problem s notebookem
Napsal: 11 kvě 2014 10:37
Dobry den, zakoupil jsem v breznu notebook s win 7 home, dnes po spusteni mi hlasil ze je nelegalni system, to jsem dal do poradku ale stale mi nejede zvuk a kdyz otevru spravce zarizeni je tam jen volne okno, to same treba i sitove pripojeni. prosim o radu popripade nejaky fix.
LOG z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2014-05-10 11:33:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 166 GB (70%) free of 238 GB
Total RAM: 4055 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:52, on 10.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7033 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
taskeng.exe {5011560D-2920-4C59-83BC-844061F0890F}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2800.0.1942468089\922861454" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,5,14,28 --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor --gpu-driver-version --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Control/GoogleNow/Default/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2800.1.1828496892\1197205076" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Control/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2800.3.1257266633\243554069" /prefetch:673131151
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Control/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2800.4.1681364122\1038674054" /prefetch:673131151
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2800.6.741881240\1225762296" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Users\Admin\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-28 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-28 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-28 415256]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-13 116648]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2014-04-25 22415552]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2013-10-23 337432]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-07-20 271360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-05-11 11:14:20 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-11 11:14:19 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 11:14:08 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-05-11 10:53:21 ----D---- C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-05-11 10:53:14 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-11 10:53:14 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-05-11 09:37:46 ----D---- C:\AdwCleaner
2014-05-11 09:15:06 ----A---- C:\Windows\ntbtlog.txt
2014-05-11 09:00:08 ----D---- C:\ProgramData\Malwarebytes
2014-05-10 11:30:00 ----D---- C:\FRST
2014-05-10 11:27:28 ----D---- C:\Program Files\trend micro
2014-05-10 11:27:27 ----D---- C:\rsit
2014-05-08 12:46:25 ----SHD---- C:\Config.Msi
2014-05-03 08:02:41 ----A---- C:\Windows\system32\mshtml.dll
2014-05-03 08:02:39 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-02 10:55:48 ----D---- C:\ProgramData\xml_param
2014-05-02 10:52:43 ----D---- C:\Program Files\Common Files\iSkysoft
2014-05-02 10:52:10 ----D---- C:\ProgramData\iSkysoft iTube Studio
2014-05-02 10:52:08 ----D---- C:\ProgramData\iSkysoft Application Common Data
2014-05-02 10:52:08 ----D---- C:\Program Files (x86)\iSkysoft
2014-05-02 10:47:10 ----D---- C:\Windows\Sun
2014-05-01 08:09:01 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-05-01 08:08:51 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-05-01 08:08:51 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-05-01 08:08:51 ----A---- C:\Windows\SYSWOW64\java.exe
2014-04-29 21:05:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-04-29 21:05:18 ----A---- C:\Windows\system32\ieui.dll
2014-04-29 21:05:17 ----A---- C:\Windows\system32\vbscript.dll
2014-04-29 21:05:16 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-29 21:05:12 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 21:05:12 ----A---- C:\Windows\system32\iernonce.dll
2014-04-29 21:05:12 ----A---- C:\Windows\system32\ie4uinit.exe
2014-04-29 21:05:11 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 21:05:10 ----A---- C:\Windows\system32\jscript9diag.dll
2014-04-29 21:05:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-04-29 21:05:09 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-04-29 21:05:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-04-29 21:05:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-04-29 21:05:09 ----A---- C:\Windows\system32\msrating.dll
2014-04-29 21:05:09 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-29 21:05:09 ----A---- C:\Windows\system32\dxtrans.dll
2014-04-29 21:05:09 ----A---- C:\Windows\system32\dxtmsft.dll
2014-04-29 21:05:08 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-04-29 21:05:08 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-29 21:05:07 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-04-29 21:05:07 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-04-29 21:05:07 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-04-29 21:05:07 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-04-29 21:05:07 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-29 21:05:07 ----A---- C:\Windows\system32\iesetup.dll
