan\Desktop\FRST.txt
2016-03-13 14:12 - 2016-03-13 14:12 - 00013707 _____ C:\ComboFix.txt
2016-03-13 13:56 - 2016-03-13 13:56 - 00000000 _____ C:\Users\milan\Desktop\Nový textový dokument.txt
2016-03-13 09:25 - 2016-03-13 14:12 - 00000000 ____D C:\Qoobox
2016-03-13 09:25 - 2016-03-13 14:06 - 00000000 ____D C:\Windows\erdnt
2016-03-13 09:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-13 09:25 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-13 09:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-13 09:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-13 09:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-13 09:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-13 09:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-13 09:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-13 09:16 - 2016-03-13 09:18 - 00003620 _____ C:\Users\milan\Desktop\Rkill.txt
2016-03-13 09:14 - 2016-03-13 09:14 - 05658088 ____R (Swearware) C:\Users\milan\Desktop\ComboFix.exe
2016-03-13 09:13 - 2016-03-13 09:13 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\milan\Desktop\rkill.exe
2016-03-13 01:12 - 2016-03-13 09:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-13 01:10 - 2016-03-13 01:33 - 00000000 ____D C:\Users\milan\Desktop\mbar
2016-03-13 01:09 - 2016-03-13 01:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\milan\Desktop\mbar-1.09.3.1001.exe
2016-03-13 01:06 - 2016-03-13 01:06 - 00008934 _____ C:\Users\milan\Desktop\Addition.rar
2016-03-13 00:15 - 2016-03-13 01:34 - 00000000 ____D C:\Users\milan\AppData\Roaming\Elex-tech
2016-03-12 23:48 - 2016-03-13 14:12 - 00144680 _____ C:\Windows\ntbtlog.txt
2016-03-12 23:45 - 2016-03-13 01:50 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 23:45 - 2016-03-13 01:10 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-12 23:45 - 2016-03-12 23:45 - 22908888 _____ (Malwarebytes ) C:\Users\milan\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-12 23:45 - 2016-03-12 23:45 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-12 23:45 - 2016-03-12 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-12 23:45 - 2016-03-12 23:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 23:45 - 2016-03-12 23:45 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-12 23:45 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-12 23:45 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-12 23:43 - 2016-03-12 23:43 - 01594840 _____ (Kaspersky Lab) C:\Users\milan\Downloads\kts15.0.2.361abccs_8421.exe
2016-03-12 23:43 - 2016-03-12 23:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-03-12 23:40 - 2016-03-12 23:41 - 00000000 ____D C:\Users\milan\AppData\Local\AvgSetupLog
2016-03-12 23:40 - 2016-03-12 23:40 - 02979280 _____ (AVG Technologies CZ, s.r.o.) C:\Users\milan\Downloads\AVG_Protection_Free_1026.exe
2016-03-12 23:38 - 2016-03-12 23:41 - 00000000 ____D C:\Users\milan\AppData\Local\NPE
2016-03-12 23:38 - 2016-03-12 23:39 - 00000000 ____D C:\ProgramData\SMR501
2016-03-12 23:38 - 2016-03-12 23:38 - 10107368 _____ (Symantec Corporation) C:\Users\milan\Downloads\NPE.exe
2016-03-12 23:34 - 2016-03-12 23:34 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-03-12 23:15 - 2016-03-12 23:38 - 00000000 ____D C:\ProgramData\Norton
2016-03-12 22:50 - 2016-03-12 23:47 - 00000000 ____D C:\Program Files\Norton Internet Security
2016-03-12 22:49 - 2016-03-12 23:41 - 00000000 ____D C:\Program Files\NortonInstaller
2016-03-12 22:49 - 2016-03-12 23:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-03-12 22:15 - 2016-03-12 22:15 - 00000000 ____D C:\ProgramData\ESET
2016-03-12 22:15 - 2016-03-12 22:15 - 00000000 ____D C:\Program Files\ESET
2016-03-12 21:56 - 2016-03-12 21:56 - 00000000 ____D C:\RegBackup
2016-03-12 21:45 - 2016-03-12 21:46 - 18025373 _____ C:\Users\milan\Downloads\tweaking.com_windows_repair_aio.zip
2016-03-12 21:40 - 2016-03-12 21:40 - 00359656 _____ (Microsoft Corporation) C:\Users\milan\Downloads\msicuu2.exe
2016-03-11 15:26 - 2016-03-11 15:26 - 00000000 ____D C:\Users\milan\Desktop\Nová složka
2016-03-08 15:17 - 2016-03-12 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRTG Network Monitor
2016-03-08 15:17 - 2016-03-08 15:17 - 00001024 _____ C:\.rnd
2016-03-08 15:17 - 2016-03-08 15:17 - 00000000 ____D C:\ProgramData\TEMP
2016-03-08 15:15 - 2016-03-12 23:20 - 00000000 ____D C:\Program Files\PRTG Network Monitor
2016-03-08 15:10 - 2016-03-08 15:10 - 130301427 _____ C:\Users\milan\Documents\prtg.zip
2016-03-08 12:06 - 2016-03-08 12:06 - 01524224 _____ C:\Users\milan\Downloads\adwcleaner_5.101.exe
2016-03-08 11:55 - 2016-03-13 00:13 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-08 11:47 - 2016-03-08 11:47 - 01524224 _____ C:\Users\milan\Desktop\adwcleaner_5.101.exe
2016-03-08 11:33 - 2016-03-13 00:11 - 00009528 _____ C:\Users\milan\Desktop\JRT.txt
2016-03-08 11:29 - 2016-03-08 11:29 - 01609216 _____ (Malwarebytes) C:\Users\milan\Desktop\JRT.exe
2016-03-08 01:08 - 2016-03-08 01:08 - 00000000 ____D C:\Users\milan\Downloads\Nová složka (2)
2016-03-07 12:06 - 2016-03-07 12:06 - 00009255 _____ C:\Users\milan\Desktop\Addition1.rar
2016-03-07 11:50 - 2016-03-13 14:25 - 00000000 ____D C:\FRST
2016-03-07 11:47 - 2016-03-07 11:47 - 00112640 _____ (forum.viry.cz) C:\Users\milan\Desktop\FRSTLauncher.exe
2016-03-07 11:44 - 2016-03-07 11:44 - 01725440 _____ (Farbar) C:\Users\milan\Desktop\FRST.exe
2016-03-06 21:09 - 2016-03-07 00:56 - 00000000 ____D C:\Users\milan\AppData\Roaming\vlc
2016-03-06 21:09 - 2016-03-06 21:09 - 00000984 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-06 21:09 - 2016-03-06 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-06 21:08 - 2016-03-06 21:08 - 00000000 ____D C:\Program Files\VideoLAN
2016-03-06 21:03 - 2016-03-06 21:07 - 30510920 _____ C:\Users\milan\Downloads\vlc-2.2.2-win32.exe
2016-03-05 10:21 - 2016-03-05 10:21 - 00000000 ____D C:\Users\milan\Downloads\Nová složka
2016-03-05 10:20 - 2016-03-05 10:20 - 01783800 _____ C:\Users\milan\Downloads\healbot.rar
2016-03-04 23:57 - 2016-03-04 23:57 - 02211428 _____ C:\Users\milan\Downloads\HealBot_5.4.2.0_ALL.zip
2016-03-04 20:27 - 2016-03-04 20:45 - 00000000 ____D C:\Users\milan\AppData\Local\PokerStars
2016-03-04 20:27 - 2016-03-04 20:27 - 00000802 _____ C:\Users\Public\Desktop\PokerStars.lnk
2016-03-04 20:27 - 2016-03-04 20:27 - 00000802 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2016-03-04 17:09 - 2016-03-04 17:09 - 00000000 ____D C:\ProgramData\BlueStacks
2016-03-04 17:08 - 2016-03-04 17:09 - 10125176 _____ (BlueStack Systems, Inc.) C:\Users\milan\Downloads\BlueStacks-SplitInstaller.exe
2016-03-04 16:29 - 2016-03-08 15:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-03-04 16:28 - 2016-03-04 16:28 - 00000000 ____D C:\Users\milan\AppData\Local\Bluestacks
2016-03-04 14:40 - 2016-03-04 14:47 - 275097952 _____ (BlueStack Systems Inc.) C:\Users\milan\Downloads\BlueStacks2_native.exe
2016-03-03 21:22 - 2016-03-12 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Dude
2016-03-03 21:22 - 2016-03-12 23:20 - 00000000 ____D C:\Program Files\Dude
2016-03-03 21:22 - 2016-03-04 20:23 - 00000691 _____ C:\dude.conf
2016-03-03 21:21 - 2016-03-03 21:21 - 03702898 _____ C:\Users\milan\Downloads\dude-install-3.6.exe
2016-03-03 20:07 - 2016-03-03 20:07 - 00000000 ____D C:\Users\milan\AppData\Local\Mumble
2016-03-03 13:20 - 2016-03-05 10:22 - 00000000 ____D C:\Users\milan\Downloads\World of Warcraft - The Burning Crusade
2016-03-02 12:12 - 2016-03-02 12:16 - 00139144 _____ C:\Windows\ntbtlog.txt.bak
2016-03-01 14:00 - 2016-03-01 14:03 - 264113064 _____ (NVIDIA Corporation) C:\Users\milan\Downloads\Nepotvrzeno 110044.crdownload
2016-02-29 18:32 - 2016-03-02 11:47 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2016-02-29 18:32 - 2016-02-29 18:32 - 00169218 _____ C:\Users\milan\Downloads\WoW_WotLK (1).torrent
2016-02-29 18:31 - 2016-02-29 18:31 - 00169218 _____ C:\Users\milan\Downloads\WoW_WotLK.torrent
2016-02-29 18:11 - 2016-03-12 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
2016-02-29 17:15 - 2016-02-29 17:15 - 00000000 ____D C:\Users\milan\AppData\Local\AVAST Software
