prosim o preventivnu kontrolu

[plasko]

Dobry den, prosim o preventivnu kontrolu po precisteni 160+ potvor mbam-om ci nieco nezvysilo. Pocitac bol strasne spomaleny tak som precistil registre ccleaner-om a dal scan mbam-om, no myslim ze to este stale nie je ono Dakujem za ochotu. Prikladam scan FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
Ran by Stanko (administrator) on STANKO-PC (12-06-2016 02:41:34)
Running from C:\Users\Stanko\Downloads
Loaded Profiles: Stanko (Available Profiles: Stanko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\...\MountPoints2: F - F:\Setupx.exe
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\...\MountPoints2: {77b2b816-894b-11e3-bcb9-dc0ea115f600} - E:\setup.exe
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\...\MountPoints2: {dbfdf400-d100-11e1-8409-dc0ea115f600} - F:\Setup.exe
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software)
Startup: C:\Users\Stanko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-01-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stanko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A5622C11-4B61-4099-BE60-87FBD79C8F66}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP22&ocid=UP22DHP
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-542987268-1208656116-1080822998-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-542987268-1208656116-1080822998-1001 -> {91EB51E4-7305-47D9-9AC8-71E4E29D0FEE} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-04] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-542987268-1208656116-1080822998-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Stanko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF user.js: detected! => C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js [2016-06-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-12-07] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\searchplugins\bingp.xml [2014-01-08]
FF SearchPlugin: C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\searchplugins\mngr.xml [2012-12-04]
FF SearchPlugin: C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\searchplugins\mozillask.xml [2012-08-01]
FF Extension: No Name - C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: Download Statusbar - C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2015-05-31]
FF Extension: Seznam lištička - C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-05-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-13]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-13]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File
CHR Plugin: (Babylon ToolBar) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll => No File
CHR Plugin: (Application Manager) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Stanko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-03]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2015-11-03]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-03]
CHR Extension: (Google Search) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Avast SafePrice) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-06]
CHR Extension: (Lamborghini Century64) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikjgpmondliabjaipmamheijmdhhljo [2014-12-15]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Avast Online Security) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-13]
CHR Extension: (Skype) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2015-11-03]
CHR Extension: (Gmail) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-03] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-13] (AVAST Software)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-04] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-21] (REALiX(tm))
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [125952 2014-11-09] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-09-21] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-09] (Synaptics Incorporated)
S1 lmbhnlpu; \??\C:\Windows\system32\drivers\lmbhnlpu.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-12 02:41 - 2016-06-12 02:42 - 00023142 _____ C:\Users\Stanko\Downloads\FRST.txt
2016-06-12 02:10 - 2016-06-12 02:41 - 00000000 ____D C:\FRST
2016-06-12 02:09 - 2016-06-12 02:09 - 02385408 _____ (Farbar) C:\Users\Stanko\Downloads\FRST64.exe
2016-06-12 01:50 - 2016-06-12 01:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 01:49 - 2016-06-12 01:49 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-12 01:49 - 2016-06-12 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-12 01:49 - 2016-06-12 01:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-12 01:49 - 2016-06-12 01:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-12 01:49 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-12 01:49 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-12 01:49 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-12 00:56 - 2016-06-12 00:57 - 22851472 _____ (Malwarebytes ) C:\Users\Stanko\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-12 00:55 - 2016-06-12 00:55 - 06893008 _____ (Piriform Ltd) C:\Users\Stanko\Downloads\ccsetup518.exe
2016-05-29 11:34 - 2016-05-29 11:34 - 00000000 _____ C:\Users\Stanko\AppData\Local\{81456139-CA62-4990-872D-E186BD282613}
2016-05-22 12:59 - 2016-05-22 13:02 - 54177030 _____ C:\Users\Stanko\Downloads\Fontána-pre-Zuzanu-2.rar
2016-05-22 00:50 - 2016-05-22 00:50 - 01463424 _____ (Skype Technologies S.A.) C:\Users\Stanko\Downloads\SkypeSetup.exe
2016-05-15 14:13 - 2016-05-15 14:13 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-15 14:02 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-15 14:02 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-15 14:02 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-15 14:02 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-15 14:02 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-15 14:02 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-15 14:02 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-15 14:02 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-15 14:02 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-15 14:02 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-15 14:02 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-15 14:02 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-15 14:02 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-15 14:02 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-15 14:02 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-15 14:02 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-15 14:02 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-15 14:02 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-15 14:02 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-15 14:02 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-15 14:02 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-15 14:02 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-15 14:02 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-15 14:02 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-15 14:02 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-15 14:02 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-15 14:02 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-15 14:02 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-15 14:02 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-15 14:02 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-15 14:02 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-15 14:02 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-15 14:02 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-15 14:02 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-15 14:02 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-15 14:02 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-15 14:02 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-15 14:02 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-15 14:02 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-15 14:02 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-15 14:02 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-15 14:02 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-15 14:02 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-15 14:02 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-15 14:02 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-15 14:02 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-15 14:02 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-15 14:02 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-15 14:02 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-15 14:02 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-15 14:02 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-15 14:02 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-15 14:02 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-15 14:02 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-15 14:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-15 14:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-15 14:02 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-15 14:02 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-15 14:02 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-15 14:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-15 14:02 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-15 14:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-15 14:02 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-15 14:02 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-15 14:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-15 14:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-15 14:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-15 14:01 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-15 14:01 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-15 14:01 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-15 14:01 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-15 14:01 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-15 14:01 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-15 14:01 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-15 14:01 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-15 14:01 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-15 14:01 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-15 14:01 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-15 14:01 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-15 14:00 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-15 14:00 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-15 14:00 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-15 14:00 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-15 14:00 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-15 14:00 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-15 14:00 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-15 14:00 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-15 14:00 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-15 14:00 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-15 14:00 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-15 14:00 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-15 14:00 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-15 14:00 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-15 14:00 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-15 14:00 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-15 14:00 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-15 14:00 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-15 14:00 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-15 14:00 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-15 14:00 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-15 14:00 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-15 14:00 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-15 14:00 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-15 14:00 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-15 13:59 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-15 13:59 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-13 19:10 - 2016-05-13 19:10 - 06748160 _____ C:\Program Files (x86)\GUTED53.tmp
2016-05-13 19:10 - 2016-05-13 19:10 - 00000000 ____D C:\Program Files (x86)\GUMED52.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-12 02:37 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-12 02:37 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-12 02:36 - 2016-01-07 00:18 - 00787532 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-12 02:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-12 02:31 - 2016-03-14 22:33 - 00003246 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-06-12 02:31 - 2014-11-09 20:43 - 00002878 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Stanko)
2016-06-12 02:29 - 2015-01-10 11:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-12 02:28 - 2015-11-03 20:41 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-12 02:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-12 02:27 - 2016-02-27 17:39 - 00000000 ____D C:\Windows\Temp6A7BEE29-B756-18E0-C927-2BC12B28511C-Signatures
2016-06-12 02:22 - 2015-11-03 20:41 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-12 02:13 - 2013-10-12 11:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-12 01:16 - 2012-06-24 13:06 - 00001046 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001UA.job
2016-06-12 00:56 - 2015-07-26 11:40 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-12 00:56 - 2015-07-26 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-11 21:30 - 2012-06-24 13:06 - 00001024 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001Core.job
2016-06-11 21:21 - 2015-11-03 20:43 - 00002171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-11 21:21 - 2015-11-03 20:43 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-09 18:41 - 2014-11-09 20:44 - 00000000 ____D C:\ProgramData\ProductData
2016-05-31 23:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-31 23:11 - 2012-08-05 01:50 - 00000000 ____D C:\Users\Stanko\AppData\Local\ElevatedDiagnostics
2016-05-31 21:36 - 2015-04-05 10:18 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-31 21:36 - 2015-04-05 10:18 - 00000000 ____D C:\Windows\SysWOW64\GWX
2016-05-29 11:51 - 2012-07-13 12:24 - 00000000 ____D C:\Users\Stanko\AppData\Roaming\dvdcss
2016-05-29 11:47 - 2014-01-07 01:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-25 18:19 - 2009-07-14 06:45 - 00413416 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-25 18:17 - 2014-12-10 18:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-25 18:17 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-25 18:11 - 2012-06-07 09:55 - 00000000 ____D C:\Users\Stanko\AppData\Roaming\Skype
2016-05-22 01:06 - 2013-07-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-05-22 00:44 - 2012-06-21 21:44 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-15 14:13 - 2013-10-12 11:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-15 14:13 - 2012-06-24 02:07 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-15 14:13 - 2011-10-14 05:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 13:16 - 2015-11-03 20:41 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-15 13:16 - 2015-11-03 20:41 - 00003680 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-09-21 17:12 - 2015-09-21 17:12 - 6420480 _____ () C:\Program Files (x86)\GUT3EB.tmp
2015-07-22 20:16 - 2015-07-22 20:16 - 6420480 _____ () C:\Program Files (x86)\GUT3EE4.tmp
2016-05-12 21:24 - 2016-05-12 21:24 - 6748160 _____ () C:\Program Files (x86)\GUT7B76.tmp
2016-05-13 19:10 - 2016-05-13 19:10 - 6748160 _____ () C:\Program Files (x86)\GUTED53.tmp
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Stanko\AppData\Roaming\CFMIBJER
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Stanko\AppData\Roaming\GU
2012-07-02 23:57 - 2015-06-16 00:15 - 0012800 _____ () C:\Users\Stanko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-29 11:34 - 2016-05-29 11:34 - 0000000 _____ () C:\Users\Stanko\AppData\Local\{81456139-CA62-4990-872D-E186BD282613}
2011-11-27 19:30 - 2011-11-27 19:33 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2015-11-02 21:50 - 2015-11-02 21:52 - 0000032 _____ () C:\ProgramData\PS.log