2014-04-29 21:05:04 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-04-29 21:05:04 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-04-29 21:05:04 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-04-29 21:05:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 21:05:03 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-04-29 21:05:03 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-04-29 21:05:03 ----A---- C:\Windows\system32\ieapfltr.dll
2014-04-29 21:05:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-04-29 21:05:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-04-29 21:05:01 ----A---- C:\Windows\system32\iertutil.dll
2014-04-29 21:05:00 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-04-29 21:05:00 ----A---- C:\Windows\system32\wininet.dll
2014-04-29 21:05:00 ----A---- C:\Windows\system32\urlmon.dll
2014-04-29 21:04:59 ----A---- C:\Windows\system32\ieframe.dll
2014-04-29 21:04:58 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-04-29 21:04:55 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-04-29 21:04:55 ----A---- C:\Windows\system32\jscript9.dll
2014-04-25 20:37:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-04-25 20:36:42 ----D---- C:\Program Files (x86)\Zaklínač rozšířená edice
2014-04-23 06:34:15 ----D---- C:\Program Files (x86)\Google
2014-04-21 14:52:53 ----D---- C:\ProgramData\Microsoft Games
======List of files/folders modified in the last 1 month======
2014-05-11 11:14:20 ----HD---- C:\ProgramData
2014-05-11 11:14:19 ----D---- C:\Windows\system32\drivers
2014-05-11 10:53:14 ----RD---- C:\Program Files (x86)
2014-05-11 10:49:39 ----D---- C:\Windows\winsxs
2014-05-11 10:49:36 ----D---- C:\Windows\system32\catroot
2014-05-11 10:41:11 ----SHD---- C:\System Volume Information
2014-05-11 10:41:10 ----D---- C:\Windows\Logs
2014-05-11 10:14:05 ----D---- C:\Windows\SysWOW64
2014-05-11 10:14:05 ----D---- C:\Windows\System32
2014-05-11 09:31:26 ----D---- C:\Windows\system32\catroot2
2014-05-11 09:05:14 ----D---- C:\Windows\ModemLogs
2014-05-11 08:58:34 ----D---- C:\Windows\SoftwareDistribution
2014-05-11 08:49:13 ----SD---- C:\ProgramData\Microsoft
2014-05-11 08:48:15 ----D---- C:\Windows\inf
2014-05-10 13:21:09 ----D---- C:\Windows\Prefetch
2014-05-10 11:32:56 ----D---- C:\Windows\Temp
2014-05-10 11:32:46 ----D---- C:\Windows\system32\config
2014-05-10 11:31:00 ----D---- C:\Windows
2014-05-10 11:27:28 ----RD---- C:\Program Files
2014-05-08 15:54:55 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2014-05-08 14:30:09 ----D---- C:\Users\Admin\AppData\Roaming\avidemux
2014-05-08 13:28:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-08 12:46:38 ----SHD---- C:\Windows\Installer
2014-05-05 20:21:18 ----D---- C:\Users\Admin\AppData\Roaming\uTorrent
2014-05-02 10:52:43 ----D---- C:\Program Files\Common Files
2014-05-01 08:09:10 ----D---- C:\ProgramData\Oracle
2014-05-01 08:08:51 ----D---- C:\Program Files (x86)\Java
2014-04-30 17:08:28 ----D---- C:\Windows\rescache
2014-04-30 14:27:46 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-04-30 14:27:46 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-30 14:27:46 ----D---- C:\Program Files\Internet Explorer
2014-04-30 14:27:45 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-30 14:27:44 ----D---- C:\Windows\system32\sk-SK
2014-04-30 14:27:44 ----D---- C:\Windows\system32\en-US
2014-04-30 14:27:44 ----D---- C:\Windows\system32\cs-CZ
2014-04-30 14:27:44 ----D---- C:\Windows\PolicyDefinitions
2014-04-30 14:27:42 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-25 20:51:04 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2014-04-25 20:48:03 ----RSD---- C:\Windows\assembly
2014-04-23 06:34:21 ----D---- C:\Windows\Tasks
2014-04-23 06:34:21 ----D---- C:\Windows\system32\Tasks
2014-04-11 17:25:37 ----D---- C:\Windows\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\Windows\system32\drivers\hpdskflt.sys [2009-07-08 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 22128]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2013-10-23 129944]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Acceler;Accelerometer Service; C:\Windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-07-20 10603904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 Accelerometer;HP Accelerometer; C:\Windows\system32\drivers\Accelerometer.sys [2009-07-08 41272]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032e.sys [2009-06-10 278016]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 rimmptsk;rimmptsk; C:\Windows\system32\drivers\rimmpx64.sys [2009-06-25 67584]
S3 rismcx64;RICOH Smart Card Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 116648]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
LOG Z FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Admin (administrator) on ADMIN-PC on 10-05-2014 11:34:53
Running from C:\Users\Admin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-559379095-3550260044-3507931095-1001\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-13] (Google Inc.)