2016-02-29 16:37 - 2016-02-06 10:43 - 02280448 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-29 16:37 - 2016-02-06 09:54 - 01312256 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-29 16:37 - 2016-01-22 07:09 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00400896 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00171520 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00169984 ____N (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00099840 ____N (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-29 16:37 - 2016-01-22 07:06 - 00065536 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-29 16:37 - 2016-01-22 07:05 - 00654336 ____N (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-29 16:37 - 2016-01-22 07:05 - 00251392 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-29 16:37 - 2016-01-22 07:05 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 01060864 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00872448 ____N (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00553472 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00259584 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-29 16:37 - 2016-01-22 07:02 - 00223232 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-29 16:37 - 2016-01-22 07:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-29 16:37 - 2016-01-22 06:59 - 00642560 ____N (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-29 16:37 - 2016-01-22 06:59 - 00038912 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-29 16:37 - 2016-01-22 06:59 - 00017408 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-29 16:37 - 2016-01-22 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-29 16:37 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-29 16:37 - 2016-01-22 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-29 16:37 - 2016-01-22 06:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-29 16:37 - 2016-01-22 06:07 - 02120704 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-29 16:37 - 2016-01-22 05:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-29 16:37 - 2016-01-22 05:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-29 16:37 - 2016-01-22 05:51 - 00036352 ____N (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-29 16:37 - 2016-01-22 05:51 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-29 16:37 - 2016-01-22 05:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-29 12:57 - 2016-02-29 12:57 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2016-02-29 12:44 - 2016-03-02 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2016-02-29 12:44 - 2016-02-29 17:47 - 00000000 ____D C:\Users\milan\Documents\Bandicam
2016-02-23 13:37 - 2016-02-23 13:41 - 00000000 ____D C:\Users\milan\Documents\NFS Most Wanted
2016-02-23 13:12 - 2016-02-23 13:12 - 00001008 _____ C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
2016-02-22 21:49 - 2016-02-22 21:49 - 00000000 ___HD C:\Windows\PIF
2016-02-22 20:59 - 2005-05-26 14:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-02-19 16:41 - 2016-02-23 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
2016-02-19 16:41 - 2016-02-19 16:41 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
2016-02-18 23:39 - 2016-02-23 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
2016-02-18 23:39 - 2016-02-18 23:39 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 14:23 - 2014-06-28 12:44 - 00000000 ____D C:\Users\milan\AppData\Roaming\uTorrent
2016-03-13 14:08 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 14:08 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-03-13 14:07 - 2015-05-19 20:22 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job
2016-03-13 14:07 - 2014-06-28 11:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-13 13:26 - 2015-02-13 21:18 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-13 13:12 - 2009-07-14 05:34 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-13 13:12 - 2009-07-14 05:34 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-13 12:07 - 2015-05-19 20:22 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job
2016-03-13 11:53 - 2015-01-19 20:46 - 00000000 ____D C:\Users\milan\AppData\Local\ElevatedDiagnostics
2016-03-13 01:34 - 2015-08-13 12:17 - 00000000 ____D C:\Program Files\Elex-tech
2016-03-13 01:34 - 2015-01-19 19:16 - 00000000 ____D C:\Windows\Minidump
2016-03-13 00:26 - 2015-02-13 21:18 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-13 00:26 - 2015-02-13 21:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-12 23:47 - 2014-06-27 15:27 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-12 23:41 - 2014-06-28 20:46 - 00000000 ____D C:\ProgramData\AVG
2016-03-12 23:40 - 2014-06-28 20:52 - 00000000 ____D C:\Users\milan\AppData\Local\AVG
2016-03-12 23:22 - 2014-06-26 19:52 - 00000000 ____D C:\Users\milan
2016-03-12 23:21 - 2015-10-22 19:58 - 00000000 ___RD C:\Program Files\Skype
2016-03-12 23:21 - 2015-02-13 21:18 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-12 23:21 - 2014-07-01 10:34 - 00000000 ____D C:\Users\milan\AppData\Local\PokerStars.EU
2016-03-12 23:21 - 2014-06-27 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-03-12 23:21 - 2014-06-27 15:58 - 00000000 ____D C:\Program Files\Mumble
2016-03-12 23:21 - 2014-06-27 15:55 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-12 23:21 - 2014-06-27 15:53 - 00000000 ____D C:\Users\milan\AppData\Roaming\Dropbox
2016-03-12 23:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2016-03-12 23:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-03-12 23:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2016-03-12 20:31 - 2014-06-29 19:52 - 00000000 ____D C:\Users\milan\AppData\Roaming\TS3Client
2016-03-07 19:53 - 2011-04-12 02:37 - 00668138 _____ C:\Windows\system32\perfh005.dat
2016-03-07 19:53 - 2011-04-12 02:37 - 00140798 _____ C:\Windows\system32\perfc005.dat
2016-03-07 19:53 - 2010-11-20 22:01 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-03 20:07 - 2014-09-07 01:36 - 00000000 ____D C:\Users\milan\AppData\Roaming\Mumble
2016-03-02 11:50 - 2011-04-12 02:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 11:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-02 11:48 - 2016-02-05 08:22 - 00000000 ____D C:\Users\milan\Downloads\Legalizace Windows 7
2016-03-02 11:48 - 2016-02-04 21:44 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Valve
2016-03-02 11:48 - 2016-02-04 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
2016-03-02 11:48 - 2015-10-22 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-02 11:48 - 2015-04-20 12:03 - 00000000 ____D C:\Users\milan\AppData\Local\Samsung
2016-03-02 11:48 - 2015-04-20 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-03-02 11:48 - 2014-11-15 00:32 - 00000000 ___RD C:\Users\milan\Documents\Notes
2016-03-02 11:48 - 2014-06-29 02:37 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-03-02 11:48 - 2014-06-28 20:44 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-03-02 11:48 - 2014-06-28 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-03-02 11:47 - 2015-10-22 19:58 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-02 11:47 - 2015-04-20 11:57 - 00000000 ____D C:\Program Files\Samsung
2016-03-02 11:47 - 2014-06-29 02:37 - 00000000 ____D C:\Program Files\3DO
2016-03-02 11:47 - 2014-06-28 10:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-02 11:47 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-02 11:37 - 2014-06-28 20:45 - 00000000 ____D C:\Users\milan\AppData\Roaming\DAEMON Tools Lite
2016-02-29 16:14 - 2015-04-20 12:03 - 00000000 ____D C:\Users\milan\AppData\Roaming\Samsung
2016-02-29 16:14 - 2015-04-20 11:57 - 00000000 ____D C:\ProgramData\Samsung
2016-02-23 13:27 - 2014-06-28 20:33 - 00000000 ____D C:\Users\milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-23 13:12 - 2016-02-11 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-02-19 15:21 - 2009-07-14 05:33 - 00268128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-18 14:59 - 2015-02-10 21:32 - 00000000 ____D C:\Users\milan\AppData\Local\Adobe
2016-02-17 13:57 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-17 13:57 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU(586).TXT

