Younudoo

Zpráva

NTB práce · #1 Příspěvek od **NTB práce** » 19 pro 2016 09:52

Dobrý den, prosím o kontrolu logu, na ntb se mi neustále instaluje nějaký Moneybot a jako vyhledávač Turtix a Younudoo.
Děkuji a přeji hezký den
Helena

Logfile of random's system information tool 1.14 (written by random/random)
Run by Helena at 2016-12-19 09:43:07
Microsoft Windows 8 Pro
System drive C: has 133 GB (56%) free of 238 GB
Total RAM: 2039 MB (48% free)
X86

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:25, on 19. 12. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Helena\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe
C:\Users\Helena\AppData\Roaming\VDI\Shared\Product Updater\monhost.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Helena\Downloads\RSIT.exe
C:\Program Files\trend micro\Helena_RSIT.exe
C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
C:\Users\Helena\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszMqSVmeQEMzeIBkvqsGOTeYgNs7Pjy_16RXD4McEsG848ifyfOms2XptFllbvKSpZEP98CYq7Hfa6DJKkGsRjGP0Gv2bB10mb5qIOZWVOJNnsXM_koD0D4W15gYW1fNTJGNwPPMneorn1t-At1o_SDHgEo9j-s,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszMqSVmeQEMzeIBkvqsGOTeYgNs7Pjy_16RXD4McEsG848ifyfOms2XptFllbvKSpZEP98CYq7Hfa6DJKkGsRjGP0Gv2bB10mb5qIOZWVOJNnsXM_koD0D4W15gYW1fNTJGNwPPMneorn1t-At1o_SDHgEo9j-s,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszMqSVmeQEMzeIBkvqsGOTeYgNs7Pjy_16RXD4McEsG848ifyfOms2XptFllbvKSpZEP98CYq7Hfa6DJKkGsRjGP0Gv2bB10mb5qIOZWVOJNnsXM_koD0D4W15gYW1fNTJGNwPPMneorn1t-At1o_SDHgEo9j-s,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 99A21DF519
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszMqSVmeQEMzeIBkvqsGOTeYgNs7Pjy_16RXD4McEsG848ifyfOms2XptFllbvKSpZEP98CYq7Hfa6DJKkGsRjGP0Gv2bB10mb5qIOZWVOJNnsXM_koD0D4W15gYW1fNTJGNwPPMneorn1t-At1o_SDHgEo9j-s,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O4 - Startup: monhost.lnk = ?
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amule.org/ - C:\Program Files\amuleC1\ed2k.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: iThemes5 - Unknown owner - rundll32.exe (file missing)
O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\Windows\system32\\spdsvc.exe
O23 - Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) - Unknown owner - C:\Windows\system32\SecUPDUtilSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6150 bytes

======Scheduled tasks folder======

C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Trigger KMS Activation - "C:\Program Files\KMSnano\TriggerKMS.exe" 31 "silent.cmd"
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\Setup\8.1 auto install ping - %windir%\system32\AutoUpdate.exe /Ping
C:\Windows\system32\tasks\Microsoft\Windows\Setup\8.1 auto install v2 - C:\Windows\system32\AutoUpdate.exe /Auto
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\Multimedia\Manager - C:\Users\Helena\AppData\Roaming\Adobe\Manager.exe 604C4206-B430-43E1-A102-8BF11249AEC2
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent /increment
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload
C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send
C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f
C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA - C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /l

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={ielnksrch}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18 163528]

C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
monhost.lnk - C:\Users\Helena\AppData\Roaming\VDI\Shared\Product Updater\monhost.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8E6AA99A-A5C6-11E6-8AD9-64006A5CFC23}"= []
"{6F9310E2-AA81-11E6-BEE6-64006A5CFC23}"=C:\Users\Helena\AppData\Roaming\Canakclobeck\Shertionanaver.dll []
"{B6F0F030-AA82-11E6-BD19-64006A5CFC23}"=C:\Users\Helena\AppData\Roaming\Cucult\Clerwle.dll [2016-12-12 125952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe]
"Debugger="C:\Program Files\Plerserchstarile\_ALLOWDEL_23ff0f1a\Gubed.exe -Yrrehs

