Prosím o radu.

[ab021]

Pri kontrole PC ADW Cleanerom sa mi stále objavuje v registroch infikácia. Dám ju odstrániť a na druhý deň ju tam mám opäť. Poraďte prosím.

Log. z ADW Cleaneru:
# AdwCleaner v6.041 - Log vytvořen 21/12/2016 v 22:28:59
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-21.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : ab021 - AB021-PC
# Spuštěno z : C:\Users\ab021\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1044 Bajty] - [21/12/2016 22:28:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [1551 Bajty] - [21/12/2016 22:23:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1190 Bajty] ##########

[Rudy]

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[ab021]

Posielam scan z FRST:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by ab021 (22-12-2016 18:10:20)
Running from E:\
Windows 7 Professional Service Pack 1 (X64) (2016-07-26 07:17:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ab021 (S-1-5-21-4105794192-3944765755-37458331-1000 - Administrator - Enabled) => C:\Users\ab021
Administrator (S-1-5-21-4105794192-3944765755-37458331-500 - Administrator - Disabled)
Guest (S-1-5-21-4105794192-3944765755-37458331-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4105794192-3944765755-37458331-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-4105794192-3944765755-37458331-1006 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
Aktualizácie NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6321 - CDBurnerXP)
ConvertHelper 3.0 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrossLoop 2.82 (HKLM-x32\...\CrossLoop_is1) (Version: 2.82 - CrossLoop, Inc.)
CZ (x32 Version: 13.0 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ESET Smart Security (HKLM\...\{F0235BC5-889C-442D-B831-7F894E5C9AD1}) (Version: 6.0.316.2 - ESET, spol s r. o.)
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
IsoBuster 3.6 (HKLM-x32\...\IsoBuster_is1) (Version: 3.6 - Smart Projects)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 sk) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 sk)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafický ovládač 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
Ovládací panel NVIDIA 309.08 (Version: 309.08 - NVIDIA Corporation) Hidden
Pamela Pro 4.8 (HKLM-x32\...\Pamela) (Version: 4.8 - Scendix Software-Vertriebsges. mbH)
Popisovač CD/DVD 4.0 (HKLM-x32\...\Popisovač CD/DVD_is1) (Version: - PS Media s.r.o.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Software tiskárny EPSON (HKLM\...\EPSON Printer and Utilities) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52 - Ghisler Software GmbH)
Trust Webcam 16175 (HKLM-x32\...\{7B1E8FA3-32BB-4902-AF7E-B9D9DAD6A675}) (Version: 1.0.0.0 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0 - DivX, Inc) Hidden
Video Convert Master 8.0.8.24 (HKLM-x32\...\Video Convert Master_is1) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YoWindow (HKLM-x32\...\yowindow) (Version: 3 - RepkaSoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {002CF2A6-EBCD-4FBB-94C4-E0E031C5F233} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {91E3A65C-3842-45C3-9331-7A7860C574B6} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ab021\Desktop\CrossLoop Connect.lnk -> C:\Users\ab021\AppData\Local\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server
ShortcutWithArgument: C:\Users\ab021\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrossLoop\CrossLoop.lnk -> C:\Users\ab021\AppData\Local\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server
ShortcutWithArgument: C:\Users\ab021\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk -> C:\Users\ab021\AppData\Local\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server