HKU\S-1-5-21-559379095-3550260044-3507931095-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-559379095-3550260044-3507931095-1001\...\MountPoints2: D - D:\Autorun.exe
==================== Internet (Whitelisted) ====================
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.10.10.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR HomePage: https://www.google.cz/
CHR StartupUrls: "hxxp://websearch.youwillfind.info/?pid=512&r=2013/05/04&hid=3010945429&lg=EN&cc=CZ", "hxxp://www.search.ask.com/?o=APN10640A&gct=hp& ... 83-101&t=4"
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-13]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-13]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-13]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-13]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-24]
CHR Extension: (Peněženka Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-13]
==================== Services (Whitelisted) =================
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 PlugPlay; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-11 11:14 - 2014-05-11 11:14 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 11:14 - 2014-05-11 11:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-11 11:14 - 2014-05-10 11:29 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2014-05-11 11:14 - 2014-05-10 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-11 11:10 - 2014-05-11 11:10 - 00000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2014-05-11 10:53 - 2014-05-11 10:53 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-11 10:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:52 - 2014-05-11 10:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2014-05-11 10:01 - 2014-05-11 10:02 - 04154880 _____ () C:\Users\Admin\Downloads\32-bit-64-bit-w7lxe.exe
2014-05-11 10:01 - 2014-05-11 10:01 - 00261223 _____ () C:\Users\Admin\Downloads\w7lxe-langpack-51.rar
2014-05-11 09:37 - 2014-05-11 09:41 - 00000000 ____D () C:\AdwCleaner
2014-05-11 09:37 - 2014-05-11 09:37 - 01037278 _____ () C:\Users\Admin\Downloads\adwcleaner.exe
2014-05-11 09:07 - 2014-05-11 09:07 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2014-05-11 09:07 - 2014-05-11 09:07 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2014-05-11 09:06 - 2014-05-11 09:06 - 00159144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\WindowsActivationUpdate (1).exe
2014-05-11 09:05 - 2014-05-11 09:05 - 00000808 _____ () C:\Windows\PFRO.log
2014-05-11 09:00 - 2014-05-11 10:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-11 08:59 - 2014-05-11 08:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-11 08:58 - 2014-05-11 08:58 - 00159144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\WindowsActivationUpdate.exe
2014-05-10 11:34 - 2014-05-10 11:35 - 00007120 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-10 11:30 - 2014-05-10 11:34 - 00000000 ____D () C:\FRST
2014-05-10 11:27 - 2014-05-10 11:33 - 00000000 ____D () C:\Program Files\trend micro
2014-05-10 11:27 - 2014-05-10 11:27 - 00000000 ____D () C:\rsit
2014-05-10 11:24 - 2014-05-10 11:24 - 02066432 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-10 11:23 - 2014-05-10 11:23 - 00935175 _____ () C:\Users\Admin\Desktop\RSITx64.exe
2014-05-09 07:11 - 2014-05-09 07:11 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-05-09 07:11 - 2014-05-09 07:11 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-05-08 12:46 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-08 12:46 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-08 12:34 - 2014-05-08 13:10 - 1281876654 _____ () C:\Users\Guest\Desktop\frozen new audio.avi
2014-05-05 18:55 - 2014-05-07 19:20 - 00025088 _____ () C:\Users\Admin\Desktop\Kveten 2014 TC servis.xls
2014-05-05 18:54 - 2014-05-05 18:54 - 00025088 _____ () C:\Users\Admin\Desktop\DOCHAZKA VZOR.xls
2014-05-05 18:41 - 2014-05-05 19:11 - 1672085504 _____ () C:\Users\Guest\Desktop\Frozen.2013.480p.BDRip.XviD.CZ.avi
2014-05-05 18:41 - 2014-05-05 18:41 - 00016626 _____ () C:\Users\Admin\Downloads\[CzT]Ledove_kralovstvi_Frozen_2013_CZ_.torrent
2014-05-03 08:02 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 08:02 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 08:02 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 08:02 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 12:47 - 2014-05-02 12:47 - 00181840 _____ () C:\Users\Guest\Downloads\voes
2014-05-02 11:06 - 2014-05-02 11:10 - 00000000 ____D () C:\Users\Admin\Desktop\ortel vyber
2014-05-02 11:04 - 2014-05-02 11:04 - 01308408 _____ (Ellora Assets Corporation ) C:\Users\Admin\Downloads\FreemakeVideoDownloaderSetup.exe
2014-05-02 10:56 - 2014-05-02 10:57 - 22407856 _____ (Open Media LLC ) C:\Users\Admin\Downloads\4kvideodownloader_3.2.exe
2014-05-02 10:55 - 2014-05-02 10:55 - 00000000 ____D () C:\ProgramData\xml_param