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"StubPath"="C:\Program Files\UCBrowser\Application\5.7.15319.5\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files\UCBrowser"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-19 09:43:07 ----D---- C:\rsit
2016-12-19 09:43:07 ----D---- C:\Program Files\trend micro
2016-12-19 09:01:42 ----D---- C:\Program Files\WinArcher
2016-12-19 09:01:27 ----D---- C:\Program Files\f09er35s
2016-12-19 08:09:34 ----D---- C:\Users\Helena\AppData\Roaming\VDI
2016-12-15 10:05:03 ----D---- C:\Program Files\amuleC1
2016-12-15 10:01:22 ----D---- C:\ProgramData\WinSAPSvc
2016-12-15 09:59:48 ----D---- C:\Program Files\i259grt0
2016-12-12 14:08:43 ----A---- C:\Windows\system32\bi3.exe
2016-12-12 10:14:07 ----D---- C:\Program Files\Plerserchstarile
2016-12-12 10:07:26 ----D---- C:\Users\Helena\AppData\Roaming\Cucult
2016-12-12 08:36:15 ----D---- C:\Program Files\4601231B-1481528182-11E0-088C-6D99104D1929
2016-12-12 08:32:06 ----D---- C:\Users\Helena\AppData\Roaming\Mozilla
2016-12-12 08:31:07 ----A---- C:\Users\Helena\AppData\Roaming\noah.dat
2016-12-12 08:31:07 ----A---- C:\Users\Helena\AppData\Roaming\Main.dat
2016-12-12 08:31:06 ----A---- C:\Users\Helena\AppData\Roaming\agent.dat
2016-12-12 08:31:04 ----A---- C:\Users\Helena\AppData\Roaming\Volttom.exe
2016-12-12 08:29:47 ----A---- C:\Users\Helena\AppData\Roaming\Installer.dat
2016-12-12 08:28:23 ----D---- C:\Program Files\Nenther_
2016-12-12 08:04:09 ----D---- C:\Users\Helena\AppData\Roaming\Canakclobeck
2016-12-12 08:00:30 ----D---- C:\Program Files\Nenther
2016-12-06 09:56:17 ----D---- C:\Windows\LastGood.Tmp
2016-12-05 12:14:48 ----A---- C:\ProgramData\SECA5EF.tmp
2016-11-28 09:41:16 ----A---- C:\ProgramData\SEC737B.tmp
2016-11-28 09:38:55 ----A---- C:\ProgramData\SEC4DA3.tmp
2016-11-25 11:07:54 ----A---- C:\Windows\system32\FNTCACHE.DAT
2016-11-25 10:53:34 ----D---- C:\2f4ce53e8d967d6182184e4556903841
2016-11-25 10:43:21 ----D---- C:\Windows\system32\AutoUpdateLicense
2016-11-25 10:08:00 ----A---- C:\Windows\system32\log.txt
2016-11-25 09:31:09 ----D---- C:\AdwCleaner
2016-11-25 09:09:01 ----D---- C:\ProgramData\ProductData
2016-11-25 09:08:04 ----D---- C:\Windows\IObit
2016-11-25 09:07:56 ----D---- C:\ProgramData\IObit
2016-11-25 09:07:54 ----A---- C:\Windows\system32\drivers\HWiNFO32.SYS
2016-11-25 09:07:52 ----D---- C:\Users\Helena\AppData\Roaming\IObit
2016-11-25 09:07:46 ----D---- C:\ProgramData\Avira
2016-11-25 09:07:46 ----D---- C:\ProgramData\Avg
2016-11-25 09:07:46 ----D---- C:\Program Files\UCBrowser
2016-11-25 09:07:45 ----D---- C:\ProgramData\AVAST Software
2016-11-25 09:06:24 ----D---- C:\Program Files\IObit
2016-11-25 09:05:12 ----D---- C:\Users\Helena\AppData\Roaming\Vatertainpharucult
2016-11-25 09:05:10 ----D---- C:\Users\Helena\AppData\Roaming\Profiles
2016-11-25 09:04:57 ----D---- C:\Program Files\Gacerse
2016-11-24 12:54:59 ----D---- C:\Program Files\Mozilla Firefox
2016-11-24 11:40:00 ----A---- C:\Windows\system32\dwmapi.dll
2016-11-24 11:39:59 ----A---- C:\Windows\system32\d3d10warp.dll
2016-11-24 11:39:58 ----A---- C:\Windows\system32\wcmsvc.dll
2016-11-24 11:39:58 ----A---- C:\Windows\system32\storagewmi.dll
2016-11-24 11:39:58 ----A---- C:\Windows\system32\drivers\volsnap.sys
2016-11-24 11:39:57 ----A---- C:\Windows\system32\wcmcsp.dll
2016-11-24 11:39:57 ----A---- C:\Windows\system32\defragsvc.dll
2016-11-24 11:39:56 ----A---- C:\Windows\system32\KBDYAK.DLL
2016-11-24 11:39:56 ----A---- C:\Windows\system32\KBDTAT.DLL
2016-11-24 11:39:56 ----A---- C:\Windows\system32\KBDRUM.DLL
2016-11-24 11:39:56 ----A---- C:\Windows\system32\KBDRU1.DLL
2016-11-24 11:39:56 ----A---- C:\Windows\system32\KBDRU.DLL
2016-11-24 11:39:56 ----A---- C:\Windows\system32\KBDBASH.DLL
2016-11-24 11:39:56 ----A---- C:\Windows\system32\Defrag.exe
2016-11-24 11:39:30 ----A---- C:\Windows\system32\WSShared.dll
2016-11-24 11:39:30 ----A---- C:\Windows\system32\WinSetupUI.dll
2016-11-24 11:39:30 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-24 11:39:30 ----A---- C:\Windows\system32\NotificationUI.exe
2016-11-24 11:39:30 ----A---- C:\Windows\system32\AutoUpdate.exe
2016-11-23 09:02:55 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-11-22 13:18:17 ----SD---- C:\Windows\system32\CompatTel
2016-11-22 13:18:17 ----D---- C:\Windows\system32\Appraiser
2016-11-22 13:18:17 ----D---- C:\Windows\Migration
2016-11-22 12:40:39 ----A---- C:\Windows\system32\msvcr120_clr0400.dll
2016-11-22 12:33:05 ----A---- C:\Windows\system32\drivers\hdaudbus.sys
2016-11-22 12:11:16 ----A---- C:\Windows\system32\VSSVC.exe
2016-11-22 12:11:16 ----A---- C:\Windows\system32\vsstrace.dll
2016-11-22 12:11:16 ----A---- C:\Windows\system32\vssapi.dll
2016-11-22 11:47:40 ----A---- C:\Windows\system32\Windows.Globalization.dll
2016-11-22 11:14:40 ----D---- C:\Program Files\MSXML 4.0
2016-11-22 09:35:22 ----A---- C:\Windows\system32\aspnet_counters.dll
2016-11-22 07:59:10 ----A---- C:\Windows\system32\netcfg-83213460.txt
2016-11-22 07:59:10 ----A---- C:\Windows\system32\netcfg-83213304.txt
2016-11-22 07:59:10 ----A---- C:\Windows\system32\netcfg-83212945.txt
2016-11-22 07:59:08 ----A---- C:\Windows\system32\netcfg-83210980.txt
2016-11-21 08:51:52 ----A---- C:\Windows\system32\netcfg-518157.txt
2016-11-21 07:53:48 ----A---- C:\Windows\system32\netcfg-518060163.txt
2016-11-21 07:53:45 ----A---- C:\Windows\system32\netcfg-518056996.txt
2016-11-21 07:53:43 ----A---- C:\Windows\system32\netcfg-518055514.txt
2016-11-21 07:53:43 ----A---- C:\Windows\system32\netcfg-518054438.txt