==================== Files in the root of some directories =======

2014-11-19 17:18 - 2014-11-19 17:18 - 0000600 _____ () C:\Users\milan\AppData\Local\PUTTY.RND

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2015-12-26 18:40] - [2015-11-10 19:39] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-09 22:55

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:75.12 GB) (Free:27.74 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:390.63 GB) (Free:335.55 GB) NTFS

Available physical RAM: 2269.08 MB
Total physical RAM: 3327.43 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C916C916)
Partition 1: (Active) - (Size=75.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\milan\Desktop" je 58 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Slictyx]

log z addition :

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by milan (2016-03-13 14:25:49)
Running from C:\Users\milan\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2014-06-26 18:52:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-970700664-739145876-1605578078-500 - Administrator - Disabled)
Guest (S-1-5-21-970700664-739145876-1605578078-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-970700664-739145876-1605578078-1002 - Limited - Enabled)
milan (S-1-5-21-970700664-739145876-1605578078-1001 - Administrator - Enabled) => C:\Users\milan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
AutoHotkey 1.0.48.05 (HKLM\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AVG PC TuneUp 2015 (cs-CZ) (Version: 15.0.1001.185 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Counter-Strike(TM) (HKLM\...\{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}) (Version: 1.0.0.0 - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKU\S-1-5-21-970700664-739145876-1605578078-1001\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Might and Magic III Complete (HKLM\...\InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt)
Heroes of Might and Magic III Complete (Version: 1.00.0000 - CD Projekt) Hidden
Imperator Gaming Keyboard (HKLM\...\{12A8DEA6-1DA3-403F-BD28-D61C3908117F}}_is1) (Version: - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mumble 1.2.3 (HKLM\...\{62C68336-B969-4097-B0BD-A3A0FBFD59C1}) (Version: 1.2.3 - Thorvald Natvig)
Need For Speed Underground Demo (HKLM\...\{B575AC8F-EEDB-4B75-0091-17306783164E}) (Version: - )
Need for Speed™ Most Wanted (HKLM\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version: - )
NVIDIA Ovladač 3D Vision 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
Ovládací panel NVIDIA 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
RAR Password Cracker 4.12 (HKLM\...\RAR Password Cracker) (Version: - dnSoft Research Group)
RAR Password Recovery v1.1 RC16 (remove only) (HKLM\...\Intelore - RAR Password Recovery) (Version: - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.35 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Steam(TM) (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
The Dude (HKLM\...\Dude) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\milan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\milan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6839E2-4EA7-4DE1-9439-B66154F3016B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)
Task: {0F270B80-933C-4A18-AAF6-0A6866853165} - System32\Tasks\{32A880A6-5C8E-4100-98F3-F5D147C860DD} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {13CA5E43-A91B-4EA7-BDE2-3BC79FC2EC44} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)
Task: {14ADB49F-EC56-4F40-A77F-6E06CEFFFD74} - System32\Tasks\{02302981-B86C-44F2-AC78-C87AC5518AA6} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {15B380A3-3C47-494D-A2A5-781B2A643281} - System32\Tasks\{AFD15094-7436-4755-8A4E-A6F1540AF803} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {16E80762-A00F-4A7E-821B-850FE1889FA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {17941D0F-1556-4C97-A2A7-CAE92D0F132A} - System32\Tasks\{E07D001B-5309-41EF-A80D-978E7A27DBD9} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {196DDA1F-0476-43B1-9078-A8A767B7F0F6} - System32\Tasks\{ADBBD016-B2D2-4D96-8CAE-61773D1CF2AE} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {19BBF83D-8A6B-489E-AF4B-45B027DD4092} - System32\Tasks\{693C5392-12AD-4C79-A7E5-5AF8A593F286} => pcalua.exe -a C:\Users\milan\Downloads\WDM_A400.exe -d C:\Users\milan\Downloads
Task: {24B95278-B5FA-4F42-A55C-E3A7425DEC1A} - System32\Tasks\{6F9F87DB-7EDA-4B17-B521-5088378AE5D0} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {40E75AA9-EBA4-4A8A-891E-AE472F9B8EB9} - System32\Tasks\{A6B83C35-9B77-4CE6-8EC6-529C035D166F} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {4F156640-4B5F-4719-A58F-C895DA6CBBB5} - System32\Tasks\{817D5B95-50B4-4C6A-B9FC-B0C9B40E572C} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {4FFF5F91-004F-42A5-AB38-8546CF03E1E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-13] (Adobe Systems Incorporated)
Task: {5193166F-4F2B-4BA9-9880-31FEEAAA13F9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-970700664-739145876-1605578078-1001
Task: {51F1457A-8C59-46C7-983E-A5B26D44FBF8} - System32\Tasks\{CD14007B-132C-4971-BC16-0B2CF3F1B71D} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {5B8974AE-5D3E-4903-B230-4DCF0981A2C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6A5CF9FF-C73A-4158-A0B9-7E3487D81971} - System32\Tasks\{F2B2FEF0-E389-4198-AF35-CEF8B1515BF2} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {780A778E-FCC7-45E6-BCF2-2E23E1F4BD21} - System32\Tasks\avastBCLRestartS-1-5-21-970700664-739145876-1605578078-1001 => Chrome.exe
Task: {7842CDA6-7C5B-4438-8913-6766B7F72B49} - System32\Tasks\{C739D0E4-E989-4A33-84B0-213575139ACE} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {84D4A6C2-B447-4E68-BB1D-3FDF3C869A84} - System32\Tasks\{FF57FA7B-A662-4EEE-95DC-F7C16D9478D9} => pcalua.exe -a C:\Users\milan\Downloads\32bit_Vista_Win7_Win8_R270.exe -d C:\Users\milan\Downloads
Task: {966EDC19-D41C-49F2-8E55-2FBF1661E504} - System32\Tasks\{357435A5-0A30-46C6-9EBC-CD7E85EC2146} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {A1D8F149-4F90-4A25-A388-9CBF69151C98} - System32\Tasks\{E42D7B7E-B1FE-40AB-BEC1-71135E4C4D1E} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {A531936A-3340-4BF7-B7BC-0238E3E57ED6} - System32\Tasks\{6B2979F1-42CF-435D-A6E6-BAAA8FFAAD83} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {AF057B9F-C1EA-40A5-BF72-F7991E471CB7} - System32\Tasks\{ECC3974C-3413-4ADE-BC5A-9DE98A29C34D} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {B4520300-1525-41D7-A908-01B6DA2D74A7} - System32\Tasks\{B6873158-83EC-44FF-BBEA-0FAD74E62956} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {B4CCA54C-C372-44A2-8E40-8297A469D19B} - System32\Tasks\{A5EC1EBB-5AC9-428E-B467-3773FCC4DB90} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {B88758C5-E45A-4BA2-971D-EC9A960A6383} - System32\Tasks\{E4BF6D84-0219-4FE1-A2EE-C0DF4D4FEB7D} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {BD7FD249-5B78-423A-A886-BAB197E71B17} - System32\Tasks\{517B034C-494C-4E45-869D-03F93F7E1ACF} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {C0B78F3A-67C9-41F3-AAC2-F99EAE8CC0C1} - System32\Tasks\{5F0668CC-2420-4A5C-9B0F-ED6F33B16C3C} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {C3A4F47C-C74E-4E57-82E0-9CC3F1A0EBC9} - System32\Tasks\{28EB9E8C-F701-418D-8463-035F9C810DD6} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {C5087284-F24A-4E83-BAB6-198F800D7829} - System32\Tasks\{16A34CC0-937B-484E-9C48-FF60B1EA2932} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {C7F13686-B19B-4523-A0A3-B2188909A604} - System32\Tasks\{F22C4941-7D06-4132-8CBA-6FD6D5A8BF82} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {C90BDEFD-981E-4B0E-AEED-1066F5E12C2B} - System32\Tasks\{D29E1B4E-D475-46CA-A2D4-CDEC1729EEC4} => Chrome.exe
Task: {CA98E486-7F34-4680-A65D-BFCCECF3E584} - System32\Tasks\{F90510CD-A99B-4076-9CF5-16B2DA5F97B7} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {CB738F6F-32BE-4001-A7DC-FB22CC33D5B9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-07] (AVAST Software)
Task: {D05C9C03-0160-4D79-B50D-B33AC366038D} - System32\Tasks\{6A73FF84-534E-4E7F-A43C-7A642C6B6119} => pcalua.exe -a C:\Users\milan\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION
Task: {DA46E8DE-D7EF-4C3E-AF6E-33C32925BB58} - System32\Tasks\{ADCC2C28-D9AB-4058-91F7-77DFFFF5C46F} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {DC600797-9F6F-432C-821D-AB5268F88DDF} - System32\Tasks\{3F3A512B-6B83-49AC-BE92-C52D4495F9F0} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {E1B03EB9-097A-4A9B-B962-6060EEB4448F} - System32\Tasks\{85EE837D-0B0D-4B12-9B7D-534D692F98B5} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {E51E6138-BB63-47FD-825A-093F274F182F} - System32\Tasks\{4E441E56-0420-4008-8B68-6D90CCE679AB} => pcalua.exe -a "C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe"
Task: {E672795A-A9D7-4D67-A978-DD7DB3250587} - System32\Tasks\{C4DEAF40-4AA7-41E1-B3C4-C67E51452FC3} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-06-28 11:08 - 2014-03-04 13:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-01-28 21:28 - 2016-01-28 05:28 - 00315008 _____ () C:\ProgramData\Google\update\GoogleUpdate.exe
2016-03-13 00:08 - 2016-03-08 03:48 - 01676440 _____ () C:\Users\milan\AppData\Local\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-13 00:08 - 2016-03-08 03:48 - 00086168 _____ () C:\Users\milan\AppData\Local\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-13 14:23 - 2016-03-13 14:23 - 00029696 _____ () C:\Users\milan\AppData\Local\MSGBOX.EXE