2014-05-02 10:52 - 2014-05-02 10:56 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-05-02 10:52 - 2014-05-02 10:55 - 00000000 ____D () C:\ProgramData\iSkysoft iTube Studio
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\iSkysoft
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\ProgramData\iSkysoft Application Common Data
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft
2014-05-02 10:50 - 2014-05-02 10:51 - 31041307 _____ (iSkysoft Software ) C:\Users\Admin\Downloads\itube-studio_full1169.exe
2014-05-02 10:47 - 2014-05-02 10:47 - 00000000 ____D () C:\Windows\Sun
2014-05-02 07:04 - 2014-05-02 07:04 - 00012174 _____ () C:\Users\Admin\Desktop\faktura duben knihovna.xlsx
2014-05-01 09:00 - 2014-05-01 09:00 - 00002367 _____ () C:\Users\Admin\Downloads\DESK-FORM Desk Draw Order.application
2014-05-01 08:09 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-01 08:08 - 2014-05-01 08:08 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-01 08:08 - 2014-05-01 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-01 08:08 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-01 08:08 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-01 08:08 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-01 08:05 - 2014-05-01 08:20 - 737006908 _____ () C:\Users\Admin\Downloads\THE PASSION OF THE CHRIST.Title2.DVDRip.avi
2014-05-01 08:05 - 2014-05-01 08:05 - 00014626 _____ () C:\Users\Admin\Downloads\[CzT]Umuceni_Krista_The_Passion_Of_The_Christ_2004_.torrent
2014-05-01 08:03 - 2014-05-10 11:35 - 00488800 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 21:05 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 21:05 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 21:05 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 21:05 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 21:05 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 21:05 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 21:05 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 21:05 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 21:05 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 21:05 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 21:05 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 21:05 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 21:05 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 21:05 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 21:05 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 21:05 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 21:05 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 21:05 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 21:05 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 21:05 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 21:05 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 21:05 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 21:05 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 21:05 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 21:05 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 21:05 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 21:05 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 21:05 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 21:05 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 21:05 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 21:05 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 21:05 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 21:05 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 21:05 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 21:05 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 21:05 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 21:05 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 21:05 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 21:05 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 21:05 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-29 21:04 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 21:04 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 21:04 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 21:04 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-26 19:03 - 2014-04-26 19:03 - 00001663 _____ () C:\Users\Admin\Desktop\witcher – zástupce.lnk
2014-04-25 20:51 - 2014-04-25 20:51 - 00000031 _____ () C:\Windows\progress
2014-04-25 20:49 - 2014-05-10 07:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\The Witcher
2014-04-25 20:49 - 2014-04-26 18:09 - 00000000 ____D () C:\Users\Admin\Documents\The Witcher
2014-04-25 20:37 - 2014-04-25 20:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-25 20:36 - 2014-04-25 20:48 - 00000000 ____D () C:\Program Files (x86)\Zaklínač rozšířená edice