======List of files/folders modified in the last 1 month======

2016-12-19 09:43:19 ----D---- C:\Windows\Prefetch
2016-12-19 09:43:07 ----RD---- C:\Program Files
2016-12-19 09:28:48 ----HD---- C:\ProgramData
2016-12-19 09:18:21 ----D---- C:\Windows\Temp
2016-12-19 09:01:37 ----D---- C:\Program Files\Common Files\Services
2016-12-19 09:00:01 ----D---- C:\Windows\system32\sru
2016-12-19 08:40:50 ----D---- C:\Windows\Microsoft.NET
2016-12-19 08:26:45 ----SHD---- C:\Windows\Installer
2016-12-19 08:21:44 ----D---- C:\Windows\system32\Tasks
2016-12-19 08:05:27 ----RD---- C:\Windows\assembly
2016-12-19 08:03:31 ----D---- C:\ProgramData\Microsoft Help
2016-12-19 07:59:49 ----SHD---- C:\System Volume Information
2016-12-15 10:58:57 ----D---- C:\Users\Helena\AppData\Roaming\Samsung
2016-12-15 10:25:46 ----RD---- C:\Windows\System32
2016-12-15 10:25:46 ----D---- C:\Windows\system32\Drivers
2016-12-15 10:25:44 ----D---- C:\Windows\inf
2016-12-15 08:55:37 ----D---- C:\Program Files\Common Files
2016-12-13 08:50:17 ----D---- C:\Windows\system32\config
2016-12-12 11:45:01 ----D---- C:\ProgramData\boost_interprocess
2016-12-12 10:15:16 ----D---- C:\SWSetup
2016-12-12 10:15:16 ----D---- C:\Program Files\Synaptics
2016-12-12 10:15:16 ----D---- C:\Intel
2016-12-12 10:15:16 ----D---- C:\2279a8061a5cabd19a2640
2016-12-12 10:14:46 ----SHD---- C:\Program Files\Windows Sidebar
2016-12-12 10:14:46 ----HD---- C:\Program Files\Uninstall Information
2016-12-12 10:14:46 ----HD---- C:\Program Files\InstallShield Installation Information
2016-12-12 10:14:46 ----D---- C:\Program Files\WinRAR
2016-12-12 10:14:46 ----D---- C:\Program Files\Windows Portable Devices
2016-12-12 10:14:46 ----D---- C:\Program Files\Windows Photo Viewer
2016-12-12 10:14:46 ----D---- C:\Program Files\Windows NT
2016-12-12 10:14:46 ----D---- C:\Program Files\Windows Multimedia Platform
2016-12-12 10:14:46 ----D---- C:\Program Files\Windows Media Player
2016-12-12 10:14:46 ----D---- C:\Program Files\Windows Mail
2016-12-12 10:14:46 ----D---- C:\Program Files\Windows Journal
2016-12-12 10:14:46 ----D---- C:\Program Files\Software602
2016-12-12 10:14:46 ----D---- C:\Program Files\SamsungPrinterLiveUpdateInstaller
2016-12-12 10:14:46 ----D---- C:\Program Files\SamsungPrinterLiveUpdate
2016-12-12 10:14:46 ----D---- C:\Program Files\Samsung
2016-12-12 10:14:46 ----D---- C:\Program Files\Microsoft.NET
2016-12-12 10:14:46 ----D---- C:\Program Files\Microsoft SQL Server
2016-12-12 10:14:46 ----D---- C:\Program Files\Microsoft Office
2016-12-12 10:14:46 ----D---- C:\Program Files\Microsoft Analysis Services
2016-12-12 10:14:46 ----D---- C:\Program Files\KMSnano
2016-12-12 10:14:46 ----D---- C:\Program Files\Internet Explorer
2016-12-12 10:14:46 ----D---- C:\Program Files\Hewlett-Packard
2016-12-12 10:14:46 ----D---- C:\Program Files\Google
2016-12-12 10:14:46 ----D---- C:\Program Files\CCleaner
2016-12-12 10:14:46 ----D---- C:\Program Files\Adobe
2016-12-12 09:16:04 ----D---- C:\Windows
2016-12-09 10:20:04 ----D---- C:\Users\Helena\AppData\Roaming\uTorrent
2016-12-09 10:09:30 ----D---- C:\Windows\WinSxS
2016-11-30 12:36:45 ----D---- C:\Windows\rescache
2016-11-25 10:53:36 ----D---- C:\Windows\SoftwareDistribution
2016-11-25 10:43:21 ----D---- C:\Windows\WinStore
2016-11-25 10:43:18 ----D---- C:\Windows\system32\wbem
2016-11-25 10:43:18 ----D---- C:\Windows\system32\cs-CZ
2016-11-25 10:43:17 ----RSD---- C:\Windows\Fonts
2016-11-25 10:43:13 ----D---- C:\Windows\system32\DriverStore
2016-11-25 10:08:08 ----D---- C:\Windows\Tasks
2016-11-25 10:07:22 ----D---- C:\Windows\CbsTemp
2016-11-25 09:44:23 ----D---- C:\Windows\Logs
2016-11-25 09:10:11 ----D---- C:\Windows\debug
2016-11-25 09:07:45 ----D---- C:\uTorrent
2016-11-25 09:07:45 ----D---- C:\PerfLogs
2016-11-25 09:07:45 ----D---- C:\Downloads
2016-11-25 09:05:52 ----D---- C:\Users\Helena\AppData\Roaming\Adobe
2016-11-25 08:10:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-11-24 12:24:10 ----D---- C:\Windows\system32\catroot2
2016-11-24 09:00:27 ----D---- C:\Windows\AppCompat
2016-11-23 09:02:48 ----SHD---- C:\Boot
2016-11-22 13:19:22 ----D---- C:\Windows\PolicyDefinitions
2016-11-22 13:19:21 ----D---- C:\Windows\system32\en-US
2016-11-22 13:19:17 ----D---- C:\Windows\system32\Boot
2016-11-22 13:19:15 ----D---- C:\Windows\apppatch
2016-11-22 13:19:01 ----D---- C:\Windows\system32\migration
2016-11-22 13:18:50 ----D---- C:\Windows\system32\AdvancedInstallers
2016-11-22 13:18:48 ----D---- C:\Windows\system32\drivers\cs-CZ
2016-11-22 13:18:46 ----RD---- C:\Windows\ToastData
2016-11-22 13:18:35 ----D---- C:\Windows\system32\CodeIntegrity
2016-11-22 13:18:17 ----SD---- C:\ProgramData\Microsoft
2016-11-22 13:17:45 ----D---- C:\Program Files\Common Files\microsoft shared
2016-11-22 13:17:23 ----D---- C:\Windows\system32\Dism
2016-11-22 13:17:21 ----D---- C:\Windows\system32\oobe
2016-11-22 13:17:00 ----RD---- C:\Windows\ImmersiveControlPanel
2016-11-22 13:13:51 ----D---- C:\Windows\system32\drivers\UMDF
2016-11-22 12:28:51 ----D---- C:\Windows\system32\MRT
2016-11-22 12:19:05 ----AC---- C:\Windows\system32\MRT.exe
2016-11-22 11:46:15 ----A---- C:\Windows\system32\cryptdlg.dll
2016-11-22 11:45:06 ----A---- C:\Windows\system32\appidsvc.dll
2016-11-22 11:45:06 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-11-22 11:45:06 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-11-22 11:45:06 ----A---- C:\Windows\system32\appidapi.dll
2016-11-22 11:38:51 ----A---- C:\Windows\system32\advapi32.dll
2016-11-22 11:34:30 ----A---- C:\Windows\system32\authui.dll
2016-11-22 11:29:56 ----A---- C:\Windows\system32\sppobjs.dll