==================== Loaded Modules (Whitelisted) ==============

2016-10-09 17:13 - 2015-01-31 01:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-15 06:57 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 06:57 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4105794192-3944765755-37458331-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-09-21 13:28 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4105794192-3944765755-37458331-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ab021\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
MSCONFIG\startupreg: PACTray => C:\Windows\Pixart\PAC7302\PACTray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9008BCF1-79D1-465B-94A1-042D71E1ACFB}] => LPort=5910
FirewallRules: [{005ADEA0-97D4-45F1-9856-685D735642C1}] => C:\Users\ab021\AppData\Local\CrossLoop\vncviewer.exe
FirewallRules: [{0ED6F4F8-183E-4315-8E1D-EA815DEE4028}] => C:\Users\ab021\AppData\Local\CrossLoop\vncviewer.exe
FirewallRules: [{6C62BFE2-4307-4E91-A605-6E25E3F76F26}] => C:\Users\ab021\AppData\Local\CrossLoop\tvnserver.exe
FirewallRules: [{21649500-C343-4374-A1A2-A85E48A3CB0B}] => C:\Users\ab021\AppData\Local\CrossLoop\tvnserver.exe
FirewallRules: [{CA444743-FF69-44B0-A50D-97E1F94C1189}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B2DC0AEF-4D3C-4C5D-A9A9-85B93093F888}] => D:\Users\ab021\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{A70EF58E-1036-4BF3-9597-642C24088E0B}] => D:\Users\ab021\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{CBB504A1-5F53-40A9-B069-D7F07E103B00}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F05F0FFF-1CA1-4082-8F2D-AD5A216D44C5}] => LPort=2869
FirewallRules: [{2F3C071B-613F-49B3-BE06-5DC6DB247273}] => LPort=1900
FirewallRules: [{E6412393-F2DA-412C-A75E-68BC49883FB5}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5981343A-79F1-4FA2-95F4-1E4948094A51}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F6F5AC99-E3B2-4EDC-9560-89B5B81784BA}] => D:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{C8EF1ECC-DB14-4922-A2C2-71E3BA3F89B8}] => D:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{6B797A88-692B-4CAD-929D-249E58FF0736}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{57138941-0FD2-4FFA-98DF-211795994305}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{958E15D3-2352-4EAD-AA5A-1B50276A49C5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-12-2016 07:28:22 Bod obnovenia
20-12-2016 15:48:38 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2016 06:02:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/22/2016 06:02:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/22/2016 04:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/22/2016 04:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/22/2016 03:40:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/22/2016 03:40:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/22/2016 12:20:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/22/2016 12:20:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/22/2016 10:41:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/22/2016 10:41:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (12/22/2016 12:24:57 PM) (Source: NetBT) (EventID: 4300) (User: )
Description: The driver could not be created.

Error: (12/22/2016 12:24:57 PM) (Source: NetBT) (EventID: 4300) (User: )
Description: The driver could not be created.


==================== Memory info ===========================

Processor: AMD Athlon(tm) X2 240 Processor
Percentage of memory in use: 39%
Total physical RAM: 4095.55 MB
Available physical RAM: 2465.72 MB
Total Virtual: 8189.29 MB
Available Virtual: 6457.25 MB

==================== Drives ================================

Drive c: (Systém) (Fixed) (Total:407.06 GB) (Free:309.43 GB) NTFS
Drive d: (Programy) (Fixed) (Total:117.19 GB) (Free:115.37 GB) NTFS
Drive e: (Záloha) (Fixed) (Total:407.16 GB) (Free:230.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 21A4C592)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=407.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=524.3 GB) - (Type=05)

==================== End of Addition.txt ============================

[Rudy]

Potřebuji log FRST. Toto je pouze Additional.

[ab021]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by ab021 (administrator) on AB021-PC (22-12-2016 18:09:34)
Running from E:\
Loaded Profiles: ab021 & UpdatusUser (Available Profiles: ab021 & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) D:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CrossLoop) C:\Users\ab021\AppData\Local\CrossLoop\CrossLoopService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKU\S-1-5-21-4105794192-3944765755-37458331-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4105794192-3944765755-37458331-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.0 keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{1D09F30E-7C59-4C0D-8511-C1BA8CD749CD}: [DhcpNameServer] 192.168.3.1

Internet Explorer:
==================
HKU\S-1-5-21-4105794192-3944765755-37458331-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.sk/
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-01-22] (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-26] (Oracle Corporation)
BHO-x32: Pomocník pri prihlasovaní v konte Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-26] (Oracle Corporation)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/n ... rtScan.cab