Some files in TEMP:
====================
C:\Users\Stanko\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy1hqdx.dll
C:\Users\Stanko\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-31 23:03

==================== End of FRST.txt ============================

[Márty84]

Zdravim

Bezi vam tam dva antiviry - Avast a MSE. Avast nechte, MSE odinstalujte.

Rad bych videl vysledky testu z MBAM, abych vedel, co tam je/bylo. Zkuste pohledat log. Mel by byt v historii, v zaznamech aplikace. Podle toho co tam uvidim, zvolim dalsi kroky

[plasko]

dobre ranko mse je prec a tu je log z mbam:
Malwarebytes Anti-Malware
www.malwarebytes.org

Dátum kontroly: 12. 6. 2016
Čas kontroly: 1:51
Protokol:
Správca: Áno

Verzia: 2.2.1.1043
Dazabáza malware: v2016.06.11.06
Databáza rootkitov: v2016.05.27.01
Licencia: Bezplatná verzia
Ochrana pred škodlivým softvérom: Vypnuté
Ochrana pred škodlivými webstránkami: Vypnuté
Vlastná ochrana: Vypnuté

OS: Windows 7 Service Pack 1
CPU: x64
Súborový systém: NTFS
Používateľ: Stanko

Typ kontroly: Kontrola hrozieb
Výsledok: Dokončená
Skontrolovaných objektov: 312137
Uplynulý čas: 32 min, 32 s

Pamäť: Zapnuté
Pri spustení: Zapnuté
Súborový systém: Zapnuté
Archívy: Zapnuté
Rootkity: Vypnuté
Heuristika: Zapnuté
PUP: Zapnuté
PUM: Zapnuté

Procesy: 0
(Žiadne škodlivé položky neboli zistené)

Moduly: 0
(Žiadne škodlivé položky neboli zistené)

Kľúče databázy Registry: 56
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, V karanténe, [5e5441baacedb383b82bc3c5ef13748c],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, V karanténe, [5e5441baacedb383b82bc3c5ef13748c],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, V karanténe, [5e5441baacedb383b82bc3c5ef13748c],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, V karanténe, [5e5441baacedb383b82bc3c5ef13748c],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, V karanténe, [5e5441baacedb383b82bc3c5ef13748c],
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, V karanténe, [2a88d12a2f6a0a2c0d0a176ac73b14ec],
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, V karanténe, [2a88d12a2f6a0a2c0d0a176ac73b14ec],
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, V karanténe, [2a88d12a2f6a0a2c0d0a176ac73b14ec],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, V karanténe, [81318279e1b862d4d31353352cd6cc34],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, V karanténe, [81318279e1b862d4d31353352cd6cc34],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, V karanténe, [81318279e1b862d4d31353352cd6cc34],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, V karanténe, [81318279e1b862d4d31353352cd6cc34],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, V karanténe, [81318279e1b862d4d31353352cd6cc34],
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, V karanténe, [882a40bba9f0ae88a632543536cc10f0],
Adware.1ClickDownload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, V karanténe, [882a40bba9f0ae88a632543536cc10f0],
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, V karanténe, [882a40bba9f0ae88a632543536cc10f0],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, V karanténe, [783a2ad12376122437ad16720cf6f20e],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, V karanténe, [783a2ad12376122437ad16720cf6f20e],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, V karanténe, [971b0deee8b18ea897541a6e5ba7916f],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, V karanténe, [971b0deee8b18ea897541a6e5ba7916f],
PUP.Optional.Babylon, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, V karanténe, [d1e13cbfb6e375c18b89cfb255adaa56],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, V karanténe, [684a05f6edac5bdbce19c3c5fb074fb1],
PUP.Optional.CrossRider, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, V karanténe, [585a6497e5b4f83e6e4e533d838007f9],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E9C815C-3865-4A7C-A79E-C7AF79FA4479}, V karanténe, [575bdb209405e4520eafd8b8d82b42be],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5AE9ED3-FA34-4D5E-90D6-A66E14633981}, V karanténe, [278bde1d9405fa3cfec1840cbe4531cf],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F56C1E4E-FBBC-4AAD-8341-A7395ECF0700}, V karanténe, [278b7f7c1e7bce68fbc31977ea1906fa],
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\DataMngr, V karanténe, [3b771ddec0d951e59e1c99369a69e41c],
PUP.Optional.TornTV, HKLM\SOFTWARE\WOW6432NODE\TheTorntv V10-nv, V karanténe, [a90974876c2d96a04e663d6daf54916f],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E9C815C-3865-4A7C-A79E-C7AF79FA4479}, V karanténe, [258d99620792c96df8c5d5bba75c8d73],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5AE9ED3-FA34-4D5E-90D6-A66E14633981}, V karanténe, [b8fa867554457abcb80780101be84eb2],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F56C1E4E-FBBC-4AAD-8341-A7395ECF0700}, V karanténe, [ded4a6557a1f44f2a717365a966d649c],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION, V karanténe, [06acc932c0d9e94d8513746e11f238c8],
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASAPI32, V karanténe, [4d659e5d732688ae2ed30da650b3cb35],
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASMANCS, V karanténe, [e0d23dbe6a2f9b9b04fd03b03ac938c8],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, V karanténe, [50624eadfa9f2412fdc54e47f21122de],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, V karanténe, [773b8576bfdab185f5ccb4e1f70c659b],
PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\REG\CLEAN\pro, V karanténe, [8230ca314c4d90a6f2238a53c0436e92],
PUP.Optional.TornTV, HKU\S-1-5-18\SOFTWARE\TornTv Downloader, V karanténe, [07ab9467158466d03e6f585215ee758b],
PUP.Optional.TornTV, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, V karanténe, [6a489d5ee2b767cfd1d3e9c1e1222dd3],
PUP.Optional.1ClickDownload, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\1ClickDownload, V karanténe, [04aecf2cddbc9e982570c7c0a063ca36],
PUP.Optional.BabylonToolBar, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\BabylonToolbar, V karanténe, [4c66dc1fcfcab0860979deab9e652dd3],
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\DataMngr, V karanténe, [e6cc38c348516acc7147656afc070ff1],
PUP.Optional.FileScout, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\FileScout, V karanténe, [cce644b753466ccab562b3e136cd18e8],
PUP.Optional.TornTV, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\TornTv Downloader, V karanténe, [ad05aa5172270036c5e8c0ea35ce29d7],
PUP.Optional.CrossRider, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, V karanténe, [4f63bc3f3f5a30069e95f69a788bbc44],
PUP.Optional.TornTV, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, V karanténe, [2f83ba41d2c761d59f05a00acd362fd1],
PUP.Optional.Babylon, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\BABSOLUTION\Updater, V karanténe, [ae0425d60e8bad895228fb8eb54e51af],
PUP.Optional.AlexaTB, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\DISTROMATIC\Toolbars, V karanténe, [743e82795643c76ff47d196f7a8932ce],
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, V karanténe, [10a2916ae9b0c670ebd2c5d07b889769],
PUP.Optional.CrossRider, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1C6DEDA9-9761-4996-9174-FFC82D2EBE25}, V karanténe, [813143b8b0e911257f2a454b3bc85ca4],
PUP.Optional.CrossRider, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E9C815C-3865-4A7C-A79E-C7AF79FA4479}, V karanténe, [91217d7ee2b777bf86211d73d82b768a],
PUP.Optional.CrossRider, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5AE9ED3-FA34-4D5E-90D6-A66E14633981}, V karanténe, [714158a314854ee88c1dc9c76c975ba5],
PUP.Optional.CrossRider, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F56C1E4E-FBBC-4AAD-8341-A7395ECF0700}, V karanténe, [248e7388722760d63e6a880842c1e21e],
PUP.Optional.Babylon, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\79F945E4C58B4DB3846BBE12508C4B70, V karanténe, [f9b90eed564310268eedd5b412f157a9],
PUP.Optional.BProtector, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, V karanténe, [dad8cc2fa2f793a3a125c4c61de6dc24],
PUP.Optional.RegCleanPro, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\REG\CLEAN\pro, V karanténe, [e5cd25d69cfd9a9ce92bbb22649f6a96],