2016-11-22 11:26:02 ----A---- C:\Windows\system32\wer.dll
2016-11-22 11:26:01 ----A---- C:\Windows\system32\WerFaultSecure.exe
2016-11-22 11:26:01 ----A---- C:\Windows\system32\Faultrep.dll
2016-11-22 11:25:08 ----A---- C:\Windows\system32\cryptsvc.dll
2016-11-22 11:25:08 ----A---- C:\Windows\system32\apprepsync.dll
2016-11-22 11:25:08 ----A---- C:\Windows\system32\apprepapi.dll
2016-11-22 11:25:07 ----A---- C:\Windows\system32\wintrust.dll
2016-11-22 11:23:12 ----A---- C:\Windows\system32\certutil.exe
2016-11-22 11:23:11 ----A---- C:\Windows\system32\cryptnet.dll
2016-11-22 11:22:08 ----A---- C:\Windows\system32\dpnsvr.exe
2016-11-22 11:22:08 ----A---- C:\Windows\system32\dpnhupnp.dll
2016-11-22 11:22:08 ----A---- C:\Windows\system32\dpnhpast.dll
2016-11-22 11:22:08 ----A---- C:\Windows\system32\dpnet.dll
2016-11-22 11:22:08 ----A---- C:\Windows\system32\dpnathlp.dll
2016-11-22 11:18:22 ----A---- C:\Windows\system32\TSWbPrxy.exe
2016-11-22 11:17:33 ----A---- C:\Windows\system32\crypt32.dll
2016-11-22 11:16:26 ----A---- C:\Windows\system32\shell32.dll
2016-11-22 11:10:48 ----A---- C:\Windows\system32\inetpp.dll
2016-11-22 11:10:47 ----A---- C:\Windows\system32\wiaacmgr.exe
2016-11-22 11:10:46 ----A---- C:\Windows\system32\WSDMon.dll
2016-11-22 11:10:44 ----A---- C:\Windows\system32\srmtrace.dll
2016-11-22 11:10:44 ----A---- C:\Windows\system32\srmstormod.dll
2016-11-22 11:10:44 ----A---- C:\Windows\system32\srmshell.dll
2016-11-22 11:10:44 ----A---- C:\Windows\system32\srm_ps.dll
2016-11-22 11:10:43 ----A---- C:\Windows\system32\wlidsvc.dll
2016-11-22 11:10:43 ----A---- C:\Windows\system32\mmc.exe
2016-11-22 11:10:41 ----A---- C:\Windows\system32\setupapi.dll
2016-11-22 11:10:38 ----A---- C:\Windows\system32\iphlpsvc.dll
2016-11-22 11:08:41 ----A---- C:\Windows\system32\mstscax.dll
2016-11-22 11:08:41 ----A---- C:\Windows\system32\aaclient.dll
2016-11-22 11:06:33 ----A---- C:\Windows\system32\esent.dll
2016-11-22 11:05:48 ----A---- C:\Windows\system32\d2d1.dll
2016-11-22 11:05:02 ----A---- C:\Windows\system32\nlasvc.dll
2016-11-22 11:05:02 ----A---- C:\Windows\system32\nlaapi.dll
2016-11-22 11:05:02 ----A---- C:\Windows\system32\ncsi.dll
2016-11-22 10:57:17 ----A---- C:\Windows\system32\sysmain.dll
2016-11-22 10:25:32 ----A---- C:\Windows\system32\rdpudd.dll
2016-11-22 10:25:32 ----A---- C:\Windows\system32\rdpcorets.dll
2016-11-22 10:24:53 ----A---- C:\Windows\system32\ole32.dll
2016-11-22 10:24:07 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-11-22 10:22:33 ----A---- C:\Windows\system32\msieftp.dll
2016-11-22 10:21:50 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-11-22 10:18:24 ----A---- C:\Windows\system32\pcasvc.dll
2016-11-22 10:18:24 ----A---- C:\Windows\system32\pcalua.exe
2016-11-22 10:18:24 ----A---- C:\Windows\system32\pcaevts.dll
2016-11-22 10:18:24 ----A---- C:\Windows\system32\pcadm.dll
2016-11-22 10:18:24 ----A---- C:\Windows\system32\aepic.dll
2016-11-22 10:18:23 ----A---- C:\Windows\system32\devinv.dll
2016-11-22 10:18:23 ----A---- C:\Windows\system32\aeinv.dll
2016-11-22 10:16:38 ----A---- C:\Windows\system32\usercpl.dll
2016-11-22 10:16:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-11-22 10:16:35 ----A---- C:\Windows\system32\msv1_0.dll
2016-11-22 10:16:34 ----A---- C:\Windows\system32\lsasrv.dll
2016-11-22 10:16:32 ----A---- C:\Windows\system32\SHCore.dll
2016-11-22 10:16:30 ----A---- C:\Windows\system32\lsm.dll
2016-11-22 10:16:28 ----A---- C:\Windows\system32\winresume.exe
2016-11-22 10:16:28 ----A---- C:\Windows\system32\winload.exe
2016-11-22 10:16:27 ----A---- C:\Windows\system32\winlogon.exe
2016-11-22 10:16:26 ----A---- C:\Windows\system32\sspicli.dll
2016-11-22 10:16:25 ----A---- C:\Windows\system32\wdigest.dll
2016-11-22 10:16:25 ----A---- C:\Windows\system32\kerberos.dll
2016-11-22 10:16:24 ----A---- C:\Windows\system32\TSpkg.dll
2016-11-22 10:16:24 ----A---- C:\Windows\system32\credssp.dll
2016-11-22 10:13:43 ----A---- C:\Windows\system32\taskkill.exe
2016-11-22 10:13:42 ----A---- C:\Windows\system32\tasklist.exe
2016-11-22 10:13:42 ----A---- C:\Windows\system32\duser.dll
2016-11-22 10:13:41 ----A---- C:\Windows\system32\wersvc.dll
2016-11-22 10:13:40 ----A---- C:\Windows\system32\wpd_ci.dll
2016-11-22 10:13:39 ----A---- C:\Windows\system32\hotspotauth.dll
2016-11-22 10:13:38 ----A---- C:\Windows\system32\WWanAPI.dll
2016-11-22 10:13:36 ----A---- C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-11-22 10:13:34 ----A---- C:\Windows\system32\wlroamextension.dll
2016-11-22 10:08:38 ----A---- C:\Windows\system32\osk.exe
2016-11-22 10:07:23 ----A---- C:\Windows\system32\nshwfp.dll
2016-11-22 10:07:23 ----A---- C:\Windows\system32\IKEEXT.DLL
2016-11-22 10:07:22 ----A---- C:\Windows\system32\BFE.DLL
2016-11-22 10:03:31 ----A---- C:\Windows\system32\WMPhoto.dll
2016-11-22 10:02:01 ----A---- C:\Windows\system32\imagehlp.dll
2016-11-22 10:01:12 ----A---- C:\Windows\system32\d3d11.dll
2016-11-22 09:59:45 ----A---- C:\Windows\system32\user32.dll
2016-11-22 09:59:43 ----A---- C:\Windows\system32\GdiPlus.dll
2016-11-22 09:59:43 ----A---- C:\Windows\system32\DWrite.dll
2016-11-22 09:59:42 ----A---- C:\Windows\system32\FntCache.dll
2016-11-22 09:55:57 ----A---- C:\Windows\system32\schedsvc.dll
2016-11-22 09:51:24 ----A---- C:\Windows\system32\WebClnt.dll
2016-11-22 09:51:24 ----A---- C:\Windows\system32\davclnt.dll
2016-11-22 09:49:55 ----A---- C:\Windows\system32\cryptcatsvc.dll
2016-11-22 09:49:12 ----A---- C:\Windows\system32\msctf.dll
2016-11-22 09:46:50 ----A---- C:\Windows\system32\qedit.dll
2016-11-22 09:44:31 ----A---- C:\Windows\system32\rpcrt4.dll