FireFox:
========
FF DefaultProfile: 6e2z5zc5.default
FF ProfilePath: C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6e2z5zc5.default [2016-12-22]
FF Homepage: Mozilla\Firefox\Profiles\6e2z5zc5.default -> www.google.sk
FF Extension: (ImTranslator) - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6e2z5zc5.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2016-12-14]
FF Extension: (Video DownloadHelper) - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6e2z5zc5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-20]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2016-07-26] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-14] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.sk/"
CHR Profile: C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default [2016-12-22]
CHR Extension: (Prezentácie Google) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-26]
CHR Extension: (h264ify) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2016-10-22]
CHR Extension: (Dokumenty Google) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-26]
CHR Extension: (Disk Google) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-26]
CHR Extension: (Adguard blokovač reklamy) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-08]
CHR Extension: (YouTube) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-26]
CHR Extension: (uBlock Origin) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-19]
CHR Extension: (Nepi Jano!) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiebaglkdeebobffhbomapifjjjjakj [2016-10-22]
CHR Extension: (uBlock) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-09-13]
CHR Extension: (Tabuľky Google) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-26]
CHR Extension: (UglyEmail) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2016-12-19]
CHR Extension: (Video DownloadHelper) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-26]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-12-21]
CHR Extension: (Gmail) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-26]
CHR Extension: (Chrome Media Router) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CrossLoopService; C:\Users\ab021\AppData\Local\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S4 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SbieSvc; D:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
S3 tvnserver; C:\Users\ab021\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-14] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82048 2016-07-26] (VSO Software) [File not signed]
R3 SbieDrv; D:\Program Files\Sandboxie\SbieDrv.sys [192616 2016-07-12] (Sandboxie Holdings, LLC) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 18:09 - 2016-12-22 18:09 - 00000000 ____D C:\FRST
2016-12-16 07:13 - 2016-12-16 07:13 - 00000000 ____D C:\Program Files (x86)\trend micro
2016-12-15 21:25 - 2016-12-15 20:49 - 00171706 _____ C:\Users\ab021\Documents\2012_Ziadost-o-poskytnutie-prispevku_NPZS-1.pdf
2016-12-14 17:03 - 2016-12-16 12:07 - 00000000 ____D C:\Users\ab021\AppData\Local\Mozilla
2016-12-14 17:03 - 2016-12-14 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 17:03 - 2016-12-14 17:07 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-14 17:03 - 2016-12-14 17:07 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-14 17:03 - 2016-12-14 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 17:03 - 2016-12-14 17:03 - 00000000 ____D C:\Users\ab021\AppData\Roaming\Mozilla
2016-12-13 19:40 - 2016-11-21 19:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-13 19:40 - 2016-11-21 19:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-13 19:40 - 2016-11-21 19:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-13 19:40 - 2016-11-21 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-13 19:40 - 2016-11-20 17:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-13 19:40 - 2016-11-20 17:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-13 19:40 - 2016-11-20 17:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-13 19:40 - 2016-11-20 17:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-13 19:40 - 2016-11-20 17:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-13 19:40 - 2016-11-20 17:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-13 19:40 - 2016-11-20 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-13 19:40 - 2016-11-20 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-13 19:40 - 2016-11-20 16:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-13 19:40 - 2016-11-20 16:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-13 19:40 - 2016-11-20 16:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-13 19:40 - 2016-11-20 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-13 19:40 - 2016-11-20 16:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-13 19:40 - 2016-11-20 15:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-13 19:40 - 2016-11-17 17:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-13 19:40 - 2016-11-15 00:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-13 19:40 - 2016-11-14 23:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-13 19:40 - 2016-11-12 20:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-13 19:40 - 2016-11-12 20:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-13 19:40 - 2016-11-12 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-13 19:40 - 2016-11-12 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-13 19:40 - 2016-11-12 20:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-13 19:40 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-13 19:40 - 2016-11-12 20:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-13 19:40 - 2016-11-12 20:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-13 19:40 - 2016-11-12 20:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-13 19:40 - 2016-11-12 20:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-13 19:40 - 2016-11-12 20:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-13 19:40 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-13 19:40 - 2016-11-12 20:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-13 