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-02-06 07:51 - 2016-03-13 14:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-970700664-739145876-1605578078-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\milan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{90539BD6-B651-43C2-AFD0-24BEC23FDED4}] => (Allow) C:\Users\milan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2C13E392-C07F-4FDD-8611-D3E77A5E9762}] => (Allow) C:\Users\milan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EADD3E22-74B5-4545-8577-3E09EE3CC8CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{EA258262-6D61-442F-B457-D7DA20C04917}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{8E448A5C-0C1B-49F0-8593-14562BE4E540}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{23604250-6355-4A67-A597-F8920A55ECAA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0E903ACD-E7FB-4374-9C69-EAAEA845BD46}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{41066086-D6E3-4C9C-82F6-681E1DBE17F7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{18C270C4-93FD-4885-BE9E-1FA2C5EA1561}] => (Allow) D:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A314E00D-DE32-4DF7-A6D8-FE69D7AC2F8F}] => (Allow) D:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1A48CC3A-48AB-4BDF-B745-8E95C8E99B09}] => (Allow) D:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{A2309EF4-E542-47D3-8DB0-DEB8EE82DD0A}] => (Allow) D:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0329B311-A8B3-472A-942A-D272D6607DC3}] => (Allow) C:\Users\milan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6E82F6C9-F6EE-4ADD-A995-240BB3CD8948}] => (Allow) C:\Users\milan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B80C0EDE-0E92-4D23-9AA0-DE4C8151C578}] => (Allow) C:\Program Files\crxbro Browser\crxbro\chrome.exe
FirewallRules: [{EE250618-F72F-4FE4-A792-384D918D5090}] => (Allow) C:\Program Files\crxbro Browser\crxbro\bin\browserServer.exe
FirewallRules: [{78B9FFD6-F29E-477F-B7D5-99AE89EB7E33}] => (Allow) C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{FE8CB4BF-1AD0-4798-8044-6E5B0F0669DE}] => (Allow) C:\ProgramData\Google\update\GoogleUpdate.exe

==================== Restore Points =========================

08-03-2016 12:03:37 avast! antivirus system restore point
08-03-2016 12:06:44 avast! antivirus system restore point
08-03-2016 12:18:33 Removed Mumble 1.2.3
13-03-2016 01:32:25 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Adaptér tunelového režimu Microsoft Teredo
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: YAC NDIS Driver
Description: YAC NDIS Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iSafeNetFilter
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standardní hostitelský řadič USB)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 02:09:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2016 02:08:10 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (03/13/2016 02:08:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (03/13/2016 09:11:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2016 09:10:10 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (03/13/2016 09:10:10 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (03/13/2016 01:36:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2016 01:35:24 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (03/13/2016 01:35:24 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (03/13/2016 01:32:25 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {32ed2cc4-295d-4318-9bf8-d856e2dd960c}


System errors:
=============
Error: (03/13/2016 02:23:59 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (03/13/2016 02:23:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (03/13/2016 02:14:22 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (03/13/2016 02:12:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Seskupování v sítích peer-to-peer závisí na službě Protokol PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (03/13/2016 02:12:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena s následující chybou:
%%-2140993535

Error: (03/13/2016 02:12:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Seskupování v sítích peer-to-peer závisí na službě Protokol PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (03/13/2016 02:12:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena s následující chybou:
%%-2140993535

Error: (03/13/2016 02:12:42 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (03/13/2016 02:12:42 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (03/13/2016 02:12:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Seskupování v sítích peer-to-peer závisí na službě Protokol PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 31%
Total physical RAM: 3327.43 MB
Available physical RAM: 2269.08 MB
Total Virtual: 6653.18 MB
Available Virtual: 5540.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:75.12 GB) (Free:27.74 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:390.63 GB) (Free:335.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C916C916)
Partition 1: (Active) - (Size=75.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

[altrok]

Vypada to, ze jste v poslednich dnech zkousel nekolik antiviru - jejich zbytky odinstalujte pomoci oficialnich odinstalatoru. Doporucuji zvysenou opatrnost pri pouzivani AVG PC TuneUp 2015. Nasledne (po aplikovani fixlistu - viz nize) nejaky antivir nainstalujte.


Po restartu na plose vznikne Upload.zip, ktery prosim uploadnete treba na leteckaposta.cz