Hodnoty databázy Registry: 16
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e9c815c-3865-4a7c-a79e-c7af79fa4479}|AppName, TheTorntv V10-bg.exe, V karanténe, [575bdb209405e4520eafd8b8d82b42be]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c5ae9ed3-fa34-4d5e-90d6-a66e14633981}|AppName, TheTorntv V10-codedownloader.exe, V karanténe, [278bde1d9405fa3cfec1840cbe4531cf]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f56c1e4e-fbbc-4aad-8341-a7395ecf0700}|AppName, TheTorntv V10-buttonutil.exe, V karanténe, [278b7f7c1e7bce68fbc31977ea1906fa]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e9c815c-3865-4a7c-a79e-c7af79fa4479}|AppName, TheTorntv V10-bg.exe, V karanténe, [258d99620792c96df8c5d5bba75c8d73]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c5ae9ed3-fa34-4d5e-90d6-a66e14633981}|AppName, TheTorntv V10-codedownloader.exe, V karanténe, [b8fa867554457abcb80780101be84eb2]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f56c1e4e-fbbc-4aad-8341-a7395ecf0700}|AppName, TheTorntv V10-buttonutil.exe, V karanténe, [ded4a6557a1f44f2a717365a966d649c]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|TheTorntv V10-bg.exe, 8000, V karanténe, [06acc932c0d9e94d8513746e11f238c8]
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, direct, V karanténe, [10a2916ae9b0c670ebd2c5d07b889769]
PUP.Optional.CrossRider, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1C6DEDA9-9761-4996-9174-FFC82D2EBE25}|AppName, 3e66edfd-a33a-4209-9cc8-b165dee5dd8c-2.exe-codedownloader.exe, V karanténe, [813143b8b0e911257f2a454b3bc85ca4]
PUP.Optional.CrossRider, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e9c815c-3865-4a7c-a79e-c7af79fa4479}|AppName, TheTorntv V10-bg.exe, V karanténe, [91217d7ee2b777bf86211d73d82b768a]
PUP.Optional.CrossRider, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c5ae9ed3-fa34-4d5e-90d6-a66e14633981}|AppName, TheTorntv V10-codedownloader.exe, V karanténe, [714158a314854ee88c1dc9c76c975ba5]
PUP.Optional.CrossRider, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f56c1e4e-fbbc-4aad-8341-a7395ecf0700}|AppName, TheTorntv V10-buttonutil.exe, V karanténe, [248e7388722760d63e6a880842c1e21e]
PUP.Optional.BProtector, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://search.babylon.com/?affID=112555 ... 1196d3ab6d, V karanténe, [5d55718a4a4f32047b6db1161fe4c43c]
PUP.Optional.BProtector, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, V karanténe, [d8da7b80158474c255949d2a3cc7738d]
PUP.Optional.Babylon, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\79F945E4C58B4DB3846BBE12508C4B70|URL, http://search.babylon.com/?q={searchTer ... 1196d3ab6d, V karanténe, [f9b90eed564310268eedd5b412f157a9]
PUP.Optional.Babylon, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\79F945E4C58B4DB3846BBE12508C4B70|FaviconURL, search.babylon.com/favicon.ico, V karanténe, [8b2715e68217cc6a86f539506a9928d8]

Údaj databázy Registry: 1
PUP.Optional.Babylon, HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://search.babylon.com/?affID=112555 ... 1196d3ab6d, Dobrá: (www.google.com), Zlá: (http://search.babylon.com/?affID=112555 ... 1196d3ab6d),Nahradené,[6b47738829702016dfe0075e49bbf808]

Priečinky: 29
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\bitstreams, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\0, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\1, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\2, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\3, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\4, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\5, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\6, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\7, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\8, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\9, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\a, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\b, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\c, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\d, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\e, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\data7\f, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\cache\prepared, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\log, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\queries, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaDrug, V karanténe, [753dba41f4a5db5b994a7d2c986a9d63],
PUP.Optional.MediaDrug, C:\MediaDrug, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.TornTV, C:\Program Files (x86)\TheTorntv V10, V karanténe, [486ab04bdcbd55e14c49b5fc778bfe02],
PUP.Optional.WebExtend, C:\Users\Stanko\AppData\Roaming\WebExtend, V karanténe, [5f537487485166d0ede1238fe41e1ce4],