2016-11-22 09:43:05 ----A---- C:\Windows\system32\packager.dll
2016-11-22 09:37:36 ----A---- C:\Windows\system32\gdi32.dll
2016-11-22 09:33:54 ----A---- C:\Windows\system32\dwmredir.dll
2016-11-22 09:33:52 ----A---- C:\Windows\system32\iuilp.dll
2016-11-22 09:33:51 ----A---- C:\Windows\system32\mfreadwrite.dll
2016-11-22 09:33:48 ----A---- C:\Windows\system32\conhost.exe
2016-11-22 09:33:47 ----A---- C:\Windows\system32\dmvdsitf.dll
2016-11-22 09:33:46 ----A---- C:\Windows\system32\wscsvc.dll
2016-11-22 09:33:46 ----A---- C:\Windows\system32\wscapi.dll
2016-11-22 09:33:44 ----A---- C:\Windows\system32\fhengine.dll
2016-11-22 09:33:44 ----A---- C:\Windows\system32\fhcfg.dll
2016-11-22 09:33:43 ----A---- C:\Windows\system32\rsaenh.dll
2016-11-22 09:33:40 ----A---- C:\Windows\system32\wmp.dll
2016-11-22 09:33:39 ----A---- C:\Windows\system32\ci.dll
2016-11-22 09:33:38 ----A---- C:\Windows\system32\RecoveryDrive.exe
2016-11-22 09:33:36 ----A---- C:\Windows\system32\tquery.dll
2016-11-22 09:33:36 ----A---- C:\Windows\system32\SearchIndexer.exe
2016-11-22 09:33:36 ----A---- C:\Windows\system32\mssprxy.dll
2016-11-22 09:33:36 ----A---- C:\Windows\system32\mssitlb.dll
2016-11-22 09:33:35 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2016-11-22 09:33:35 ----A---- C:\Windows\system32\SearchFilterHost.exe
2016-11-22 09:33:35 ----A---- C:\Windows\system32\mssvp.dll
2016-11-22 09:33:35 ----A---- C:\Windows\system32\mssrch.dll
2016-11-22 09:33:35 ----A---- C:\Windows\system32\mssphtb.dll
2016-11-22 09:33:35 ----A---- C:\Windows\system32\mssph.dll
2016-11-22 09:33:35 ----A---- C:\Windows\system32\msshooks.dll
2016-11-22 09:33:35 ----A---- C:\Windows\system32\msscntrs.dll
2016-11-22 09:33:34 ----A---- C:\Windows\system32\Windows.Networking.dll
2016-11-22 09:33:34 ----A---- C:\Windows\system32\MSAudDecMFT.dll
2016-11-22 09:33:32 ----A---- C:\Windows\system32\XpsRasterService.dll
2016-11-22 09:33:32 ----A---- C:\Windows\system32\fmifs.dll
2016-11-22 09:33:31 ----A---- C:\Windows\system32\kd_02_10ec.dll
2016-11-22 09:33:29 ----A---- C:\Windows\system32\MFMediaEngine.dll
2016-11-22 09:33:28 ----A---- C:\Windows\system32\wpncore.dll
2016-11-22 09:31:27 ----A---- C:\Windows\system32\ReAgentc.exe
2016-11-22 09:29:20 ----A---- C:\Windows\system32\rpchttp.dll
2016-11-22 09:29:15 ----A---- C:\Windows\system32\WsmSvc.dll
2016-11-22 09:29:14 ----A---- C:\Windows\system32\WsmWmiPl.dll
2016-11-22 09:29:13 ----A---- C:\Windows\system32\FXSCOMEX.dll
2016-11-22 09:29:12 ----A---- C:\Windows\system32\FXSAPI.dll
2016-11-22 09:15:10 ----A---- C:\Windows\system32\netcfgx.dll
2016-11-22 09:15:09 ----A---- C:\Windows\system32\drvstore.dll
2016-11-22 09:15:07 ----A---- C:\Windows\system32\NdisImPlatform.dll
2016-11-22 09:15:06 ----A---- C:\Windows\system32\TimeBrokerServer.dll
2016-11-22 09:15:06 ----A---- C:\Windows\system32\DevDispItemProvider.dll
2016-11-22 09:15:03 ----A---- C:\Windows\system32\WSDPrintProxy.DLL
2016-11-22 09:15:01 ----A---- C:\Windows\system32\usbmon.dll
2016-11-22 09:15:00 ----A---- C:\Windows\system32\wpdbusenum.dll
2016-11-22 09:14:59 ----A---- C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-22 09:14:59 ----A---- C:\Windows\system32\discan.dll
2016-11-22 09:14:58 ----A---- C:\Windows\system32\SystemEventsBrokerServer.dll
2016-11-22 09:11:24 ----A---- C:\Windows\system32\scrrun.dll
2016-11-22 09:11:24 ----A---- C:\Windows\system32\scrobj.dll
2016-11-22 09:11:24 ----A---- C:\Windows\system32\cscript.exe
2016-11-22 09:09:42 ----A---- C:\Windows\system32\profsvc.dll
2016-11-22 09:04:00 ----A---- C:\Windows\system32\untfs.dll
2016-11-22 09:04:00 ----A---- C:\Windows\system32\autochk.exe
2016-11-22 09:03:22 ----A---- C:\Windows\system32\taskhostex.exe
2016-11-22 09:03:22 ----A---- C:\Windows\system32\taskhost.exe
2016-11-22 09:03:22 ----A---- C:\Windows\system32\psmsrv.dll
2016-11-22 09:03:21 ----A---- C:\Windows\system32\Magnify.exe
2016-11-22 09:03:18 ----A---- C:\Windows\system32\bisrv.dll
2016-11-22 09:03:18 ----A---- C:\Windows\system32\AuthHost.exe
2016-11-22 09:03:17 ----A---- C:\Windows\system32\muifontsetup.dll
2016-11-22 09:03:17 ----A---- C:\Windows\system32\mfmp4srcsnk.dll
2016-11-22 09:03:16 ----A---- C:\Windows\system32\DevicePairing.dll
2016-11-22 09:03:15 ----A---- C:\Windows\system32\npmproxy.dll
2016-11-22 09:03:15 ----A---- C:\Windows\system32\netprofmsvc.dll
2016-11-22 09:03:15 ----A---- C:\Windows\system32\netprofm.dll
2016-11-22 09:03:14 ----A---- C:\Windows\system32\BCP47Langs.dll
2016-11-22 09:03:12 ----A---- C:\Windows\system32\biwinrt.dll
2016-11-22 09:03:10 ----A---- C:\Windows\system32\stobject.dll
2016-11-22 09:03:08 ----A---- C:\Windows\system32\gpprefcl.dll
2016-11-22 09:03:08 ----A---- C:\Windows\system32\AppXDeploymentServer.dll
2016-11-22 09:03:08 ----A---- C:\Windows\system32\AppXDeploymentExtensions.dll
2016-11-22 09:03:04 ----A---- C:\Windows\system32\netplwiz.dll
2016-11-22 09:01:00 ----A---- C:\Windows\system32\oleaut32.dll
2016-11-22 09:00:32 ----A---- C:\Windows\system32\fontsub.dll
2016-11-22 09:00:32 ----A---- C:\Windows\system32\dciman32.dll
2016-11-22 09:00:32 ----A---- C:\Windows\system32\atmlib.dll
2016-11-22 09:00:32 ----A---- C:\Windows\system32\atmfd.dll
2016-11-22 09:00:02 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2016-11-22 09:00:00 ----A---- C:\Windows\system32\WerFault.exe
2016-11-22 08:59:11 ----A---- C:\Windows\system32\notepad.exe
2016-11-22 08:59:09 ----A---- C:\Windows\notepad.exe
2016-11-22 08:56:39 ----A---- C:\Windows\system32\msihnd.dll
2016-11-22 08:56:39 ----A---- C:\Windows\system32\consent.exe