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  File: C:\Windows\System32\Drivers\KYEGKB.sys
  zip: C:\ProgramData\Google
  File: C:\ProgramData\Google\update\GoogleUpdate.exe
  Folder: C:\ProgramData\SMR501
  Folder: C:\Users\milan\AppData\Local\NPE
  C:\Users\milan\AppData\Roaming\Elex-tech
  C:\Program Files\Elex-tech
  C:\ProgramData\SMR501
  C:\ProgramData\Google
  HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
  HKU\S-1-5-21-970700664-739145876-1605578078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
  SearchScopes: HKLM -> DefaultScope value is missing
  BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
  R2 gprotect; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] ()
  R2 WMModules; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] ()
  S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
  S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
  S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
  U3 mbr; \??\C:\Users\milan\AppData\Local\Temp\mbr.sys [X]
  Folder: C:\Users\milan\Downloads\Legalizace Windows 7
  2016-03-02 11:48 - 2016-02-05 08:22 - 00000000 ____D C:\Users\milan\Downloads\Legalizace Windows 7
  Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe
  CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
  Task: {0F270B80-933C-4A18-AAF6-0A6866853165} - System32\Tasks\{32A880A6-5C8E-4100-98F3-F5D147C860DD} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
  Task: {19BBF83D-8A6B-489E-AF4B-45B027DD4092} - System32\Tasks\{693C5392-12AD-4C79-A7E5-5AF8A593F286} => pcalua.exe -a C:\Users\milan\Downloads\WDM_A400.exe -d C:\Users\milan\Downloads
  Task: {5193166F-4F2B-4BA9-9880-31FEEAAA13F9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-970700664-739145876-1605578078-1001
  Task: {84D4A6C2-B447-4E68-BB1D-3FDF3C869A84} - System32\Tasks\{FF57FA7B-A662-4EEE-95DC-F7C16D9478D9} => pcalua.exe -a C:\Users\milan\Downloads\32bit_Vista_Win7_Win8_R270.exe -d C:\Users\milan\Downloads
  Task: {D05C9C03-0160-4D79-B50D-B33AC366038D} - System32\Tasks\{6A73FF84-534E-4E7F-A43C-7A642C6B6119} => pcalua.exe -a C:\Users\milan\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION
  C:\Users\milan\AppData\Roaming\webssearches
  FirewallRules: [{B80C0EDE-0E92-4D23-9AA0-DE4C8151C578}] => (Allow) C:\Program Files\crxbro Browser\crxbro\chrome.exe
  FirewallRules: [{EE250618-F72F-4FE4-A792-384D918D5090}] => (Allow) C:\Program Files\crxbro Browser\crxbro\bin\browserServer.exe
  C:\Program Files\crxbro Browser
  Hosts:
  EmptyTemp:
  End

[Slictyx]

trochu se to prodloužilo kvůli defragmentaci zde přikládám log

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by milan (2016-03-13 17:37:29) Run:1
Running from C:\Users\milan\Desktop
Loaded Profiles: milan (Available Profiles: milan)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\System32\Drivers\KYEGKB.sys
zip: C:\ProgramData\Google
File: C:\ProgramData\Google\update\GoogleUpdate.exe
Folder: C:\ProgramData\SMR501
Folder: C:\Users\milan\AppData\Local\NPE
C:\Users\milan\AppData\Roaming\Elex-tech
C:\Program Files\Elex-tech
C:\ProgramData\SMR501
C:\ProgramData\Google
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-970700664-739145876-1605578078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
R2 gprotect; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] ()
R2 WMModules; C:\ProgramData\Google\update\GoogleUpdate.exe [315008 2016-01-28] ()
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
U3 mbr; \??\C:\Users\milan\AppData\Local\Temp\mbr.sys [X]
Folder: C:\Users\milan\Downloads\Legalizace Windows 7
2016-03-02 11:48 - 2016-02-05 08:22 - 00000000 ____D C:\Users\milan\Downloads\Legalizace Windows 7
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe
CustomCLSID: HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\milan\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
Task: {0F270B80-933C-4A18-AAF6-0A6866853165} - System32\Tasks\{32A880A6-5C8E-4100-98F3-F5D147C860DD} => D:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe [2006-01-06] ()
Task: {19BBF83D-8A6B-489E-AF4B-45B027DD4092} - System32\Tasks\{693C5392-12AD-4C79-A7E5-5AF8A593F286} => pcalua.exe -a C:\Users\milan\Downloads\WDM_A400.exe -d C:\Users\milan\Downloads
Task: {5193166F-4F2B-4BA9-9880-31FEEAAA13F9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-970700664-739145876-1605578078-1001
Task: {84D4A6C2-B447-4E68-BB1D-3FDF3C869A84} - System32\Tasks\{FF57FA7B-A662-4EEE-95DC-F7C16D9478D9} => pcalua.exe -a C:\Users\milan\Downloads\32bit_Vista_Win7_Win8_R270.exe -d C:\Users\milan\Downloads
Task: {D05C9C03-0160-4D79-B50D-B33AC366038D} - System32\Tasks\{6A73FF84-534E-4E7F-A43C-7A642C6B6119} => pcalua.exe -a C:\Users\milan\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION
C:\Users\milan\AppData\Roaming\webssearches
FirewallRules: [{B80C0EDE-0E92-4D23-9AA0-DE4C8151C578}] => (Allow) C:\Program Files\crxbro Browser\crxbro\chrome.exe
FirewallRules: [{EE250618-F72F-4FE4-A792-384D918D5090}] => (Allow) C:\Program Files\crxbro Browser\crxbro\bin\browserServer.exe
C:\Program Files\crxbro Browser
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Windows\System32\Drivers\KYEGKB.sys ========================

File is digitally signed
MD5: 3B63C91C5C1A62502358FAEAA65FA54A
Creation and modification date: 2014-08-14 - 2011-07-31
Size: 0027648
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 1.0.0.0.7600.16385 built by: WinDDK
Product Version: 1.0.0.0.7600.16385
Copyright:

====== End of File: ======

================== Zip: ===================
C:\ProgramData\Google -> copied successfully to C:\Users\milan\Desktop\Upload.zip
=========== Zip: End ===========

========================= File: C:\ProgramData\Google\update\GoogleUpdate.exe ========================

File is digitally signed
MD5: 6BAE39DA80DF513F2646A05B86FE171B
Creation and modification date: 2016-01-28 - 2016-01-28
Size: 0315008
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 48.4.2564.88
Product Version: 48.4.2564.88
Copyright:

====== End of File: ======


========================= Folder: C:\ProgramData\SMR501 ========================

2016-03-12 23:39 - 2016-03-12 23:39 - 0000512 _____ () C:\ProgramData\SMR501\DiskCheck.bin
2016-03-12 23:38 - 2016-03-13 01:33 - 0000000 ____D () C:\ProgramData\SMR501\Archive
2016-03-12 23:38 - 2010-11-20 22:29 - 0164864 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\1394ohci.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0274304 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ACPI.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0010240 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\acpipmi.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0422976 _____ (Adaptec, Inc.) C:\ProgramData\SMR501\Archive\adp94xx.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0297552 _____ (Adaptec, Inc.) C:\ProgramData\SMR501\Archive\adpahci.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0146512 _____ (Adaptec, Inc.) C:\ProgramData\SMR501\Archive\adpu320.sys
2016-03-12 23:38 - 2015-10-13 17:31 - 0338944 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\afd.sys
2016-03-12 23:39 - 2009-07-14 00:55 - 0049152 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\AgileVpn.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0053312 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\agp440.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0014400 _____ (Acer Laboratories Inc.) C:\ProgramData\SMR501\Archive\aliide.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0053312 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\amdagp.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0014912 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\amdide.sys
2016-03-12 23:38 - 2009-07-14 00:11 - 0055296 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\amdk8.sys
2016-03-12 23:38 - 2009-07-14 00:11 - 0052736 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\amdppm.sys
2016-03-12 23:38 - 2011-03-11 06:38 - 0080256 _____ (Advanced Micro Devices) C:\ProgramData\SMR501\Archive\amdsata.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0159312 _____ (AMD Technologies Inc.) C:\ProgramData\SMR501\Archive\amdsbs.sys
2016-03-12 23:38 - 2011-03-11 06:38 - 0022400 _____ (Advanced Micro Devices) C:\ProgramData\SMR501\Archive\amdxata.sys
2016-03-12 23:38 - 2015-10-01 17:53 - 0050176 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\appid.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0076368 _____ (Adaptec, Inc.) C:\ProgramData\SMR501\Archive\arc.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0086608 _____ (Adaptec, Inc.) C:\ProgramData\SMR501\Archive\arcsas.sys
2016-03-12 23:38 - 2009-07-14 00:54 - 0017920 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\asyncmac.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0021584 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\atapi.sys
2016-03-12 23:38 - 2009-07-13 23:02 - 0229888 _____ (Broadcom Corporation) C:\ProgramData\SMR501\Archive\b57nd60x.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0025168 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\BattC.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0006144 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\Beep.sys
2016-03-12 23:38 - 2009-07-14 00:23 - 0035328 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\blbdrive.sys
2016-03-12 23:38 - 2011-02-23 05:47 - 0069632 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\bowser.sys
2016-03-12 23:38 - 2009-07-13 23:53 - 0013568 _____ (Brother Industries, Ltd.) C:\ProgramData\SMR501\Archive\BrFiltLo.sys
2016-03-12 23:38 - 2009-07-13 23:53 - 0005248 _____ (Brother Industries, Ltd.) C:\ProgramData\SMR501\Archive\BrFiltUp.sys
2016-03-12 23:38 - 2009-07-14 01:57 - 0272128 _____ (Brother Industries Ltd.) C:\ProgramData\SMR501\Archive\Brserid.sys
2016-03-12 23:38 - 2009-07-13 23:53 - 0062336 _____ (Brother Industries Ltd.) C:\ProgramData\SMR501\Archive\BrSerWdm.sys
2016-03-12 23:38 - 2009-07-13 23:53 - 0012160 _____ (Brother Industries Ltd.) C:\ProgramData\SMR501\Archive\BrUsbMdm.sys
2016-03-12 23:38 - 2009-07-13 23:53 - 0011904 _____ (Brother Industries Ltd.) C:\ProgramData\SMR501\Archive\BrUsbSer.sys
2016-03-12 23:38 - 2009-07-14 00:51 - 0056320 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\bthmodem.sys
2016-03-12 23:38 - 2009-07-13 23:02 - 0430080 _____ (Broadcom Corporation) C:\ProgramData\SMR501\Archive\bxvbdx.sys
2016-03-12 23:38 - 2009-07-14 00:11 - 0070656 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\cdfs.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0108544 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\cdrom.sys
2016-03-12 23:38 - 2009-07-14 00:51 - 0037888 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\circlass.sys
2016-03-12 23:38 - 2015-03-04 05:16 - 0249784 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\CLFS.sys
2016-03-12 23:38 - 2009-07-14 00:19 - 0014080 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\CmBatt.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0015952 _____ (CMD Technology, Inc.) C:\ProgramData\SMR501\Archive\cmdide.sys
2016-03-12 23:38 - 2015-09-23 14:09 - 0371920 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\cng.sys
2016-03-12 23:38 - 2009-07-14 02:26 - 0019024 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\compbatt.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0031232 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\CompositeBus.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0022096 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\crcdisk.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0078336 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\dfsc.sys
2016-03-12 23:38 - 2009-07-14 00:24 - 0032256 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\discache.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0057424 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\disk.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0070720 _____ (Adaptec, Inc.) C:\ProgramData\SMR501\Archive\djsvs.sys
2016-03-12 23:38 - 2015-12-08 22:11 - 0005120 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\drmkaud.sys
2016-03-12 23:38 - 2014-06-28 20:45 - 0243128 _____ (Disc Soft Ltd) C:\ProgramData\SMR501\Archive\dtsoftbus01.sys
2016-03-12 23:38 - 2014-06-16 02:44 - 0730048 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\dxgkrnl.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0453712 _____ (Emulex) C:\ProgramData\SMR501\Archive\elxstor.sys
2016-03-12 23:38 - 2009-07-14 00:19 - 0007168 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\errdev.sys
2016-03-12 23:38 - 2009-07-13 23:02 - 3100160 _____ (Broadcom Corporation) C:\ProgramData\SMR501\Archive\evbdx.sys
2016-03-12 23:38 - 2009-07-14 00:14 - 0142336 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\exfat.sys
2016-03-12 23:38 - 2009-07-14 00:14 - 0148480 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\fastfat.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0025088 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\fdc.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0058448 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\fileinfo.sys
2016-03-12 23:38 - 2009-07-14 00:15 - 0028160 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\filetrace.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0019968 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\flpydisk.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0198208 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\fltmgr.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0046160 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\FsDepends.sys
2016-03-12 23:38 - 2013-01-24 05:47 - 0196328 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\fvevol.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0057936 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\gagp30kx.sys
2016-03-12 23:38 - 2009-07-13 23:54 - 0026624 _____ (Hauppauge Computer Works, Inc.) C:\ProgramData\SMR501\Archive\hcw85cir.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0108544 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\HDAudBus.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0304128 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\HdAudio.sys
2016-03-12 23:38 - 2009-07-14 00:19 - 0021504 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\HidBatt.sys
2016-03-12 23:38 - 2009-07-14 00:51 - 0091136 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\hidbth.sys
2016-03-12 23:38 - 2009-07-14 00:51 - 0037888 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\hidir.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0024064 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\hidusb.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0067152 _____ (Hewlett-Packard Company) C:\ProgramData\SMR501\Archive\HpSAMD.sys
2016-03-12 23:38 - 2015-02-25 04:03 - 0514560 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\HTTP.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0014208 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\hwpolicy.sys
2016-03-12 23:38 - 2009-07-14 00:11 - 0080896 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\i8042prt.sys
2016-03-12 23:38 - 2011-03-11 06:38 - 0332160 _____ (Intel Corporation) C:\ProgramData\SMR501\Archive\iaStorV.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0041040 _____ (Intel Corp./ICP vortex GmbH) C:\ProgramData\SMR501\Archive\iirsp.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0015424 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\intelide.sys
2016-03-12 23:38 - 2009-07-14 00:11 - 0053760 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\intelppm.sys
2016-03-12 23:38 - 2009-07-14 00:54 - 0058880 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ipfltdrv.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0065536 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\IPMIDrv.sys
2016-03-12 23:38 - 2009-07-14 00:54 - 0101888 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ipnat.sys
2016-03-12 23:38 - 2009-07-14 00:53 - 0013824 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\irenum.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0046656 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\isapnp.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0042576 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\kbdclass.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0028160 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\kbdhid.sys
2016-03-12 23:38 - 2015-12-30 19:47 - 0067520 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ksecdd.sys
2016-03-12 23:38 - 2015-12-30 19:47 - 0138176 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ksecpkg.sys
2016-03-12 23:38 - 2011-07-31 16:39 - 0027648 _____ ( ) C:\ProgramData\SMR501\Archive\KYEGKB.sys
2016-03-12 23:38 - 2009-07-14 00:53 - 0048128 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\lltdio.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0095824 _____ (LSI Corporation) C:\ProgramData\SMR501\Archive\lsi_fc.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0089168 _____ (LSI Corporation) C:\ProgramData\SMR501\Archive\lsi_sas.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0054864 _____ (LSI Corporation) C:\ProgramData\SMR501\Archive\lsi_sas2.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0096848 _____ (LSI Corporation) C:\ProgramData\SMR501\Archive\lsi_scsi.sys
2016-03-12 23:38 - 2009-07-14 00:15 - 0086528 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\luafv.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0030800 _____ (LSI Corporation) C:\ProgramData\SMR501\Archive\megasas.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0235584 _____ (LSI Corporation, Inc.) C:\ProgramData\SMR501\Archive\MegaSR.sys
2016-03-12 23:38 - 2009-07-14 00:55 - 0031744 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\modem.sys
2016-03-12 23:38 - 2009-07-14 00:25 - 0023552 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\monitor.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0041552 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mouclass.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0026112 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mouhid.sys
2016-03-12 23:38 - 2015-07-15 18:59 - 0078784 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mountmgr.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0130432 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mpio.sys
2016-03-12 23:38 - 2009-07-14 00:52 - 0060416 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mpsdrv.sys
2016-03-12 23:38 - 2014-12-19 02:34 - 0116224 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mrxdav.sys
2016-03-12 23:38 - 2015-12-30 18:32 - 0124416 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mrxsmb.sys
2016-03-12 23:38 - 2016-01-22 05:53 - 0225792 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mrxsmb10.sys
2016-03-12 23:38 - 2015-12-30 18:32 - 0098304 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mrxsmb20.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0028032 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\msahci.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0116096 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\msdsm.sys
2016-03-12 23:38 - 2009-07-14 00:11 - 0022528 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\Msfs.sys
2016-03-12 23:38 - 2009-07-14 00:51 - 0004096 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mshidkmdf.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0013888 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\msisadrv.sys
2016-03-12 23:38 - 2014-02-04 03:07 - 0234432 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\msiscsi.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0008320 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\MSKSSRV.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0005888 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\MSPCLOCK.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0005504 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\MSPQM.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0162896 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\MsRPC.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0028240 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mssmbios.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0006144 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\MSTEE.sys