Súbory: 132
PUP.Optional.SofTonic, C:\Users\Stanko\Downloads\SoftonicDownloader_for_vlc-media-player.exe, V karanténe, [436fdb20900960d6394f38f307fa857b],
PUP.Optional.OpenCandy, C:\Users\Stanko\Downloads\daemon-tools_4.45.4Lite.exe, V karanténe, [139f9c5fdabfea4c4687e2959074b24e],
PUP.Optional.CrossRider, C:\Windows\Tasks\3e66edfd-a33a-4209-9cc8-b165dee5dd8c-1.job, V karanténe, [248eed0e5b3eee484c1cccbbd52ee11f],
PUP.Optional.CrossRider, C:\Windows\Tasks\3e66edfd-a33a-4209-9cc8-b165dee5dd8c-11.job, V karanténe, [684ad6251089e452482061267d86fe02],
PUP.Optional.CrossRider, C:\Windows\Tasks\3e66edfd-a33a-4209-9cc8-b165dee5dd8c-2.job, V karanténe, [6a4807f4eeab68ce1355a7e054aff60a],
PUP.Optional.CrossRider, C:\Windows\Tasks\3e66edfd-a33a-4209-9cc8-b165dee5dd8c-3.job, V karanténe, [5f538c6f3a5f3501e286b6d1b053d32d],
PUP.Optional.CrossRider, C:\Windows\Tasks\3e66edfd-a33a-4209-9cc8-b165dee5dd8c-4.job, V karanténe, [cfe3a457d7c2bd7958104f3823e0f60a],
PUP.Optional.CrossRider, C:\Windows\Tasks\3e66edfd-a33a-4209-9cc8-b165dee5dd8c-5.job, V karanténe, [1b974ead5247112581e74a3da26104fc],
PUP.Optional.CrossRider, C:\Windows\Tasks\3e66edfd-a33a-4209-9cc8-b165dee5dd8c-5_user.job, V karanténe, [763cef0c3168102644244b3cb350d62a],
PUP.Optional.CrossRider, C:\Windows\Tasks\3e66edfd-a33a-4209-9cc8-b165dee5dd8c-6.job, V karanténe, [981a1dde6633979f0b5d7215f013ac54],
PUP.Optional.CrossRider, C:\Windows\Tasks\3e66edfd-a33a-4209-9cc8-b165dee5dd8c-7.job, V karanténe, [fdb5f803b3e6b77fb6b2d9aedb28e020],
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\searchplugins\babylon.xml, V karanténe, [248efefdadecfd39db97e0a928dbba46],
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\searchplugins\babylon1.xml, V karanténe, [248eec0fbadf0f275221c8c163a0f40c],
PUP.Optional.BProtector, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\bprotector_extensions.sqlite, V karanténe, [248e5f9c2c6d54e27152a0ea9d66d42c],
PUP.Optional.BProtector, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\bprotector_prefs.js, V karanténe, [4b67a85360392a0c7d46bfcb9a699868],
PUP.Optional.MediaDrug, C:\Users\Stanko\Desktop\MediaDrug.lnk, V karanténe, [941e8774f7a26acc3dd3801b7390738d],
PUP.Optional.MindSpark, C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.myway.com_0.localstorage, V karanténe, [ebc76a91a3f6de58e6d4a3f8e41f11ef],
PUP.Optional.MindSpark, C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, V karanténe, [c1f1b8438e0b4ee87545a6f58b78b947],
PUP.Optional.MindSpark, C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, V karanténe, [c6ec79826138290de6d51a8149ba52ae],
PUP.Optional.MindSpark, C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, V karanténe, [b8fa2ecd1b7ec96d27941388b54e8a76],
Trojan.Agent.Trace, C:\Windows\inf\ntvdm.inf, V karanténe, [159d5d9eb1e872c4eadc4d6da75c17e9],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\diablo130302.cl, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\diakgcn121016.cl, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\libcurl-4.dll, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\libeay32.dll, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\libidn-11.dll, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\librtmp.dll, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\libssh2.dll, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\phatk121016.cl, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\poclbm130302.cl, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\scrypt130511.cl, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\ssleay32.dll, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\zlib1.dll, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
Trojan.Agent.BCM, C:\Windows\inf\mncgakmbe\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, V karanténe, [1c9623d8fa9fe155ee9ee3b444bea957],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\.settings, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\dm.xml, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\playlists.xml, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\radio.xml, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\log\log_2014-03-27.txt, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\log\log_2015-11-03.txt, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Local\MediaDrug\queries\K-Maro - My Lady.xml, V karanténe, [f1c1fa01dabfcc6a637f9910f0127987],
PUP.Optional.MediaDrug, C:\Users\Stanko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaDrug\MediaDrug.lnk, V karanténe, [753dba41f4a5db5b994a7d2c986a9d63],
PUP.Optional.MediaDrug, C:\MediaDrug\bass.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\libeay32.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\libgcc_s_dw2-1.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\libtag.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\mediadrug.exe, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\mingwm10.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\qjson0.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\QtCore4.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\QtGui4.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\QtNetwork4.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\QtXml4.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\MediaDrug\ssleay32.dll, V karanténe, [931f2ccf6f2a9a9c74708623659de31d],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\default.mdp, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Crazy.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Femme Like U.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Gangsta Party.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Good Old Days.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Let's Go.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Lets Go (1).mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Lets Go.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - My Lady.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Nice & Slow (1).mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Nice & Slow.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Sous L'oeil De L'ange.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.MediaDrug, C:\Users\Stanko\Music\MediaDrug\K-MARO - Strip Club.mp3, V karanténe, [684a95663861a492766f3970b74b21df],
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (user_pref("browser.newtab.url", "http://search.babylon.com/?affID=112555 ... 1196d3ab6d");), Nahradené,[cae8a5564158c76fe3c13252da2a07f9]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (user_pref("extensions.BabylonToolbar.admin", false);), Nahradené,[6f439269950494a2d3d298ecdf250ff1]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (ferences
/* Do not edit this file.
*
* If you mak), Nahradené,[278be3180693a2941095c8bcb64e3cc4]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (rences
/* Do not edit this file.
*
* If you make changes to this file while the ap), Nahradené,[0da513e8594076c0c4e1364e30d48977]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (
*
* If you make changes to this file while the appli), Nahradené,[268c9b60a4f57fb715909ce8b252d927]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (ces
/* Do not edit this file.
*
* If you make ch), Nahradené,[209218e3aeeb5cda7e276b19d232db25]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (erences
/* Do not edit this file.
*
* If you make), Nahradené,[d2e04ead0495f046dfc63252758fb947]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (rences
/* Do not edit this file.
*
* If you make changes to this file whi), Nahradené,[cde565965a3f8bab287d444023e1bd43]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (his file.
*
* If you make changes to this file while ), Nahradené,[1c969f5c4356a88e495c3153c63efc04]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (ces
/* Do not edit this file.
*
* If you make chan), Nahradené,[05ad99621f7a74c20e97e89c9c687e82]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (ences
/* Do not edit this file.
*
* If you make changes to), Nahradené,[8d257a81badffc3a7332c0c4bb499967]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (* Do not edit this file.
*
* If you make changes to th), Nahradené,[d9d9c5364c4df93decb98afa62a239c7]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (es
/* Do not edit this file.
*
* If you make cha), Nahradené,[0da5af4c9bfeae88713401839d677987]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (rences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overw), Nahradené,[248ecc2fdbbe94a2079e7b09c93b3ac6]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: ( application is running,
* the changes will be overwr), Nahradené,[e8ca37c4c9d08aac9f06e89c10f431cf]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (ences
/* Do not edit this file.
*
* If you make cha), Nahradené,[4b67a15ab7e2e650c0e57a0a16eebc44]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (nces
/* Do not edit this file.
*
* If you make chan), Nahradené,[dfd352a9b1e8b97df6afa3e164a0f60a]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (nces
/* Do not edit this file.
*
* If you make ), Nahradené,[8d2542b90c8dfe3850551e664aba21df]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (ferences
/* Do not edit this file.
*
* If you make changes to this file), Nahradené,[e7cb13e875247bbbbce9770df2122bd5]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: ( this file.
*
* If you make changes to this file whi), Nahradené,[91216893435686b002a37b09a3610ef2]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (nces
/* Do not edit this file.
*
* If you make changes to this file while the a), Nahradené,[5a5805f6c9d082b475303e46d331ca36]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (le.
*
* If you make changes to this file while the application is running,
), Nahradené,[ffb3ad4efc9d93a355504d3729db18e8]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (s file.
*
* If you make changes to this file while the ), Nahradené,[971b3ac1f6a3c373f9acf292c53fe21e]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (s
/* Do not edit this file.
*
* If you make changes ), Nahradené,[dfd3906b82173bfbcbdafb89d62ec040]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (ences
/* Do not edit this file.
*
* If you make changes to t), Nahradené,[ded45aa1c3d650e6adf81b69f212ef11]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (Do not edit this file.
*
* If you make changes to this f), Nahradené,[c2f025d64356f541c9dcb3d1e32113ed]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (
/* Do not edit this file.
*
* If you make changes t), Nahradené,[cce63dbedcbdbb7ba302c0c4b84ce917]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (ces
/* Do not edit this file.
*
* If you make cha), Nahradené,[872b6c8fdcbd3ef88223aed6bb493dc3]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (rences
/* Do not edit this file.
*
* If you make ch), Nahradené,[dad8e714b1e892a47f261a6ab54fa759]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (nces
/* Do not edit this file.
*
* If you make change), Nahradené,[882a6299c1d88ea8079e6c180004e818]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (es
/* Do not edit this file.
*
* If you make changes to this f), Nahradené,[288a04f7ecadca6c2d78bdc740c4758b]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: ( not edit this file.
*
* If you make changes to this fi), Nahradené,[f7bba65534656ec8a3028df760a445bb]
PUP.Optional.CrossRider, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js, Dobrá: (), Zlá: (user_pref("extensions.crossrider.bic", "149965a61d1e945adcacbd5c96679e23");), Nahradené,[cee416e52178e353467d8df710f4d729]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (user_pref("extensions.BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d");), Nahradené,[e2d0f902297085b1b1f6c5bfe71d37c9]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (1aa051d3000000000000081196d3ab6d");
user_pref("extensions.BabylonToolbar_i.hardId",), Nahradené,[af03ec0f2277ad89d4d34a3a1de7dd23]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (51d3000000000000081196d3ab6d");
user_pref("extensions.Baby), Nahradené,[b7fbd02b70294fe786214f3593713dc3]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (bylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d");
), Nahradené,[0aa810ebe7b239fd7a2d265e0ff5c937]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (abylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d");
), Nahradené,[f5bdfb00c0d9b4822b7c483cd2322cd4]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (bylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d");
us), Nahradené,[fcb66398aaef4aec5c4b7c08828211ef]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (ylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d");
user_pre), Nahradené,[5161619a10899c9a9c0b384c0202da26]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (oolbar_i.id", "1aa051d3000000000000081196d3ab6d");
user), Nahradené,[d4de46b5bcdde650e2c5c5bf54b0d22e]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (.BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d), Nahradené,[a90938c3435693a35354236143c105fb]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (.BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d"), Nahradené,[4b67c5365544ce686542642060a4a15f]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (r_i.hardId", "1aa051d3000000000000081196d3ab6d");
user_pref("extensions.BabylonToolbar_i.instlDay", "15513");
user_pref("extensions.Baby), Nahradené,[c8eab54684153ef8d3d4c7bd00040ff1]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (.BabylonToolbar_i.hardId", "1aa051d3000000000000081196d3ab6d");
user_pref("ex), Nahradené,[01b19269b7e280b602a5394bb2524eb2]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: ( "1aa051d3000000000000081196d3ab6d");
user_pref("extensions.BabylonToolbar_i.hardId", ), Nahradené,[04aef00b099075c13b6c7212e1233ac6]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (3000000000000081196d3ab6d");
user_pref("extensions.Babyl), Nahradené,[99192dce49500d29b7f04d3712f2ee12]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d), Nahradené,[d0e209f23168c86e1691add7d72de61a]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (s.BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6), Nahradené,[357d9a617a1f2214990e03819f65a759]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (.BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d");
user_p), Nahradené,[6c469764fb9ef83ea403bfc5fc0812ee]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (lbar_i.id", "1aa051d3000000000000081196d3ab6d");
user_pre), Nahradené,[fdb5e912a5f4fd399314295ba55fa25e]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (abylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d");
user), Nahradené,[f0c26d8ec3d6063006a18bf93cc81de3]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (nToolbar_i.id", "1aa051d3000000000000081196d3ab6d");
), Nahradené,[e8cae2196336be789f08aed615ef11ef]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (ns.BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6), Nahradené,[d9d98279c1d892a47334c6be966e758b]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6), Nahradené,[773bc5362e6b70c62186048030d4ef11]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (ns.BabylonToolbar_i.id", "1aa051d3000000000000081196d3a), Nahradené,[f3bfc4379108cf675a4df1937f85cf31]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (s.BabylonToolbar_i.id", "1aa051d3000000000000081196d3), Nahradené,[4d650af117829f97a007e2a2b1530bf5]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (ons.BabylonToolbar_i.id", "1aa051d3000000000000081196d3a), Nahradené,[07ab9d5e5e3bfa3cdfc8760eab5957a9]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (.BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab), Nahradené,[6151db209bfe2e08d9ce9aea3fc5a15f]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (ns.BabylonToolbar_i.id", "1aa051d3000000000000081196), Nahradené,[3f734ead8f0aa096cbdc2a5ad33141bf]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (ions.BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d");
user_pref("), Nahradené,[9c1656a5792042f4ced934503acab947]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (", "1aa051d3000000000000081196d3ab6d");
user_pref("), Nahradené,[2d85fffcdebbef47d3d44c38788ca858]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (ions.BabylonToolbar_i.id", "1aa051d3000000000000081196), Nahradené,[f9b9a2591a7f79bdd8cf31539d673bc5]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab), Nahradené,[684a0bf00b8e95a15a4d6e1624e0b947]
PUP.Optional.Babylon, C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js, Dobrá: (), Zlá: (ons.BabylonToolbar_i.id", "1aa051d3000000000000081196d3), Nahradené,[6a486992b4e565d1d1d68ef634d013ed]