2016-11-22 08:56:39 ----A---- C:\Windows\system32\appinfo.dll
2016-11-22 08:56:37 ----A---- C:\Windows\system32\msi.dll
2016-11-22 08:56:36 ----A---- C:\Windows\system32\msiexec.exe
2016-11-22 08:54:57 ----A---- C:\Windows\system32\wevtsvc.dll
2016-11-22 08:54:34 ----A---- C:\Windows\system32\rastls.dll
2016-11-22 08:52:41 ----A---- C:\Windows\system32\quartz.dll
2016-11-22 08:52:40 ----A---- C:\Windows\system32\qasf.dll
2016-11-22 08:52:39 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-11-22 08:52:38 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-11-22 08:52:37 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-11-22 08:52:35 ----A---- C:\Windows\system32\EncDump.dll
2016-11-22 08:52:35 ----A---- C:\Windows\system32\audiosrv.dll
2016-11-22 08:52:35 ----A---- C:\Windows\system32\AudioSes.dll
2016-11-22 08:52:35 ----A---- C:\Windows\system32\AudioEndpointBuilder.dll
2016-11-22 08:52:34 ----A---- C:\Windows\system32\AUDIOKSE.dll
2016-11-22 08:52:34 ----A---- C:\Windows\system32\AudioEng.dll
2016-11-22 08:52:34 ----A---- C:\Windows\system32\audiodg.exe
2016-11-22 08:52:33 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-11-22 08:52:32 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-11-22 08:52:32 ----A---- C:\Windows\system32\mfsvr.dll
2016-11-22 08:52:31 ----A---- C:\Windows\system32\winmde.dll
2016-11-22 08:52:29 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-11-22 08:52:28 ----A---- C:\Windows\system32\mfnetcore.dll
2016-11-22 08:52:27 ----A---- C:\Windows\system32\mfps.dll
2016-11-22 08:52:27 ----A---- C:\Windows\system32\mf.dll
2016-11-22 08:52:26 ----A---- C:\Windows\system32\wmpmde.dll
2016-11-22 08:52:26 ----A---- C:\Windows\system32\evr.dll
2016-11-22 08:52:25 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2016-11-22 08:52:24 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-11-22 08:52:24 ----A---- C:\Windows\system32\devenum.dll
2016-11-22 08:52:23 ----A---- C:\Windows\system32\mfplat.dll
2016-11-22 08:52:23 ----A---- C:\Windows\system32\mfcore.dll
2016-11-22 08:52:22 ----A---- C:\Windows\system32\Windows.Media.dll
2016-11-22 08:52:21 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-11-22 08:52:21 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2016-11-22 08:52:20 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-11-22 08:52:20 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-11-22 08:52:19 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-11-22 08:52:19 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-11-22 08:52:18 ----A---- C:\Windows\system32\qdvd.dll
2016-11-22 08:52:18 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-11-22 08:52:17 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-11-22 08:52:17 ----A---- C:\Windows\system32\mfnetsrc.dll
2016-11-22 08:52:16 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-11-22 08:52:16 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-11-22 08:52:16 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-11-22 08:52:15 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-11-22 08:52:15 ----A---- C:\Windows\system32\mfvdsp.dll
2016-11-22 08:48:14 ----A---- C:\Windows\system32\fhsvc.dll
2016-11-22 08:48:14 ----A---- C:\Windows\system32\fhshl.dll
2016-11-22 08:48:14 ----A---- C:\Windows\system32\fhmanagew.exe
2016-11-22 08:48:14 ----A---- C:\Windows\system32\fhevents.dll
2016-11-22 08:48:14 ----A---- C:\Windows\system32\fhcleanup.dll
2016-11-22 08:48:14 ----A---- C:\Windows\system32\fhcat.dll
2016-11-22 08:48:13 ----A---- C:\Windows\system32\fhtask.dll
2016-11-22 08:48:13 ----A---- C:\Windows\system32\fhsvcctl.dll
2016-11-22 08:48:13 ----A---- C:\Windows\system32\fhsrchph.dll
2016-11-22 08:48:13 ----A---- C:\Windows\system32\fhsrchapi.dll
2016-11-22 08:48:13 ----A---- C:\Windows\system32\fhlisten.dll
2016-11-22 08:48:13 ----A---- C:\Windows\system32\fhautoplay.dll
2016-11-22 08:47:40 ----A---- C:\Windows\system32\wmploc.DLL
2016-11-22 08:47:40 ----A---- C:\Windows\system32\spwmp.dll
2016-11-22 08:47:39 ----A---- C:\Windows\system32\dxmasf.dll
2016-11-22 08:47:11 ----A---- C:\Windows\system32\rasser.dll
2016-11-22 08:47:11 ----A---- C:\Windows\system32\rascfg.dll
2016-11-22 08:47:10 ----A---- C:\Windows\system32\rasmxs.dll
2016-11-22 08:47:10 ----A---- C:\Windows\system32\rasdiag.dll
2016-11-21 08:45:49 ----D---- C:\Program Files\Windows Defender
2016-11-21 08:25:12 ----A---- C:\Windows\system32\msdrm.dll
2016-11-21 08:22:23 ----A---- C:\Windows\system32\basesrv.dll
2016-11-21 08:22:22 ----A---- C:\Windows\system32\csrsrv.dll
2016-11-21 08:22:16 ----A---- C:\Windows\system32\sspisrv.dll
2016-11-21 08:22:16 ----A---- C:\Windows\system32\lsass.exe
2016-11-21 08:22:07 ----A---- C:\Windows\system32\adtschema.dll
2016-11-21 08:19:39 ----A---- C:\Windows\system32\pku2u.dll
2016-11-21 08:12:33 ----A---- C:\Windows\system32\comctl32.dll
2016-11-21 08:12:14 ----A---- C:\Windows\system32\clfsw32.dll
2016-11-21 08:05:21 ----A---- C:\Windows\system32\termsrv.dll
2016-11-21 08:05:20 ----A---- C:\Windows\system32\winsta.dll
2016-11-21 08:05:17 ----A---- C:\Windows\system32\mstsc.exe
2016-11-21 08:02:23 ----A---- C:\Windows\system32\SettingSync.dll
2016-11-21 08:02:22 ----A---- C:\Windows\system32\SettingSyncInfo.dll
2016-11-21 08:02:21 ----A---- C:\Windows\system32\actxprxy.dll
2016-11-21 08:02:19 ----A---- C:\Windows\system32\Windows.UI.Immersive.dll
2016-11-21 08:02:17 ----A---- C:\Windows\system32\twinui.dll
2016-11-21 07:59:18 ----A---- C:\Windows\system32\rfxvmt.dll
2016-11-21 07:59:16 ----A---- C:\Windows\system32\msaudite.dll
2016-11-21 07:58:13 ----A---- C:\Windows\system32\wpdshext.dll