19:40 - 2016-11-12 20:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-13 19:40 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-13 19:40 - 2016-11-12 20:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-13 19:40 - 2016-11-12 19:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-13 19:40 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-13 19:40 - 2016-11-12 19:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-13 19:40 - 2016-11-12 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-13 19:40 - 2016-11-12 19:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 19:40 - 2016-11-12 19:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-13 19:40 - 2016-11-12 19:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-13 19:40 - 2016-11-12 19:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-13 19:40 - 2016-11-12 19:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-13 19:40 - 2016-11-12 19:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-13 19:40 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-13 19:40 - 2016-11-12 19:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-13 19:40 - 2016-11-12 19:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-13 19:40 - 2016-11-12 19:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-13 19:40 - 2016-11-12 19:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-13 19:40 - 2016-11-12 19:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-13 19:40 - 2016-11-12 19:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-13 19:40 - 2016-11-12 19:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-13 19:40 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-13 19:40 - 2016-11-12 19:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-13 19:40 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-13 19:40 - 2016-11-12 19:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-13 19:40 - 2016-11-12 19:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-13 19:40 - 2016-11-12 19:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-13 19:40 - 2016-11-12 19:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-13 19:40 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-13 19:40 - 2016-11-12 19:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-13 19:40 - 2016-11-12 19:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-13 19:40 - 2016-11-12 19:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-13 19:40 - 2016-11-12 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-13 19:40 - 2016-11-12 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-13 19:40 - 2016-11-12 18:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-13 19:40 - 2016-11-12 18:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-13 19:40 - 2016-11-12 18:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-13 19:40 - 2016-11-12 18:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-13 19:40 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-13 19:40 - 2016-11-12 18:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-13 19:40 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-13 19:40 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-13 19:40 - 2016-11-12 18:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-13 19:40 - 2016-11-12 18:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-13 19:40 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-13 19:40 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-13 19:40 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-13 19:40 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-13 19:40 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-13 19:40 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-13 19:40 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-13 19:40 - 2016-11-10 17:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-13 19:40 - 2016-11-10 17:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-13 19:40 - 2016-11-09 17:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-13 19:40 - 2016-11-09 17:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-13 19:40 - 2016-11-09 17:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-13 19:40 - 2016-11-09 17:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-13 19:40 - 2016-11-09 17:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-13 19:40 - 2016-11-09 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-13 19:40 - 2016-11-09 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-13 19:40 - 2016-11-09 17:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-13 19:40 - 2016-11-09 17:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-13 19:40 - 2016-11-09 17:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-13 19:40 - 2016-11-09 17:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-13 19:40 - 2016-11-09 17:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-13 19:40 - 2016-11-09 17:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-13 19:40 - 2016-11-09 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-13 19:40 - 2016-11-06 17:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-13 19:40 - 2016-11-06 17:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-13 19:40 - 2016-11-06 17:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-13 19:40 - 2016-10-27 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-13 19:40 - 2016-10-27 16:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-13 19:40 - 2016-10-11 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-13 19:40 - 2016-10-11 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-13 19:40 - 2016-10-11 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-13 19:40 - 2016-10-11 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-13 19:40 - 2016-10-11 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-13 19:40 - 2016-10-11 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-13 19:40 - 2016-10-11 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-13 19:40 - 2016-10-11 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-13 19:40 - 2016-10-11 16:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-13 19:40 - 