2016-03-12 23:38 - 2009-07-14 00:46 - 0012288 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\MTConfig.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0049728 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\mup.sys
2016-03-12 23:38 - 2015-10-13 05:50 - 0712640 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ndis.sys
2016-03-12 23:38 - 2009-07-14 00:52 - 0027136 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ndiscap.sys
2016-03-12 23:38 - 2009-07-14 00:54 - 0020992 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ndistapi.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0046080 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ndisuio.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0118784 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ndiswan.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0048640 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\NDProxy.sys
2016-03-12 23:38 - 2009-07-14 00:53 - 0036352 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\netbios.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0187904 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\netbt.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0044624 _____ (IBM Corporation) C:\ProgramData\SMR501\Archive\nfrd960.sys
2016-03-12 23:38 - 2009-07-14 00:11 - 0035328 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\Npfs.sys
2016-03-12 23:38 - 2009-07-14 00:12 - 0016896 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\nsiproxy.sys
2016-03-12 23:38 - 2014-01-24 03:18 - 1212352 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\Ntfs.sys
2016-03-12 23:38 - 2009-07-14 00:11 - 0004608 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\Null.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0105024 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\nv_agp.sys
2016-03-12 23:38 - 2014-03-20 22:03 - 0162592 _____ (NVIDIA Corporation) C:\ProgramData\SMR501\Archive\nvhda32v.sys
2016-03-12 23:38 - 2014-03-20 22:03 - 10523480 _____ (NVIDIA Corporation) C:\ProgramData\SMR501\Archive\nvlddmkm.sys
2016-03-12 23:38 - 2009-07-13 23:02 - 0347264 _____ (NVIDIA Corporation) C:\ProgramData\SMR501\Archive\nvm62x32.sys
2016-03-12 23:38 - 2011-03-11 06:39 - 0117120 _____ (NVIDIA Corporation) C:\ProgramData\SMR501\Archive\nvraid.sys
2016-03-12 23:38 - 2011-03-11 06:39 - 0143744 _____ (NVIDIA Corporation) C:\ProgramData\SMR501\Archive\nvstor.sys
2016-03-12 23:38 - 2009-07-14 00:52 - 0267264 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\nwifi.sys
2016-03-12 23:38 - 2009-07-14 00:51 - 0062464 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ohci1394.sys
2016-03-12 23:39 - 2009-07-14 00:53 - 0104448 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\pacer.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0079360 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\parport.sys
2016-03-12 23:38 - 2012-03-17 08:27 - 0056176 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\partmgr.sys
2016-03-12 23:38 - 2009-07-14 00:45 - 0008704 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\parvdm.sys
2016-03-12 23:38 - 2010-11-20 22:29 - 0153984 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\pci.sys
2016-03-12 23:38 - 2009-07-14 02:20 - 0012368 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\pciide.sys
2016-03-12 23:38 - 2009-07-14 02:19 - 0180288 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\pcmcia.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0043088 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\pcw.sys
2016-03-12 23:39 - 2015-02-03 04:00 - 0593920 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\peauth.sys
2016-03-12 23:39 - 2009-07-13 23:54 - 1311232 _____ (NXP Semiconductors) C:\ProgramData\SMR501\Archive\Ph3xIB32.sys
2016-03-12 23:39 - 2009-07-14 00:11 - 0052224 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\processr.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 1383488 _____ (QLogic Corporation) C:\ProgramData\SMR501\Archive\ql2300.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0106064 _____ (QLogic Corporation) C:\ProgramData\SMR501\Archive\ql40xx.sys
2016-03-12 23:39 - 2009-07-14 00:54 - 0031744 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\qwavedrv.sys
2016-03-12 23:39 - 2009-07-14 00:54 - 0011776 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\rasacd.sys
2016-03-12 23:39 - 2009-07-14 00:54 - 0078848 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\rasl2tp.sys
2016-03-12 23:39 - 2009-07-14 00:54 - 0077824 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\raspppoe.sys
2016-03-12 23:39 - 2009-07-14 00:54 - 0073728 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\raspptp.sys
2016-03-12 23:39 - 2009-07-14 00:54 - 0075264 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\rassstp.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0242688 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\rdbss.sys
2016-03-12 23:39 - 2009-07-14 01:02 - 0018944 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\rdpbus.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0006656 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\RDPCDD.sys
2016-03-12 23:39 - 2009-07-14 01:01 - 0006656 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\rdpencdd.sys
2016-03-12 23:39 - 2009-07-14 01:01 - 0007168 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\rdprefmp.sys
2016-03-12 23:39 - 2014-07-17 02:03 - 0184320 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\RDPWD.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0173440 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\rdyboost.sys
2016-03-12 23:39 - 2009-07-14 00:53 - 0060928 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\rspndr.sys
2016-03-12 23:38 - 2012-06-19 15:54 - 3240400 _____ (Realtek Semiconductor Corp.) C:\ProgramData\SMR501\Archive\RTKVHDA.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0085376 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\sbp2port.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0026624 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\scfilter.sys
2016-03-12 23:39 - 2009-07-13 21:50 - 0020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\ProgramData\SMR501\Archive\secdrv.sys
2016-03-12 23:39 - 2009-07-14 00:45 - 0017920 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\serenum.sys
2016-03-12 23:39 - 2009-07-14 00:45 - 0083456 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\serial.sys
2016-03-12 23:39 - 2009-07-14 00:45 - 0019968 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\sermouse.sys
2016-03-12 23:39 - 2009-07-14 00:45 - 0011264 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\sffdisk.sys
2016-03-12 23:39 - 2009-07-14 00:45 - 0012288 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\sffp_mmc.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0012800 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\sffp_sd.sys
2016-03-12 23:39 - 2009-07-14 00:45 - 0013824 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\sfloppy.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0052304 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\sisagp.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0040016 _____ (Silicon Integrated Systems Corp.) C:\ProgramData\SMR501\Archive\SiSRaid2.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0077888 _____ (Silicon Integrated Systems) C:\ProgramData\SMR501\Archive\sisraid4.sys
2016-03-12 23:39 - 2009-07-14 00:53 - 0071168 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\smb.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0017472 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\spldr.sys
2016-03-12 23:39 - 2011-04-29 03:46 - 0311808 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\srv.sys
2016-03-12 23:39 - 2011-04-29 03:46 - 0310272 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\srv2.sys
2016-03-12 23:39 - 2011-04-29 03:46 - 0114688 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\srvnet.sys
2016-03-12 23:38 - 2014-10-13 06:57 - 0089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\ProgramData\SMR501\Archive\ssudbus.sys
2016-03-12 23:39 - 2014-10-13 06:57 - 0184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\ProgramData\SMR501\Archive\ssudmdm.sys
2016-03-12 23:39 - 2014-10-13 06:57 - 0184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\ProgramData\SMR501\Archive\ssudserd.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0021072 _____ (Promise Technology) C:\ProgramData\SMR501\Archive\stexstor.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0012240 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\swenum.sys
2016-03-12 23:39 - 2014-04-05 03:25 - 1294272 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\tcpip.sys
2016-03-12 23:39 - 2012-10-03 16:21 - 0035328 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\tcpipreg.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0018432 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\tdpipe.sys
2016-03-12 23:39 - 2012-02-17 05:13 - 0024576 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\tdtcp.sys
2016-03-12 23:39 - 2015-10-13 17:31 - 0074752 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\tdx.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0053120 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\termdd.sys
2016-03-12 23:39 - 2014-07-17 02:02 - 0031232 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\tssecsrv.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0052224 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\tsusbflt.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0027264 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\TsUsbGD.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0108544 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\tunnel.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0055888 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\uagp35.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0246784 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\udfs.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0057424 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\uliagpkx.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0039936 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\umbus.sys
2016-03-12 23:39 - 2009-07-14 00:51 - 0008192 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\umpass.sys
2016-03-12 23:39 - 2013-02-12 04:32 - 0015872 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\usb80236.sys
2016-03-12 23:39 - 2013-11-27 02:13 - 0076288 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\usbccgp.sys
2016-03-12 23:39 - 2013-07-12 11:07 - 0086016 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\usbcir.sys
2016-03-12 23:39 - 2013-11-27 02:13 - 0043520 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\usbehci.sys
2016-03-12 23:39 - 2013-11-27 02:14 - 0258560 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\usbhub.sys
2016-03-12 23:39 - 2013-11-27 02:13 - 0020480 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\usbohci.sys
2016-03-12 23:39 - 2009-07-14 01:17 - 0019968 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\usbprint.sys
2016-03-12 23:39 - 2011-03-11 05:01 - 0076288 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\USBSTOR.SYS
2016-03-12 23:39 - 2009-07-14 00:51 - 0024064 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\usbuhci.sys
2016-03-12 23:39 - 2015-06-18 10:39 - 0220752 _____ (Avast Software) C:\ProgramData\SMR501\Archive\VBoxAswDrv.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0032832 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\vdrvroot.sys
2016-03-12 23:39 - 2009-07-14 00:25 - 0025088 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\vga.sys
2016-03-12 23:39 - 2009-07-14 00:25 - 0026112 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\vgapnp.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0160128 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\vhdmp.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0053328 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\viaagp.sys
2016-03-12 23:39 - 2009-07-14 00:11 - 0052736 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\viac7.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0016976 _____ (VIA Technologies, Inc.) C:\ProgramData\SMR501\Archive\viaide.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0053120 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\volmgr.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0297040 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\volmgrx.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0245632 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\volsnap.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0141904 _____ (VIA Technologies Inc.,Ltd) C:\ProgramData\SMR501\Archive\vsmraid.sys
2016-03-12 23:39 - 2009-07-14 00:52 - 0019968 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\vwifibus.sys
2016-03-12 23:39 - 2009-07-14 00:46 - 0021632 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\wacompen.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0063488 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\wanarp.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0019024 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\wd.sys
2016-03-12 23:39 - 2013-06-25 23:56 - 0527064 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\Wdf01000.sys
2016-03-12 23:39 - 2009-07-14 00:53 - 0009728 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\wfplwf.sys
2016-03-12 23:39 - 2009-07-14 02:19 - 0019008 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\wimmount.sys
2016-03-12 23:39 - 2010-11-20 22:29 - 0035968 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\WinUsb.sys
2016-03-12 23:39 - 2009-07-14 00:19 - 0011264 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\wmiacpi.sys
2016-03-12 23:39 - 2009-07-14 00:55 - 0016384 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\ws2ifsl.sys
2016-03-12 23:39 - 2012-07-26 03:33 - 0066560 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\WudfPf.sys
2016-03-12 23:39 - 2012-07-26 03:32 - 0155136 _____ (Microsoft Corporation) C:\ProgramData\SMR501\Archive\WUDFRd.sys