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO32.SYS [2016-11-25 23840]
R1 MpKsl335d47de;MpKsl335d47de; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB0D7834-BC8A-4D80-8B2A-08093247B8D9}\MpKsl335d47de.sys [2016-12-15 39168]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 52224]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2013-04-10 5120]
R3 AgereSoftModem;@mdmagrs.inf,%FullProductName%;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2012-06-02 1035776]
R3 BCM43XX;@netbc63.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl63.sys [2012-06-02 4704256]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-03-02 40448]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 93696]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 56320]
R3 e1express;@nete1e32.inf,%E1Express.Service.DispName%;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2012-07-25 214528]
R3 HBtnKey;@oem1.inf,%CPQBTTN.SvcDesc%;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-24 15544]
R3 HpqKbFiltr;@oem3.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2009-04-29 15872]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2012-03-23 4815872]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-02 123904]
R3 SynTP;@oem4.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-01 36864]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 13824]
R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S1 jtbdkdxu;jtbdkdxu; \??\C:\Windows\system32\drivers\jtbdkdxu.sys []
S1 kitjqkep;kitjqkep; \??\C:\Windows\system32\drivers\kitjqkep.sys []
S1 peqdkyqn;peqdkyqn; \??\C:\Windows\system32\drivers\peqdkyqn.sys []
S1 rfeiyduq;rfeiyduq; \??\C:\Windows\system32\drivers\rfeiyduq.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-02 990208]
S3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2012-07-26 16384]
S3 WSDScan;@sti.inf,%WSDScan.SvcDesc%;Podpora skenování WSD; C:\Windows\System32\drivers\WSDScan.sys [2012-10-11 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-01 82128]
R2 Archer;Archer; C:\Windows\system32\svchost.exe -k ArcherGroupEx;"ServiceDll"=C:\Program Files\WinArcher\Archer.dll
R2 ed2kidle;ed2k idle service; C:\Program Files\amuleC1\ed2k.exe [2016-11-16 237568]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-07 31776]
R2 Plutiied;Plutiied; %SystemRoot%\system32\svchost.exe -k Plutiied;"ServiceDll"=C:\Program Files\Nenther\zagoyfmiRpr.dll
R2 Samsung Printer Dianostics Service;Samsung Printer Dianostics Service; C:\Windows\system32\\spdsvc.exe [2016-08-17 499000]
R2 SamsungUPDUtilSvc;Samsung UPD Utility Service; C:\Windows\system32\SecUPDUtilSvc.exe [2016-10-11 143664]
R2 WinSAPSvc;WinSAPSvc; C:\Windows\system32\svchost.exe -k WinSAPSvc;"ServiceDll"=C:\ProgramData\WinSAPSvc\WinSAP.dll
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-29 153752]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-29 153752]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 iThemes5;iThemes5; rundll32 C:\Program Files\Common Files\Services\iThemes.dll,fnde_svr []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 19 pro 2016 19:01