2016-10-11 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-13 19:40 - 2016-10-11 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-13 19:40 - 2016-10-11 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-13 19:40 - 2016-10-11 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-13 19:40 - 2016-10-11 16:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-13 19:40 - 2016-10-11 16:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 16:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-13 19:40 - 2016-10-11 16:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-13 19:40 - 2016-10-11 16:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-13 19:40 - 2016-10-11 15:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-13 19:40 - 2016-10-11 15:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-13 19:40 - 2016-10-11 15:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-13 19:40 - 2016-10-11 15:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-13 19:40 - 2016-10-11 15:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-13 19:40 - 2016-10-11 15:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-13 19:40 - 2016-10-11 15:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-13 19:40 - 2016-10-11 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-13 19:40 - 2016-10-11 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-13 19:40 - 2016-10-11 14:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-13 19:40 - 2016-10-11 14:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-13 19:40 - 2016-10-08 14:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-13 19:40 - 2016-10-04 16:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-13 19:40 - 2016-10-04 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-13 19:40 - 2016-10-04 16:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-13 19:40 - 2016-10-04 16:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-13 19:40 - 2016-10-04 16:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-13 19:40 - 2016-10-04 16:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-13 19:40 - 2016-10-04 16:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-13 19:40 - 2016-10-04 16:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-10 22:44 - 2016-12-10 22:44 - 00000905 _____ C:\Users\ab021\Desktop\Save2PCPortable.lnk
2016-12-10 21:39 - 2016-12-10 21:39 - 00000000 ____D C:\Users\ab021\AppData\Roaming\EurekaLog
2016-12-10 16:06 - 2016-12-10 16:06 - 00001245 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2016-12-10 16:06 - 2016-12-10 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-12-10 16:02 - 2016-12-10 16:07 - 00000000 ____D C:\Users\ab021\AppData\Roaming\DVDVideoSoft
2016-12-10 15:44 - 2016-12-10 15:44 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2016-12-08 11:24 - 2016-12-08 11:28 - 00000000 ____D C:\Users\ab021\AppData\Roaming\YoWindow
2016-12-08 11:24 - 2016-12-08 11:24 - 00000704 _____ C:\Users\Public\Desktop\YoWindow.lnk
2016-12-08 11:24 - 2016-12-08 11:24 - 00000000 ____D C:\ProgramData\YoWindow
2016-12-08 11:24 - 2016-12-08 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YoWindow
2016-12-08 11:23 - 2016-12-08 11:23 - 00000000 ____D C:\Program Files (x86)\YoWindow
2016-12-04 22:21 - 2016-12-04 22:21 - 00859080 _____ (repkasoft) C:\Windows\yowindow.scr
2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 18:04 - 2009-07-14 05:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-22 18:04 - 2009-07-14 05:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-22 18:02 - 2009-07-14 06:13 - 00785366 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-22 18:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-22 17:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-22 15:39 - 2016-07-26 08:41 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EB6B6E5-7DE0-45CD-89E5-35A8E2669CA7}
2016-12-22 07:43 - 2016-09-21 13:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-21 07:21 - 2016-11-16 13:08 - 00000000 ____D C:\Users\ab021\AppData\LocalLow\Mozilla
2016-12-21 07:21 - 2016-07-26 18:51 - 00000000 ____D C:\Users\ab021\AppData\Roaming\Skype
2016-12-21 06:51 - 2016-09-13 16:05 - 00000000 ____D C:\Users\ab021\AppData\Roaming\MPC-HC
2016-12-20 17:11 - 2016-07-26 08:55 - 00000696 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-19 22:59 - 2016-07-26 17:36 - 00000000 ___RD C:\Users\ab021\Documents\video
2016-12-16 19:20 - 2009-07-14 06:08 - 00032512 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-16 13:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-12-15 19:02 - 2016-07-26 17:41 - 00000000 ____D C:\Users\ab021\Documents\Mail
2016-12-15 06:57 - 2016-07-26 11:39 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 06:57 - 2016-07-26 11:39 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 12:55 - 2016-07-26 17:33 - 00000000 ____D C:\Users\ab021\Documents\Recepty
2016-12-13 20:01 - 2009-07-14 05:45 - 00419048 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-13 19:56 - 2016-07-26 08:43 - 00000000 ____D C:\Windows\system32\MRT
2016-12-13 19:52 - 2016-07-26 08:43 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-13 19:49 - 2016-07-26 14:12 - 00769348 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-10 23:25 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
2016-12-09 20:25 - 2016-07-26 21:41 - 00000000 ____D C:\Users\ab021\AppData\Roaming\vlc
2016-11-28 12:52 - 2016-07-26 17:41 - 00010404 _____ C:\Users\ab021\Documents\Acronis w 7.xlsx
2016-11-23 20:18 - 2016-07-26 18:51 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-07-26 20:59 - 2016-07-26 20:59 - 0093696 _____ () C:\Users\ab021\AppData\Roaming\ezpinst.exe
2016-07-26 20:59 - 2016-07-26 20:59 - 0007176 _____ () C:\Users\ab021\AppData\Roaming\pcouffin.cat
2016-07-26 20:59 - 2016-07-26 20:59 - 0001167 _____ () C:\Users\ab021\AppData\Roaming\pcouffin.inf
2016-07-26 20:59 - 2016-07-26 21:01 - 0000034 _____ () C:\Users\ab021\AppData\Roaming\pcouffin.log
2016-07-26 20:59 - 2016-07-26 20:59 - 0082048 _____ (VSO Software) C:\Users\ab021\AppData\Roaming\pcouffin.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-16 13:46