Fyzické sektory: 0
(Žiadne škodlivé položky neboli zistené)


(end)

[Márty84]

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.


Udelejte novou kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[plasko]

prikladam log z AdwCleaner:

# AdwCleaner v5.119 - Log vytvorený 12/06/2016 v 19:56:02
# Aktualizované 30/05/2016 by Xplode
# Databáza : 2016-06-12.1 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (X64)
# Užívateľské meno : Stanko - STANKO-PC
# Spustené z : C:\Users\Stanko\Downloads\adwcleaner_5.119.exe
# Nastavenie : Čistenie
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Priečinky ] *****

[-] Priečinok Zmazané : C:\ProgramData\Allmyapps
[-] Priečinok Zmazané : C:\ProgramData\Babylon
[#] Priečinok Zmazané : C:\ProgramData\Application Data\Allmyapps
[#] Priečinok Zmazané : C:\ProgramData\Application Data\Babylon
[-] Priečinok Zmazané : C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader
[#] Priečinok Zmazané : C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader
[-] Priečinok Zmazané : C:\Program Files (x86)\YourFileDownloader
[#] Priečinok Zmazané : C:\Program Files (x86)\YourFileDownloader
[-] Priečinok Zmazané : C:\Users\Stanko\AppData\LocalLow\TheTorntv V10
[-] Priečinok Zmazané : C:\Users\Stanko\AppData\Roaming\Babylon
[-] Priečinok Zmazané : C:\Users\Stanko\AppData\Roaming\Systweak
[-] Priečinok Zmazané : C:\Users\Stanko\AppData\Roaming\YourFileDownloader
[#] Priečinok Zmazané : C:\Users\Stanko\AppData\Roaming\YourFileDownloader
[-] Priečinok Zmazané : C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

***** [ Súbory ] *****

[-] Súbor Zmazané : C:\Users\Stanko\Documents\uninstaller.exe
[-] Súbor Zmazané : C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\invalidprefs.js
[-] Súbor Zmazané : C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\searchplugins\bingp.xml
[-] Súbor Zmazané : C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\searchplugins\mngr.xml
[-] Súbor Zmazané : C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
[-] Súbor Zmazané : C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Súbor Zmazané : C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.searchinsocial.com_0.localstorage
[-] Súbor Zmazané : C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.searchinsocial.com_0.localstorage-journal
[-] Súbor Zmazané : C:\Windows\SysNative\roboot64.exe
[-] Súbor Zmazané : C:\user.js

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupcovia ] *****


***** [ Naplánované úlohy ] *****


***** [ Registre ] *****

[-] Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
[-] Kľúč registra Zmazané : HKCU\Software\5a578fd9b13db842
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\5a578fd9b13db842
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\77f01f80-8040-438c-a83a-4f99120f2c35
[-] Kľúč registra Zmazané : HKCU\Software\Classes\TornTvDownloader.File
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Prod.cap
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TornTvDownloader.File
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Kľúč registra Zmazané : HKCU\Software\BABSOLUTION
[-] Kľúč registra Zmazané : HKCU\Software\distromatic
[-] Kľúč registra Zmazané : HKCU\Software\GlobalUpdate
[-] Kľúč registra Zmazané : HKCU\Software\InstalledBrowserExtensions
[-] Kľúč registra Zmazané : HKCU\Software\Reg\Clean
[-] Kľúč registra Zmazané : HKCU\Software\Softonic
[-] Kľúč registra Zmazané : HKCU\Software\YourFileDownloader
[-] Kľúč registra Zmazané : HKCU\Software\systweak
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Babylon
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\GlobalUpdate
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Reg\Clean
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\SiteSee
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\YourFileDownloader
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\systweak
[-] Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TheTorntv V10
[-] Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Kľúč registra Zmazané : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10
[-] Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-542987268-1208656116-1080822998-1001\Software\SweetIM
[-] Kľúč registra Zmazané : HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10
[-] Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Webové prehliadače ] *****

[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112555&tt=4912_4&babsrc=HP_ss&mntrId=1aa051d3000000000000081196d3ab6d");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.excTlbr", false);
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.id", "1aa051d3000000000000081196d3ab6d");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.instlDay", "15678");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.rvrt", "false");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=1aa051d3000000000000081196d3ab6d&q=");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.babExt", "");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=4912_4");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.hardId", "1aa051d3000000000000081196d3ab6d");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.id", "1aa051d3000000000000081196d3ab6d");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.instlDay", "15513");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.newTab", false);
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.922:10:48");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7[...]
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\prefs.js] Zmazané : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.hardId", "1aa0lonToolbar_i.instlDay", "15513");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=1aa051d3000000000000081196d3ab6d&q=");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.id", "1aa0lonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.instlDay", "15678");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.922:10:48");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.excTlbr", false);
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.admin", false);
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=4912_4");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.babExt", "");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar.rvrt", "false");
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("extensions.BabylonToolbar_i.newTab", false);
[-] [C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js] Zmazané : user_pref("network.hxxp.request.max-start-delay", 0);

*************************

:: "Tracing" kľúče zmazané
:: Nastavenia Winsock resetované.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [19398 bajtov] - [12/06/2016 19:56:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [20790 bajtov] - [12/06/2016 19:54:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [19548 bajtov] ##########

[plasko]

a tu je mbam:

Malwarebytes Anti-Malware
www.malwarebytes.org

Dátum kontroly: 12. 6. 2016
Čas kontroly: 20:03
Protokol: mbam.txt
Správca: Áno

Verzia: 2.2.1.1043
Dazabáza malware: v2016.06.12.03
Databáza rootkitov: v2016.05.27.01
Licencia: Bezplatná verzia
Ochrana pred škodlivým softvérom: Vypnuté
Ochrana pred škodlivými webstránkami: Vypnuté
Vlastná ochrana: Vypnuté

OS: Windows 7 Service Pack 1
CPU: x64
Súborový systém: NTFS
Používateľ: Stanko

Typ kontroly: Vlastná kontrola
Výsledok: Dokončená
Skontrolovaných objektov: 531371
Uplynulý čas: 4 hod, 20 min 35 s

Pamäť: Zapnuté
Pri spustení: Zapnuté
Súborový systém: Zapnuté
Archívy: Zapnuté
Rootkity: Zapnuté
Heuristika: Zapnuté
PUP: Zapnuté
PUM: Zapnuté