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

NTB práce · #3 Příspěvek od **NTB práce** » 20 pro 2016 08:09

Dobré ráno, log z Adwcleaneru:

# AdwCleaner v6.041 - Log vytvořen 20/12/2016 v 08:03:01
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-19.1 [Server]
# Operační systém : Windows 8 Pro (X86)
# Uživatelské jméno : Helena - KOORDINATOR
# Spuštěno z : C:\Users\Helena\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

***** [ Soubory ] *****

[-] Soubor smazán: C:\Windows\run.vbs

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\b`nl{y

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3245 Bajty] - [25/11/2016 09:36:03]
C:\AdwCleaner\AdwCleaner[C2].txt - [1848 Bajty] - [25/11/2016 11:06:54]
C:\AdwCleaner\AdwCleaner[C3].txt - [2281 Bajty] - [28/11/2016 09:40:33]
C:\AdwCleaner\AdwCleaner[C4].txt - [5630 Bajty] - [12/12/2016 09:14:53]
C:\AdwCleaner\AdwCleaner[C5].txt - [6743 Bajty] - [19/12/2016 11:50:43]
C:\AdwCleaner\AdwCleaner[C6].txt - [1242 Bajty] - [20/12/2016 08:03:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [3214 Bajty] - [25/11/2016 09:35:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [2042 Bajty] - [25/11/2016 11:06:34]
C:\AdwCleaner\AdwCleaner[S2].txt - [2458 Bajty] - [28/11/2016 09:36:23]
C:\AdwCleaner\AdwCleaner[S3].txt - [5372 Bajty] - [12/12/2016 09:11:08]
C:\AdwCleaner\AdwCleaner[S4].txt - [8093 Bajty] - [19/12/2016 11:48:48]
C:\AdwCleaner\AdwCleaner[S5].txt - [2068 Bajty] - [20/12/2016 08:02:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [1753 Bajty] ##########

#4 Příspěvek od **Rudy** » 20 pro 2016 18:22

Dejte nový log RSIT.

VIRY.CZ

Younudoo

Younudoo

Re: Younudoo

Re: Younudoo

Re: Younudoo