==================== End of FRST.txt ============================

[Rudy]

Teď je to vše. Otevřte poznámkový blok a zkopírujte do něj:

Start
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

ResetHosts:
EmptyTemp:
End

Uložte do E:\ jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[ab021]

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by ab021 (22-12-2016 19:55:42) Run:1
Running from C:\Users\ab021\Desktop
Loaded Profiles: ab021 & UpdatusUser (Available Profiles: ab021 & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

ResetHosts:
EmptyTemp:
End
*****************

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
ResetHosts: => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5142416 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 16557528 B
Firefox => 6688081 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 4164 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 65960 B
LocalService => 66228 B
NetworkService => 66228 B
ab021 => 5391004 B
UpdatusUser => 4164 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 40.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:55:43 ====

[Rudy]

Ještě je tam ta infiltrace?

[ab021]

Ano.Teraz som spustil ADWCleaner a log je rovnaký - 2 infiltrácie v registroch.
P.S. Teraz, keď spustím nejaký program (je jedno, ktorý), stratí sa mi z panela úloh panel jazykov. Zobrazí sa len vtedy, keď mám pracovnú plochu bez spusteného programu.

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[ab021]

<?xml version="1.0" encoding="UTF-8"?>

-<logs>

<record subtype="Malware Protection" result="Starting" last_modified_tag="f6a9ec73-1686-42ce-9fa4-83cbd96740e4" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:24.673300+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Started" last_modified_tag="dff5ae51-774f-400d-8a06-8ecb25029465" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:24.688900+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="883c3f90-fa37-4d02-ab0c-d61d6aa838e7" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:24.833300+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Started" last_modified_tag="ad1b355c-db43-4582-9839-a3a3918bc65c" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:28.056300+01:00" LoggingEventType="2" severity="debug"/>

<record last_modified_tag="d0175cbf-726f-4783-ba33-1f5fdb0f8edf" systemname="AB021-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-12-22T07:43:42.843900+01:00" LoggingEventType="1" severity="debug" toVersion="2016.12.21.10" name="Domain Database" fromVersion="2016.12.21.1"/>

<record last_modified_tag="47523f7c-56e6-4ffd-95df-ec186373abb2" systemname="AB021-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-12-22T07:43:46.494300+01:00" LoggingEventType="1" severity="debug" toVersion="2016.12.22.1" name="Malware Database" fromVersion="2016.12.21.2"/>