Procesy: 0
(Žiadne škodlivé položky neboli zistené)

Moduly: 0
(Žiadne škodlivé položky neboli zistené)

Kľúče databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Hodnoty databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Údaj databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Priečinky: 0
(Žiadne škodlivé položky neboli zistené)

Súbory: 7
PUP.Optional.OpenCandy, C:\AAA\FYDLoad_inconv2_1.exe, , [977ccb31a5f40b2b3e12c3b5f410c53b],
PUP.Optional.MediaDrug, C:\AAA\mediadrug.exe, , [bd569b610792e1553c0533f7dc2545bb],
PUP.Optional.SofTonic, C:\AAA\SoftonicDownloader_for_windows-movie-maker.exe, , [4dc677858811999dc2b61f08ed1422de],
PUP.Optional.InstallCore, C:\Users\Stanko\Documents\hry\setup.exe, , [a0738f6d425722143d4b0b3424ddca36],
RiskWare.Tool.CK, C:\Users\Stanko\Documents\NFS,\Crack.rar, , [779cb646f6a36acca886a668659d0ef2],
Trojan.Surveyer.MSIL, C:\Users\Stanko\Downloads\Nový priečinok\Farming.Simulator.15 (1).zip, , [ea298d6f3b5ed75f904966ed1ae7a55b],
Trojan.Surveyer.MSIL, C:\Users\Stanko\Downloads\Nový priečinok\Farming.Simulator.15.zip, , [53c04cb0bbde053179605cf7c73aea16],

Fyzické sektory: 0
(Žiadne škodlivé položky neboli zistené)


(end)

[Márty84]

Nalezy MBAM nechte odstranit.


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[plasko]

log z ComboFix-u :

ComboFix 16-06-01.01 - Stanko . 06. 2016 11:36:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3948.1972 [GMT 2:00]
Running from: c:\users\Stanko\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
C:\StarCraftII_CZ.exe
c:\starcraftii_cz.exe\StarCraftII_CZ.exe
c:\windows\msdownld.tmp
c:\windows\PFRO.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\tmp125C.tmp
c:\windows\SysWow64\tmp126D.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2016-05-13 to 2016-06-13 )))))))))))))))))))))))))))))))
.
.
2016-06-13 09:49 . 2016-06-13 09:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-12 17:54 . 2016-06-12 17:56 -------- d-----w- C:\AdwCleaner
2016-06-12 16:01 . 2016-05-27 12:01 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{273F4050-257B-43B3-9B14-35714465D844}\mpengine.dll
2016-06-12 00:10 . 2016-06-12 00:45 -------- d-----w- C:\FRST
2016-06-11 23:50 . 2016-06-12 18:03 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-11 23:49 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-11 23:49 . 2016-06-11 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-06-11 23:49 . 2016-06-11 23:49 -------- d-----w- c:\programdata\Malwarebytes
2016-06-11 23:49 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-06-11 23:49 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-15 12:13 . 2016-05-15 12:13 5995712 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-05-15 12:01 . 2016-04-23 04:24 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-05-15 12:00 . 2016-04-09 07:01 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-05-15 11:59 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-05-15 11:59 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-21 22:44 . 2012-06-21 19:44 139319312 ----a-w- c:\windows\system32\MRT.exe
2016-05-15 12:13 . 2012-06-24 00:07 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-15 12:13 . 2011-10-14 03:49 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-13 17:10 . 2016-05-13 17:10 6748160 ----a-w- c:\program files (x86)\GUTED53.tmp
2016-05-12 19:24 . 2016-05-12 19:24 6748160 ----a-w- c:\program files (x86)\GUT7B76.tmp
2016-04-21 13:05 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-09 06:58 . 2016-05-15 12:00 344064 ----a-w- c:\windows\system32\schannel.dll
2016-04-09 06:58 . 2016-05-15 12:00 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-04-09 06:54 . 2016-05-15 12:00 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-04-09 06:54 . 2016-05-15 12:00 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-04-09 06:54 . 2016-05-15 12:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-13 18:14 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-13 18:14 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-13 18:14 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-26 10:41 . 2016-03-26 10:41 0 ----a-w- c:\windows\SysWow64\sho9DC5.tmp
2016-03-23 14:02 . 2016-04-13 18:14 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-13 18:10 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-13 18:10 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-13 18:14 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-13 18:14 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-13 18:14 279040 ----a-w- c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-13 18:14 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-13 18:11 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-13 18:11 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-13 18:11 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-13 18:10 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-13 18:10 106496 ----a-w- c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-13 18:10 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2015-09-21 15:12 . 2015-09-21 15:12 6420480 ----a-w- c:\program files (x86)\GUT3EB.tmp
2015-07-22 18:16 . 2015-07-22 18:16 6420480 ----a-w- c:\program files (x86)\GUT3EE4.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-01 8722136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-13 7021880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2015-06-15 73216]
.
c:\users\Stanko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stanko\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-10 36359432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" -autostart
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
.
R1 lmbhnlpu;lmbhnlpu;c:\windows\system32\drivers\lmbhnlpu.sys;c:\windows\SYSNATIVE\drivers\lmbhnlpu.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12 12:13]
.
2016-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001Core.job
- c:\users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-24 08:11]
.
2016-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001UA.job
- c:\users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-24 08:11]
.
2016-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 18:41]
.
2016-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 18:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-13 15:00 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-12-09 1846016]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-12 2787264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9 - c:\mediadrug\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-542987268-1208656116-1080822998-1001\Software\SecuROM\License information*]
"datasecu"=hex:1a,3d,48,44,e0,fa,fc,d8,98,95,4d,1d,e6,df,90,e9,d4,d3,bd,23,83,
53,71,d8,ff,37,24,56,f0,1c,07,bf,a6,95,08,9c,1d,a5,a0,2a,14,33,ed,f7,db,0f,\
"rkeysecu"=hex:b5,18,2e,1c,ef,0f,98,2d,0e,00,1b,e7,5d,da,77,53
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\users\Stanko\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2016-06-13 11:58:09 - machine was rebooted
ComboFix-quarantined-files.txt 2016-06-13 09:58
.
Pre-Run: 240 633 479 168 bytes free
Post-Run: 243 192 463 360 bytes free
.
- - End Of File - - 06896D8A863A6EEB7358AD1E9715EA66

[Márty84]

Presunte ComboFix na plochu, jinak to nebude fungovat!!!
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"CCleaner Monitoring"=-

Regnull::
[HKEY_USERS\S-1-5-21-542987268-1208656116-1080822998-1001\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
lmbhnlpu
LiveUpdateSvc
SkypeUpdate
c2cautoupdatesvc
c2cpnrsvc

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[plasko]

dobre ranko neviem ci to budete mat v logu ale vyhodilo mi pri vykonavani skriptu niekolko chyb pri backupe:

neostavalo mi nic ine ako ich preskocit tu je zaverecny log:

ComboFix 16-06-01.01 - Stanko . 06. 2016 12:04:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3948.1847 [GMT 2:00]
Running from: c:\users\Stanko\Desktop\ComboFix.exe
Command switches used :: c:\users\Stanko\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_c2cautoupdatesvc
-------\Service_c2cpnrsvc
-------\Service_LiveUpdateSvc
-------\Service_lmbhnlpu
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2016-05-14 to 2016-06-14 )))))))))))))))))))))))))))))))
.
.
2016-06-14 10:14 . 2016-06-14 10:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-14 09:58 . 2016-06-14 09:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-06-12 17:54 . 2016-06-12 17:56 -------- d-----w- C:\AdwCleaner
2016-06-12 16:01 . 2016-05-27 12:01 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{273F4050-257B-43B3-9B14-35714465D844}\mpengine.dll
2016-06-12 00:10 . 2016-06-12 00:45 -------- d-----w- C:\FRST
2016-06-11 23:50 . 2016-06-12 18:03 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-11 23:49 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-11 23:49 . 2016-06-11 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-06-11 23:49 . 2016-06-11 23:49 -------- d-----w- c:\programdata\Malwarebytes
2016-06-11 23:49 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-06-11 23:49 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-15 12:13 . 2016-05-15 12:13 5995712 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-05-15 12:01 . 2016-04-23 04:24 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-05-15 12:00 . 2016-04-09 07:01 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-05-15 11:59 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-05-15 11:59 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-21 22:44 . 2012-06-21 19:44 139319312 ----a-w- c:\windows\system32\MRT.exe
2016-05-15 12:13 . 2012-06-24 00:07 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-15 12:13 . 2011-10-14 03:49 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-13 17:10 . 2016-05-13 17:10 6748160 ----a-w- c:\program files (x86)\GUTED53.tmp
2016-05-12 19:24 . 2016-05-12 19:24 6748160 ----a-w- c:\program files (x86)\GUT7B76.tmp
2016-04-21 13:05 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-09 06:58 . 2016-05-15 12:00 344064 ----a-w- c:\windows\system32\schannel.dll
2016-04-09 06:58 . 2016-05-15 12:00 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-04-09 06:54 . 2016-05-15 12:00 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-04-09 06:54 . 2016-05-15 12:00 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-04-09 06:54 . 2016-05-15 12:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-13 18:14 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-13 18:14 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-13 18:14 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-26 10:41 . 2016-03-26 10:41 0 ----a-w- c:\windows\SysWow64\sho9DC5.tmp
2016-03-23 14:02 . 2016-04-13 18:14 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-13 18:10 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-13 18:10 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-13 18:14 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-13 18:14 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-13 18:14 279040 ----a-w- c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-13 18:14 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-13 18:11 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-13 18:11 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-13 18:11 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2015-09-21 15:12 . 2015-09-21 15:12 6420480 ----a-w- c:\program files (x86)\GUT3EB.tmp
2015-07-22 18:16 . 2015-07-22 18:16 6420480 ----a-w- c:\program files (x86)\GUT3EE4.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-13 7021880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2015-06-15 73216]
.
c:\users\Stanko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stanko\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-10 36359432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" -autostart
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12 12:13]
.
2016-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001Core.job
- c:\users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-24 08:11]
.
2016-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001UA.job
- c:\users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-24 08:11]
.
2016-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 18:41]
.
2016-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 18:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Stanko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-13 15:00 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-12-09 1846016]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-12 2787264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2016-06-14 12:26:54 - machine was rebooted
ComboFix-quarantined-files.txt 2016-06-14 10:26
ComboFix2.txt 2016-06-13 09:58
.
Pre-Run: 242 098 155 520 bytes free
Post-Run: 242 204 549 120 bytes free
.
- - End Of File - - 912D1D12C21B8BE3DA4A9A3D3BE80ECE

[Márty84]

Dejte nove logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

[plasko]

log z launchera (na zaciatku vyhodil chybu pri pokuse o aktualizaciu, dufam ze to bude aj tak v poriadku O:) ) :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
Ran by Stanko (administrator) on STANKO-PC (14-06-2016 19:58:11)
Running from C:\Users\Stanko\Desktop
Loaded Profiles: Stanko (Available Profiles: Stanko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(forum.viry.cz) C:\Users\Stanko\Desktop\FRSTLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2015-12-16] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software)
Startup: C:\Users\Stanko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-01-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stanko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A5622C11-4B61-4099-BE60-87FBD79C8F66}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP22&ocid=UP22DHP
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-542987268-1208656116-1080822998-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-542987268-1208656116-1080822998-1001 -> {91EB51E4-7305-47D9-9AC8-71E4E29D0FEE} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-542987268-1208656116-1080822998-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Stanko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF user.js: detected! => C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js [2016-06-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-12-07] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\searchplugins\mozillask.xml [2012-08-01]
FF Extension: No Name - C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: Download Statusbar - C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2015-05-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-14]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File
CHR Plugin: (Babylon ToolBar) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll => No File
CHR Plugin: (Application Manager) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Stanko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-03]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2015-11-03]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-03]
CHR Extension: (Google Search) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Avast SafePrice) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-06]
CHR Extension: (Lamborghini Century64) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikjgpmondliabjaipmamheijmdhhljo [2014-12-15]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Avast Online Security) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-14]
CHR Extension: (Skype) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2015-11-03]
CHR Extension: (Gmail) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-03] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-14] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-14] (AVAST Software)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-04] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-21] (REALiX(tm))
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [125952 2014-11-09] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-09-21] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-09] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-14 19:58 - 2016-06-14 19:58 - 00021778 _____ C:\Users\Stanko\Desktop\FRST.txt
2016-06-14 19:55 - 2016-06-14 19:55 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-14 19:55 - 2016-06-14 19:55 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-14 19:55 - 2016-06-14 19:54 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-14 19:55 - 2016-03-05 17:43 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw819A.tmp
2016-06-14 19:55 - 2016-01-21 10:05 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8595.tmp
2016-06-14 19:55 - 2015-12-18 23:45 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8499.tmp
2016-06-14 19:55 - 2015-12-13 17:01 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8651.tmp
2016-06-14 19:55 - 2015-12-13 17:01 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw86CF.tmp
2016-06-14 19:55 - 2015-12-13 17:00 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8340.tmp
2016-06-14 19:55 - 2015-12-13 17:00 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8517.tmp
2016-06-14 19:55 - 2015-12-13 17:00 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw83BE.tmp
2016-06-14 19:54 - 2016-06-14 19:54 - 00112640 _____ (forum.viry.cz) C:\Users\Stanko\Desktop\FRSTLauncher.exe
2016-06-14 19:52 - 2016-06-14 19:52 - 00112640 _____ (forum.viry.cz) C:\Users\Stanko\Downloads\Nepotvrdené 324926.crdownload
2016-06-14 12:26 - 2016-06-14 12:26 - 00021325 _____ C:\ComboFix.txt
2016-06-13 11:33 - 2016-06-14 12:26 - 00000000 ____D C:\Qoobox
2016-06-13 11:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-06-13 11:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-06-13 11:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-13 11:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-13 11:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-13 11:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-06-13 11:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-06-13 11:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-06-13 11:32 - 2016-06-14 12:14 - 00000000 ____D C:\Windows\erdnt
2016-06-13 11:31 - 2016-06-13 11:31 - 05659224 ____R (Swearware) C:\Users\Stanko\Desktop\ComboFix.exe
2016-06-13 00:32 - 2016-06-13 00:32 - 00001971 _____ C:\Users\Stanko\Desktop\mbam.txt
2016-06-12 19:54 - 2016-06-12 19:56 - 00000000 ____D C:\AdwCleaner
2016-06-12 19:53 - 2016-06-12 19:53 - 03677248 _____ C:\Users\Stanko\Desktop\adwcleaner_5.119.exe
2016-06-12 02:43 - 2016-06-12 02:45 - 00046238 _____ C:\Users\Stanko\Downloads\Addition.txt
2016-06-12 02:10 - 2016-06-14 19:58 - 00000000 ____D C:\FRST
2016-06-12 02:09 - 2016-06-12 02:09 - 02385408 _____ (Farbar) C:\Users\Stanko\Desktop\FRST64.exe
2016-06-12 01:50 - 2016-06-12 20:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 01:49 - 2016-06-12 01:49 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-12 01:49 - 2016-06-12 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-12 01:49 - 2016-06-12 01:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-12 01:49 - 2016-06-12 01:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-12 01:49 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-12 01:49 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-12 01:49 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-12 00:56 - 2016-06-12 00:57 - 22851472 _____ (Malwarebytes ) C:\Users\Stanko\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-12 00:55 - 2016-06-12 00:55 - 06893008 _____ (Piriform Ltd) C:\Users\Stanko\Downloads\ccsetup518.exe
2016-05-29 11:34 - 2016-05-29 11:34 - 00000000 _____ C:\Users\Stanko\AppData\Local\{81456139-CA62-4990-872D-E186BD282613}
2016-05-22 12:59 - 2016-05-22 13:02 - 54177030 _____ C:\Users\Stanko\Downloads\Fontána-pre-Zuzanu-2.rar
2016-05-22 00:50 - 2016-05-22 00:50 - 01463424 _____ (Skype Technologies S.A.) C:\Users\Stanko\Downloads\SkypeSetup.exe
2016-05-15 14:13 - 2016-05-15 14:13 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-15 14:02 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-15 14:02 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-15 14:02 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-15 14:02 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-15 14:02 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-15 14:02 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-15 14:02 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-15 14:02 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-15 14:02 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-15 14:02 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-15 14:02 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-15 14:02 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-15 14:02 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-15 14:02 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-15 14:02 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-15 14:02 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-15 14:02 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-15 14:02 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-15 14:02 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-15 14:02 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-15 14:02 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-15 14:02 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-15 14:02 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-15 14:02 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-15 14:02 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-15 14:02 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-15 14:02 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-15 14:02 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-15 14:02 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-15 14:02 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-15 14:02 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-15 14:02 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-15 14:02 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-15 14:02 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-15 14:02 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-15 14:02 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-15 14:02 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-15 14:02 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-15 14:02 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-15 14:02 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-15 14:02 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-15 14:02 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-15 14:02 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-15 14:02 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-15 14:02 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-15 14:02 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-15 14:02 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-15 14:02 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-15 14:02 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-15 14:02 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-15 14:02 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-15 14:02 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-15 14:02 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-15 14:02 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-15 14:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-15 14:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-15 14:02 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-15 14:02 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-15 14:02 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-15 14:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-15 14:02 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-15 14:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-15 14:02 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-15 14:02 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-15 14:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-15 14:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-15 14:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-15 14:01 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-15 14:01 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-15 14:01 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-15 14:01 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-15 14:01 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-15 14:01 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-15 14:01 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-15 14:01 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-15 14:01 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-15 14:01 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-15 14:01 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-15 14:01 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-15 14:00 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-15 14:00 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-15 14:00 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-15 14:00 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-15 14:00 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-15 14:00 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-15 14:00 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-15 14:00 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-15 14:00 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-15 14:00 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-15 14:00 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-15 14:00 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-15 14:00 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-15 14:00 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-15 14:00 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-15 14:00 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-15 14:00 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-15 14:00 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-15 14:00 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-15 14:00 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-15 14:00 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-15 14:00 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-15 14:00 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-15 14:00 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-15 14:00 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-15 14:00 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-15 14:00 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-15 13:59 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-15 13:59 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-14 19:55 - 2015-01-10 11:32 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-14 19:55 - 2015-01-10 11:32 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-14 19:55 - 2015-01-10 11:32 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-14 19:55 - 2015-01-10 11:32 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-14 19:55 - 2015-01-10 11:32 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-14 19:55 - 2015-01-10 11:32 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-14 19:55 - 2015-01-10 11:32 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-14 19:55 - 2014-11-09 20:57 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-14 19:54 - 2015-01-10 11:32 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-14 19:54 - 2015-01-10 11:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-14 19:52 - 2015-11-03 20:41 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 19:51 - 2015-11-03 20:41 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-14 19:51 - 2013-10-12 11:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-14 19:51 - 2012-06-24 13:06 - 00001046 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001UA.job
2016-06-14 12:32 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-14 12:32 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-14 12:22 - 2016-03-14 22:33 - 00003246 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-06-14 12:22 - 2014-11-09 20:43 - 00002878 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Stanko)
2016-06-14 12:20 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-06-14 12:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-14 12:09 - 2012-06-07 09:55 - 00000000 ____D C:\Users\Stanko\AppData\Roaming\Skype
2016-06-14 12:00 - 2012-06-24 13:06 - 00001024 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001Core.job
2016-06-14 11:58 - 2014-01-07 01:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-14 11:58 - 2011-10-14 05:30 - 00000000 ____D C:\ProgramData\Skype
2016-06-14 00:35 - 2015-01-10 11:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-13 11:25 - 2016-02-06 19:55 - 00000000 ____D C:\Users\Stanko\Downloads\Nový priečinok
2016-06-13 11:25 - 2012-08-01 19:32 - 00000000 ____D C:\AAA
2016-06-12 15:01 - 2012-08-01 17:22 - 00001912 _____ C:\Windows\epplauncher.mif
2016-06-12 02:36 - 2016-01-07 00:18 - 00787532 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-12 02:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-12 02:27 - 2016-02-27 17:39 - 00000000 ____D C:\Windows\Temp6A7BEE29-B756-18E0-C927-2BC12B28511C-Signatures
2016-06-12 00:56 - 2015-07-26 11:40 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-12 00:56 - 2015-07-26 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-11 21:21 - 2015-11-03 20:43 - 00002171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-11 21:21 - 2015-11-03 20:43 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-09 18:41 - 2014-11-09 20:44 - 00000000 ____D C:\ProgramData\ProductData
2016-05-31 23:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-31 23:11 - 2012-08-05 01:50 - 00000000 ____D C:\Users\Stanko\AppData\Local\ElevatedDiagnostics
2016-05-31 21:36 - 2015-04-05 10:18 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-31 21:36 - 2015-04-05 10:18 - 00000000 ____D C:\Windows\SysWOW64\GWX
2016-05-29 11:51 - 2012-07-13 12:24 - 00000000 ____D C:\Users\Stanko\AppData\Roaming\dvdcss
2016-05-25 18:19 - 2009-07-14 06:45 - 00413416 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-25 18:17 - 2014-12-10 18:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-25 18:17 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-22 01:06 - 2013-07-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-05-22 00:44 - 2012-06-21 21:44 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-15 14:13 - 2013-10-12 11:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-15 14:13 - 2012-06-24 02:07 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-15 14:13 - 2011-10-14 05:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 13:16 - 2015-11-03 20:41 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-15 13:16 - 2015-11-03 20:41 - 00003680 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-09-21 17:12 - 2015-09-21 17:12 - 6420480 _____ () C:\Program Files (x86)\GUT3EB.tmp
2015-07-22 20:16 - 2015-07-22 20:16 - 6420480 _____ () C:\Program Files (x86)\GUT3EE4.tmp
2016-05-12 21:24 - 2016-05-12 21:24 - 6748160 _____ () C:\Program Files (x86)\GUT7B76.tmp
2016-05-13 19:10 - 2016-05-13 19:10 - 6748160 _____ () C:\Program Files (x86)\GUTED53.tmp
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Stanko\AppData\Roaming\CFMIBJER
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Stanko\AppData\Roaming\GU
2012-07-02 23:57 - 2015-06-16 00:15 - 0012800 _____ () C:\Users\Stanko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-29 11:34 - 2016-05-29 11:34 - 0000000 _____ () C:\Users\Stanko\AppData\Local\{81456139-CA62-4990-872D-E186BD282613}
2011-11-27 19:30 - 2011-11-27 19:33 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2015-11-02 21:50 - 2015-11-02 21:52 - 0000032 _____ () C:\ProgramData\PS.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001Core.job => C:\Users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001UA.job => C:\Users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Stanko\Desktop" je 13309 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flvto YouTube Downloader
"C:\Users\Stanko\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe" /minimize [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Steam\steam.exe" -silent [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