2014-04-25 20:36 - 2014-04-25 20:47 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-04-23 06:36 - 2014-05-10 11:32 - 00000000 ___RD () C:\Users\Admin\Disk Google
2014-04-23 06:36 - 2014-04-23 06:36 - 00001720 _____ () C:\Users\Admin\Desktop\Disk Google.lnk
2014-04-23 06:35 - 2014-05-08 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-04-23 06:34 - 2014-05-11 10:44 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 06:34 - 2014-05-10 11:32 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 06:34 - 2014-05-07 14:39 - 00003946 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-23 06:34 - 2014-05-07 14:39 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-23 06:34 - 2014-04-23 06:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-23 06:34 - 2014-04-23 06:34 - 00884672 _____ (Google Inc.) C:\Users\Admin\Downloads\googledrivesync.exe
2014-04-22 13:03 - 2014-04-22 13:41 - 367665152 _____ () C:\Users\Guest\Downloads\Dr.-House-4x01---Sám.avi
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft Games
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-04-21 14:49 - 2014-04-21 14:49 - 00000000 ____D () C:\Users\Guest\Downloads\Zoo-Tycoon-2-celá-hra+čeština
2014-04-21 13:55 - 2014-04-21 14:38 - 397292820 _____ () C:\Users\Guest\Downloads\Zoo-Tycoon-2-celá-hra+čeština.zip
2014-04-20 21:22 - 2014-04-25 20:36 - 00000000 ____D () C:\Users\Admin\Downloads\Zaklínač - Rozšířená edice CZ
2014-04-20 21:21 - 2014-04-20 21:21 - 00048927 _____ () C:\Users\Admin\Downloads\[CzT]Zaklinac_Rozsirena_edice_Original_CZ_verze_.torrent
2014-04-20 18:58 - 2014-04-20 18:58 - 00000000 ____D () C:\Users\Admin\Desktop\teo
2014-04-17 21:27 - 2014-04-17 21:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-04-15 19:48 - 2014-04-15 19:48 - 00023552 _____ () C:\Users\Admin\Desktop\faktura duben Kyklop.xls
2014-04-11 19:54 - 2014-04-11 21:22 - 1559525376 _____ () C:\Users\Admin\Downloads\solomon-kane-akcni-dobrodruzny-fantasy-2009-cz-sten-ok.avi
2014-04-11 17:29 - 2014-04-11 17:29 - 04994480 _____ (Adobe Systems Inc.) C:\Users\Guest\Downloads\Shockwave_Installer_Slim (1).exe
2014-04-10 18:21 - 2014-04-10 18:36 - 733687808 _____ () C:\Users\Admin\Downloads\Mama Mia DVDRip cz dabing.avi
2014-04-10 17:40 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 17:40 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 17:40 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 17:40 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 17:40 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 17:40 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 17:40 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 17:40 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 17:40 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 17:40 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 17:40 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
==================== One Month Modified Files and Folders =======
2014-05-11 11:14 - 2014-05-11 11:14 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 11:14 - 2014-05-11 11:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-11 11:10 - 2014-05-11 11:10 - 00000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2014-05-11 11:05 - 2014-02-13 21:07 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001UA.job
2014-05-11 11:04 - 2009-07-14 06:45 - 00036000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 11:04 - 2009-07-14 06:45 - 00036000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 10:53 - 2014-05-11 10:53 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-11 10:53 - 2014-05-11 10:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2014-05-11 10:53 - 2014-05-11 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-11 10:44 - 2014-04-23 06:34 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 10:38 - 2009-07-14 07:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-11 10:02 - 2014-05-11 10:01 - 04154880 _____ () C:\Users\Admin\Downloads\32-bit-64-bit-w7lxe.exe
2014-05-11 10:01 - 2014-05-11 10:01 - 00261223 _____ () C:\Users\Admin\Downloads\w7lxe-langpack-51.rar
2014-05-11 09:41 - 2014-05-11 09:37 - 00000000 ____D () C:\AdwCleaner
2014-05-11 09:37 - 2014-05-11 09:37 - 01037278 _____ () C:\Users\Admin\Downloads\adwcleaner.exe
2014-05-11 09:07 - 2014-05-11 09:07 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2014-05-11 09:07 - 2014-05-11 09:07 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2014-05-11 09:06 - 2014-05-11 09:06 - 00159144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\WindowsActivationUpdate (1).exe
2014-05-11 09:05 - 2014-05-11 09:05 - 00000808 _____ () C:\Windows\PFRO.log
2014-05-11 08:59 - 2014-05-11 08:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-11 08:58 - 2014-05-11 08:58 - 00159144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\WindowsActivationUpdate.exe