<record subtype="Refresh" result="Starting" last_modified_tag="0d957b4c-9ea7-4883-bacb-ddba05a69ea9" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:46.556700+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="62ceeb8e-1a55-47fa-b849-7023562bae44" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:46.572300+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="1c7454dd-71d5-4866-a0c8-49f3b9655a66" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:47.352300+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Refresh" result="Success" last_modified_tag="c61676f8-2f1d-4336-b616-1ce20cf6fb21" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:53.186700+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="e901f90d-49a5-431a-8683-62a679855f1b" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:53.217900+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Started" last_modified_tag="f4984d25-3644-4fe7-a301-1fdb381166c8" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:43:56.072700+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="67f6eaff-e2b5-46ca-ba3a-961a3bd41c24" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:44:11.691100+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="c34743fd-0578-43c6-a63d-be52db63f0ac" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:44:12.425100+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Stopping" last_modified_tag="573982ee-325f-45c2-8c5f-329facf7b8d6" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:44:12.431100+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Stopped" last_modified_tag="3e1f7140-4d83-4e04-901e-8aea0424d654" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T07:44:13.099100+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Starting" last_modified_tag="ef557092-0569-424c-9e5b-d6a70606c0b4" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:11:24.378400+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Started" last_modified_tag="923fd3ec-3725-4bff-823f-4fa64aac94b0" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:11:24.409600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="bde5c556-6049-4c06-bc62-bca016cb22bb" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:11:24.456400+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Started" last_modified_tag="f4a61b7f-159d-4ea3-8daa-d369796d3776" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:11:27.685600+01:00" LoggingEventType="2" severity="debug"/>

<record last_modified_tag="acc82cb5-60ec-49af-a70b-6521aed266f4" systemname="AB021-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-12-22T21:11:55.656400+01:00" LoggingEventType="1" severity="debug" toVersion="2016.12.22.13" name="Domain Database" fromVersion="2016.12.21.10"/>

<record last_modified_tag="b4a22b9e-b432-4193-86c7-d0e511e9a04d" systemname="AB021-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-12-22T21:11:59.852800+01:00" LoggingEventType="1" severity="debug" toVersion="2016.12.22.16" name="Malware Database" fromVersion="2016.12.22.1"/>

<record subtype="Refresh" result="Starting" last_modified_tag="93bf0618-35a5-42a3-9693-acf0108d22cd" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:11:59.899600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="7b61b769-1f64-4a41-b8b2-43859adbc1d1" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:11:59.915200+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="88510097-7d14-4858-9a87-2e801baf7163" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:12:00.617200+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Refresh" result="Success" last_modified_tag="b1aa2862-fe6b-432c-8069-b58bc194a3e6" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:12:06.748000+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="d8e0c946-9a52-4869-9c07-f077142fa9c3" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:12:06.779200+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Started" last_modified_tag="f7cc44e7-ea33-4a5b-9576-c2e315008065" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:12:09.696400+01:00" LoggingEventType="2" severity="debug"/>

<record last_modified_tag="855614f1-15f6-4024-8771-c4f880710631" systemname="AB021-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2016-12-22T21:26:44.291800+01:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="883" starttime="2016-12-22T21:12:00+01:00" scantype="threat"/>