====== End of Folder: ======


========================= Folder: C:\Users\milan\AppData\Local\NPE ========================

2016-03-12 23:38 - 2016-03-12 23:41 - 0458752 _____ () C:\Users\milan\AppData\Local\NPE\NPETraceSession.etl
2016-03-12 23:38 - 2016-03-12 23:41 - 0000000 ____D () C:\Users\milan\AppData\Local\NPE\ErrMgmt
2016-03-12 23:40 - 2016-03-12 23:40 - 0002310 _____ () C:\Users\milan\AppData\Local\NPE\ErrMgmt\log.dat
2016-03-12 23:40 - 2016-03-12 23:40 - 0003072 _____ () C:\Users\milan\AppData\Local\NPE\ErrMgmt\ping.dat
2016-03-12 23:38 - 2016-03-12 23:41 - 0006656 _____ () C:\Users\milan\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat
2016-03-12 23:40 - 2016-03-12 23:40 - 0005120 _____ () C:\Users\milan\AppData\Local\NPE\ErrMgmt\SUBCFG.dat
2016-03-12 23:38 - 2016-03-12 23:38 - 0000000 ____D () C:\Users\milan\AppData\Local\NPE\ErrMgmt\Queue
2016-03-12 23:38 - 2016-03-12 23:40 - 0000000 ____D () C:\Users\milan\AppData\Local\NPE\ErrMgmt\Queue\Incoming
2016-03-12 23:38 - 2016-03-12 23:38 - 0000000 ____D () C:\Users\milan\AppData\Local\NPE\ErrMgmt\Queue\Staging
2016-03-12 23:38 - 2016-03-12 23:38 - 0000000 ____D () C:\Users\milan\AppData\Local\NPE\ErrMgmt\Tasks
2016-03-12 23:38 - 2016-03-12 23:39 - 0000000 ____D () C:\Users\milan\AppData\Local\NPE\ErrorInstances
2016-03-12 23:39 - 2016-03-12 23:39 - 0000000 ____D () C:\Users\milan\AppData\Local\NPE\ErrorInstances\E5B0A156
2016-03-12 23:39 - 2016-03-12 23:40 - 0361969 _____ () C:\Users\milan\AppData\Local\NPE\ErrorInstances\E5B0A156\1DA2B3D6-DC49-43DF-ADDB-197A992646F4.dat
2016-03-12 23:38 - 2016-03-12 23:38 - 0000000 ____D () C:\Users\milan\AppData\Local\NPE\LocalDumps

====== End of Folder: ======

C:\Users\milan\AppData\Roaming\Elex-tech => moved successfully
C:\Program Files\Elex-tech => moved successfully
C:\ProgramData\SMR501 => moved successfully
C:\ProgramData\Google => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-970700664-739145876-1605578078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => key not found.
HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.
gprotect => service removed successfully.
WMModules => service removed successfully.
dgderdrv => service removed successfully.
iSafeKrnlBoot => service removed successfully.
iSafeNetFilter => service removed successfully.
mbr => service not found.

========================= Folder: C:\Users\milan\Downloads\Legalizace Windows 7 ========================

2016-02-05 08:22 - 2011-12-04 10:45 - 9458428 _____ (Anemeros Software) C:\Users\milan\Downloads\Legalizace Windows 7\crack KB971033.eXe

====== End of Folder: ======

C:\Users\milan\Downloads\Legalizace Windows 7 => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001Core.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970700664-739145876-1605578078-1001UA.job => moved successfully
HKU\S-1-5-21-970700664-739145876-1605578078-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F270B80-933C-4A18-AAF6-0A6866853165}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F270B80-933C-4A18-AAF6-0A6866853165}" => key removed successfully.
C:\Windows\System32\Tasks\{32A880A6-5C8E-4100-98F3-F5D147C860DD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32A880A6-5C8E-4100-98F3-F5D147C860DD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19BBF83D-8A6B-489E-AF4B-45B027DD4092}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19BBF83D-8A6B-489E-AF4B-45B027DD4092}" => key removed successfully.
C:\Windows\System32\Tasks\{693C5392-12AD-4C79-A7E5-5AF8A593F286} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{693C5392-12AD-4C79-A7E5-5AF8A593F286}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5193166F-4F2B-4BA9-9880-31FEEAAA13F9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5193166F-4F2B-4BA9-9880-31FEEAAA13F9}" => key removed successfully.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-970700664-739145876-1605578078-1001 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-970700664-739145876-1605578078-1001" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84D4A6C2-B447-4E68-BB1D-3FDF3C869A84}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84D4A6C2-B447-4E68-BB1D-3FDF3C869A84}" => key removed successfully.
C:\Windows\System32\Tasks\{FF57FA7B-A662-4EEE-95DC-F7C16D9478D9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF57FA7B-A662-4EEE-95DC-F7C16D9478D9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D05C9C03-0160-4D79-B50D-B33AC366038D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D05C9C03-0160-4D79-B50D-B33AC366038D}" => key removed successfully.
C:\Windows\System32\Tasks\{6A73FF84-534E-4E7F-A43C-7A642C6B6119} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A73FF84-534E-4E7F-A43C-7A642C6B6119}" => key removed successfully.
"C:\Users\milan\AppData\Roaming\webssearches" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B80C0EDE-0E92-4D23-9AA0-DE4C8151C578} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE250618-F72F-4FE4-A792-384D918D5090} => value not found.
"C:\Program Files\crxbro Browser" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 191.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:38:01 ====