2014-05-10 11:35 - 2014-05-10 11:34 - 00007120 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-10 11:35 - 2014-05-01 08:03 - 00488800 _____ () C:\Windows\WindowsUpdate.log
2014-05-10 11:34 - 2014-05-10 11:30 - 00000000 ____D () C:\FRST
2014-05-10 11:33 - 2014-05-10 11:27 - 00000000 ____D () C:\Program Files\trend micro
2014-05-10 11:32 - 2014-04-23 06:36 - 00000000 ___RD () C:\Users\Admin\Disk Google
2014-05-10 11:32 - 2014-04-23 06:34 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-10 11:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 11:29 - 2014-05-11 11:14 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2014-05-10 11:29 - 2014-05-11 11:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-10 11:27 - 2014-05-10 11:27 - 00000000 ____D () C:\rsit
2014-05-10 11:24 - 2014-05-10 11:24 - 02066432 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-10 11:23 - 2014-05-10 11:23 - 00935175 _____ () C:\Users\Admin\Desktop\RSITx64.exe
2014-05-10 07:38 - 2014-04-25 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\The Witcher
2014-05-10 06:12 - 2014-02-13 21:07 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001Core.job
2014-05-10 06:00 - 2014-02-13 21:07 - 00003936 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001UA
2014-05-10 06:00 - 2014-02-13 21:07 - 00003540 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001Core
2014-05-09 07:11 - 2014-05-09 07:11 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-05-09 07:11 - 2014-05-09 07:11 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-05-08 15:54 - 2014-03-28 20:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-05-08 14:30 - 2014-03-15 23:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\avidemux
2014-05-08 13:28 - 2011-04-12 10:34 - 00666444 _____ () C:\Windows\system32\perfh005.dat
2014-05-08 13:28 - 2011-04-12 10:34 - 00140108 _____ () C:\Windows\system32\perfc005.dat
2014-05-08 13:28 - 2009-07-14 07:13 - 01576554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 13:10 - 2014-05-08 12:34 - 1281876654 _____ () C:\Users\Guest\Desktop\frozen new audio.avi
2014-05-08 12:46 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-08 12:46 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-08 12:46 - 2014-04-23 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-07 19:20 - 2014-05-05 18:55 - 00025088 _____ () C:\Users\Admin\Desktop\Kveten 2014 TC servis.xls
2014-05-07 14:39 - 2014-04-23 06:34 - 00003946 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 14:39 - 2014-04-23 06:34 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 20:21 - 2014-02-13 21:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2014-05-05 19:11 - 2014-05-05 18:41 - 1672085504 _____ () C:\Users\Guest\Desktop\Frozen.2013.480p.BDRip.XviD.CZ.avi
2014-05-05 18:54 - 2014-05-05 18:54 - 00025088 _____ () C:\Users\Admin\Desktop\DOCHAZKA VZOR.xls
2014-05-05 18:41 - 2014-05-05 18:41 - 00016626 _____ () C:\Users\Admin\Downloads\[CzT]Ledove_kralovstvi_Frozen_2013_CZ_.torrent
2014-05-02 16:55 - 2014-02-13 21:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2014-05-02 12:47 - 2014-05-02 12:47 - 00181840 _____ () C:\Users\Guest\Downloads\voes
2014-05-02 11:10 - 2014-05-02 11:06 - 00000000 ____D () C:\Users\Admin\Desktop\ortel vyber
2014-05-02 11:04 - 2014-05-02 11:04 - 01308408 _____ (Ellora Assets Corporation ) C:\Users\Admin\Downloads\FreemakeVideoDownloaderSetup.exe
2014-05-02 10:57 - 2014-05-02 10:56 - 22407856 _____ (Open Media LLC ) C:\Users\Admin\Downloads\4kvideodownloader_3.2.exe
2014-05-02 10:56 - 2014-05-02 10:52 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-05-02 10:55 - 2014-05-02 10:55 - 00000000 ____D () C:\ProgramData\xml_param
2014-05-02 10:55 - 2014-05-02 10:52 - 00000000 ____D () C:\ProgramData\iSkysoft iTube Studio
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\iSkysoft
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\ProgramData\iSkysoft Application Common Data
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft
2014-05-02 10:51 - 2014-05-02 10:50 - 31041307 _____ (iSkysoft Software ) C:\Users\Admin\Downloads\itube-studio_full1169.exe
2014-05-02 10:47 - 2014-05-02 10:47 - 00000000 ____D () C:\Windows\Sun
2014-05-02 07:04 - 2014-05-02 07:04 - 00012174 _____ () C:\Users\Admin\Desktop\faktura duben knihovna.xlsx
2014-05-01 09:00 - 2014-05-01 09:00 - 00002367 _____ () C:\Users\Admin\Downloads\DESK-FORM Desk Draw Order.application
2014-05-01 08:20 - 2014-05-01 08:05 - 737006908 _____ () C:\Users\Admin\Downloads\THE PASSION OF THE CHRIST.Title2.DVDRip.avi
2014-05-01 08:09 - 2014-02-20 20:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-01 08:08 - 2014-05-01 08:08 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-01 08:08 - 2014-05-01 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-01 08:08 - 2014-02-20 20:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-01 08:05 - 2014-05-01 08:05 - 00014626 _____ () C:\Users\Admin\Downloads\[CzT]Umuceni_Krista_The_Passion_Of_The_Christ_2004_.torrent