<record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="e351faad-0ed0-41a6-9860-41b709f44dfb" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:33:52.039600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="7a2c1eac-51ef-4b47-818d-44ffd9a837ae" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:33:52.878600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Stopping" last_modified_tag="ed13f71d-34ed-4a65-bfb8-198933d6ff2a" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:33:52.887600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Stopped" last_modified_tag="c75fdedf-cc74-40b3-b98b-f421ec42d41e" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:33:53.590600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Starting" last_modified_tag="91ab5b7b-fe98-44fe-8dca-353bfcf5779e" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:45:35.154800+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Started" last_modified_tag="20fbc17c-9741-43af-bd28-ebc8ddda047c" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:45:35.154800+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="5af512e2-d499-4bec-a07e-b68af187adf1" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:45:35.186000+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Started" last_modified_tag="c2807582-5a36-4ec1-bfa3-520208042e5a" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:45:38.243600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="5f9855a4-9ca5-4e0d-9172-8d2ab8e1be86" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:45:50.343400+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="5d19b085-5301-4eaf-8715-2620580e895b" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:45:51.049400+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Stopping" last_modified_tag="f7beb680-cffc-4b6c-83a2-6606f3c6a0ea" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:45:51.054400+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Stopped" last_modified_tag="7f4e334e-aa7c-4aed-9174-3ef7cd85d831" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:45:51.674400+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Starting" last_modified_tag="b6e120d9-d8fc-4ab3-945f-b456b2f676a7" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:58:23.053600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Started" last_modified_tag="205ddf8e-3191-4e17-832f-c80c323c4c90" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:58:24.317200+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Stopping" last_modified_tag="2a65b2df-8038-4fd6-9d18-4513c76536f9" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:58:33.806600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Stopped" last_modified_tag="c3f45de2-6d27-41d1-b410-3d5aed21c1bb" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T21:58:33.812600+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Starting" last_modified_tag="197c3ebd-2cda-4b28-92d1-d5e3c730fbae" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T22:04:08.362400+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Started" last_modified_tag="2a030e0c-6938-4779-81f8-f5a61382a7d0" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T22:04:08.369400+01:00" LoggingEventType="2" severity="debug"/>

<record last_modified_tag="25fdcd4e-aa88-4341-84b4-fedbf3f838c0" systemname="AB021-PC" username="SYSTEM" type="Error" source="Update" datetime="2016-12-22T22:06:46.169400+01:00" LoggingEventType="4" severity="debug" message="Bad md5 or size: domains" code="11"/>

<record last_modified_tag="58c3e060-e395-4f3f-b041-51b3dc37bf88" systemname="AB021-PC" username="SYSTEM" type="Error" source="Update" datetime="2016-12-22T22:06:46.188400+01:00" LoggingEventType="4" severity="debug" message="Bad md5 or size: ips" code="11"/>

<record last_modified_tag="9608a11e-89da-4823-94d9-a5ee25d1939e" systemname="AB021-PC" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-12-22T22:06:46.972400+01:00" LoggingEventType="1" severity="debug" toVersion="2016.12.22.1" name="IP Database" fromVersion="2016.12.20.1"/>

<record last_modified_tag="49ab0a54-cb05-4f41-a923-875136df6322" systemname="AB021-PC" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-12-22T22:06:47.880400+01:00" LoggingEventType="1" severity="debug" toVersion="2016.12.22.13" name="Domain Database" fromVersion="2016.12.22.13"/>

<record subtype="Refresh" result="Starting" last_modified_tag="e91569e6-09de-4f64-80f7-f22bef027971" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T22:06:47.927400+01:00" LoggingEventType="2" severity="debug"/>

<record subtype="Refresh" result="Success" last_modified_tag="fb48095e-c2c3-4a7b-9e8f-e69c21950011" systemname="AB021-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-12-22T22:06:48.465400+01:00" LoggingEventType="2" severity="debug"/>

</logs>

[Rudy]

Log z MBAM vypadá takto: http://forum.viry.cz/viewtopic.php?f=13 ... 1#p1468022 (zde je čistý). Návod: http://forum.viry.cz/viewtopic.php?f=29&t=144868 .

[ab021]

Log z MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 23. 12. 2016
Čas skenování: 23:00
Protokol: MBAM.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.12.23.08
Databáze rootkitů: v2016.11.20.01
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: ab021

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 316576
Uplynulý čas: 11 min, 26 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Rudy]

Podle MBAM je vše v pořádku. Zřejmě jde o falešnou detekci a klíče patří k něčemu regulérnímu.

[ab021]

Ďakujem. Prajem veselé sviatky a veľa úspechov v radách pre nás bežných užívateľov PC.