Vypnete trvale Windows Defender

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Stanko\Desktop" je 13309 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku




Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP22&ocid=UP22DHP
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FF user.js: detected! => C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js [2016-06-12]
FF Extension: No Name - C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]

CHR Plugin: (Babylon ToolBar) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll => No File
CHR Plugin: (Application Manager) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001Core.job => C:\Users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001UA.job => C:\Users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {97CCDDBC-8A92-49AB-8CD6-B05AD0BF9BCD} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {CE7F3E11-4DDB-4AD1-A986-2231AA2BAEF4} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flvto YouTube Downloader
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[plasko]

defender by mal byt neaktivny, vypol som mu automaticku kontrolku aj kontrolu v realnom case, tak dufam bude od neho pokoj

plocha zmensena na cca 50mb, zvysok vyodkazovany naspat

log z frst (znova mal problem s aktualizaciou) :

Fix result of Farbar Recovery Scan Tool (x64) Version:10-06-2016
Ran by Stanko (2016-06-15 20:20:09) Run:1
Running from C:\Users\Stanko\Desktop
Loaded Profiles: Stanko (Available Profiles: Stanko)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP22&ocid=UP22DHP
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FF user.js: detected! => C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js [2016-06-12]
FF Extension: No Name - C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-10-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]

CHR Plugin: (Babylon ToolBar) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll => No File
CHR Plugin: (Application Manager) - C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001Core.job => C:\Users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001UA.job => C:\Users\Stanko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {97CCDDBC-8A92-49AB-8CD6-B05AD0BF9BCD} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {CE7F3E11-4DDB-4AD1-A986-2231AA2BAEF4} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flvto YouTube Downloader
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-542987268-1208656116-1080822998-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-542987268-1208656116-1080822998-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\user.js => moved successfully
C:\Users\Stanko\AppData\Roaming\Mozilla\Firefox\Profiles\d8fz97f4.default\extensions\iobitascsurfingprotection@iobit.com => path removed successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => moved successfully
C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll => not found.
C:\Users\Stanko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => moved successfully
catchme => service removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001Core.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542987268-1208656116-1080822998-1001UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97CCDDBC-8A92-49AB-8CD6-B05AD0BF9BCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97CCDDBC-8A92-49AB-8CD6-B05AD0BF9BCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CE7F3E11-4DDB-4AD1-A986-2231AA2BAEF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7F3E11-4DDB-4AD1-A986-2231AA2BAEF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flvto YouTube Downloader => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 769.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:20:42 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.