2014-04-30 19:34 - 2014-02-13 21:12 - 00002372 _____ () C:\Users\Admin\Desktop\Google Chrome.lnk
2014-04-30 19:31 - 2014-04-09 18:39 - 00025088 _____ () C:\Users\Admin\Desktop\duben 2014 TC-SERVIS.xls
2014-04-30 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-30 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-04-30 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-04-30 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 19:26 - 2014-02-17 18:58 - 00002372 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
2014-04-29 16:01 - 2014-05-03 08:02 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 08:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 08:02 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 08:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 19:03 - 2014-04-26 19:03 - 00001663 _____ () C:\Users\Admin\Desktop\witcher – zástupce.lnk
2014-04-26 18:09 - 2014-04-25 20:49 - 00000000 ____D () C:\Users\Admin\Documents\The Witcher
2014-04-25 20:51 - 2014-04-25 20:51 - 00000031 _____ () C:\Windows\progress
2014-04-25 20:48 - 2014-04-25 20:36 - 00000000 ____D () C:\Program Files (x86)\Zaklínač rozšířená edice
2014-04-25 20:48 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-25 20:47 - 2014-04-25 20:36 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-04-25 20:37 - 2014-04-25 20:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-25 20:36 - 2014-04-20 21:22 - 00000000 ____D () C:\Users\Admin\Downloads\Zaklínač - Rozšířená edice CZ
2014-04-23 14:54 - 2014-02-17 18:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-04-23 06:36 - 2014-04-23 06:36 - 00001720 _____ () C:\Users\Admin\Desktop\Disk Google.lnk
2014-04-23 06:36 - 2014-02-13 21:02 - 00000000 ____D () C:\Users\Admin
2014-04-23 06:35 - 2014-04-23 06:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-23 06:35 - 2014-02-13 21:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-04-23 06:34 - 2014-04-23 06:34 - 00884672 _____ (Google Inc.) C:\Users\Admin\Downloads\googledrivesync.exe
2014-04-22 13:41 - 2014-04-22 13:03 - 367665152 _____ () C:\Users\Guest\Downloads\Dr.-House-4x01---Sám.avi
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft Games
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-04-21 14:49 - 2014-04-21 14:49 - 00000000 ____D () C:\Users\Guest\Downloads\Zoo-Tycoon-2-celá-hra+čeština
2014-04-21 14:38 - 2014-04-21 13:55 - 397292820 _____ () C:\Users\Guest\Downloads\Zoo-Tycoon-2-celá-hra+čeština.zip
2014-04-20 21:21 - 2014-04-20 21:21 - 00048927 _____ () C:\Users\Admin\Downloads\[CzT]Zaklinac_Rozsirena_edice_Original_CZ_verze_.torrent
2014-04-20 18:58 - 2014-04-20 18:58 - 00000000 ____D () C:\Users\Admin\Desktop\teo
2014-04-17 21:27 - 2014-04-17 21:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-04-17 21:27 - 2014-02-16 22:10 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-04-15 19:48 - 2014-04-15 19:48 - 00023552 _____ () C:\Users\Admin\Desktop\faktura duben Kyklop.xls
2014-04-15 19:48 - 2014-04-09 18:38 - 00025088 _____ () C:\Users\Admin\Desktop\duben 2014 Kyklop.xls
2014-04-15 19:45 - 2014-03-30 13:50 - 00023552 _____ () C:\Users\Admin\Desktop\faktura brezen.xls
2014-04-14 20:13 - 2014-05-01 08:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-05-01 08:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-05-01 08:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-05-01 08:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-11 21:22 - 2014-04-11 19:54 - 1559525376 _____ () C:\Users\Admin\Downloads\solomon-kane-akcni-dobrodruzny-fantasy-2009-cz-sten-ok.avi
2014-04-11 17:29 - 2014-04-11 17:29 - 04994480 _____ (Adobe Systems Inc.) C:\Users\Guest\Downloads\Shockwave_Installer_Slim (1).exe
2014-04-10 18:36 - 2014-04-10 18:21 - 733687808 _____ () C:\Users\Admin\Downloads\Mama Mia DVDRip cz dabing.avi
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 09:44
==================== End Of Log ============================
LOG z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2014-05-10 11:33:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 166 GB (70%) free of 238 GB
Total RAM: 4055 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:52, on 10.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7033 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
taskeng.exe {5011560D-2920-4C59-83BC-844061F0890F}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2800.0.1942468089\922861454" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,5,14,28 --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor --gpu-driver-version --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Control/GoogleNow/Default/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2800.1.1828496892\1197205076" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Control/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2800.3.1257266633\243554069" /prefetch:673131151
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Control/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2800.4.1681364122\1038674054" /prefetch:673131151
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2800.6.741881240\1225762296" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Users\Admin\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-28 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-28 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-28 415256]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-13 116648]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2014-04-25 22415552]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2013-10-23 337432]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-07-20 271360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-05-11 11:14:20 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-11 11:14:19 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 11:14:08 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-05-11 10:53:21 ----D---- C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-05-11 10:53:14 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-11 10:53:14 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-05-11 09:37:46 ----D---- C:\AdwCleaner
2014-05-11 09:15:06 ----A---- C:\Windows\ntbtlog.txt
2014-05-11 09:00:08 ----D---- C:\ProgramData\Malwarebytes
2014-05-10 11:30:00 ----D---- C:\FRST
2014-05-10 11:27:28 ----D---- C:\Program Files\trend micro
2014-05-10 11:27:27 ----D---- C:\rsit
2014-05-08 12:46:25 ----SHD---- C:\Config.Msi
2014-05-03 08:02:41 ----A---- C:\Windows\system32\mshtml.dll
2014-05-03 08:02:39 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-02 10:55:48 ----D---- C:\ProgramData\xml_param
2014-05-02 10:52:43 ----D---- C:\Program Files\Common Files\iSkysoft
2014-05-02 10:52:10 ----D---- C:\ProgramData\iSkysoft iTube Studio
2014-05-02 10:52:08 ----D---- C:\ProgramData\iSkysoft Application Common Data
2014-05-02 10:52:08 ----D---- C:\Program Files (x86)\iSkysoft
2014-05-02 10:47:10 ----D---- C:\Windows\Sun
2014-05-01 08:09:01 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-05-01 08:08:51 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-05-01 08:08:51 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-05-01 08:08:51 ----A---- C:\Windows\SYSWOW64\java.exe
2014-04-29 21:05:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-04-29 21:05:18 ----A---- C:\Windows\system32\ieui.dll
2014-04-29 21:05:17 ----A---- C:\Windows\system32\vbscript.dll
2014-04-29 21:05:16 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-29 21:05:12 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 21:05:12 ----A---- C:\Windows\system32\iernonce.dll
2014-04-29 21:05:12 ----A---- C:\Windows\system32\ie4uinit.exe
2014-04-29 21:05:11 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 21:05:10 ----A---- C:\Windows\system32\jscript9diag.dll
2014-04-29 21:05:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-04-29 21:05:09 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-04-29 21:05:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-04-29 21:05:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-04-29 21:05:09 ----A---- C:\Windows\system32\msrating.dll
2014-04-29 21:05:09 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-29 21:05:09 ----A---- C:\Windows\system32\dxtrans.dll
2014-04-29 21:05:09 ----A---- C:\Windows\system32\dxtmsft.dll
2014-04-29 21:05:08 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-04-29 21:05:08 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-29 21:05:07 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-04-29 21:05:07 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-04-29 21:05:07 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-04-29 21:05:07 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-04-29 21:05:07 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-29 21:05:07 ----A---- C:\Windows\system32\iesetup.dll
2014-04-29 21:05:04 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-04-29 21:05:04 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-04-29 21:05:04 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-04-29 21:05:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 21:05:03 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-04-29 21:05:03 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-04-29 21:05:03 ----A---- C:\Windows\system32\ieapfltr.dll
2014-04-29 21:05:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-04-29 21:05:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-04-29 21:05:01 ----A---- C:\Windows\system32\iertutil.dll
2014-04-29 21:05:00 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-04-29 21:05:00 ----A---- C:\Windows\system32\wininet.dll
2014-04-29 21:05:00 ----A---- C:\Windows\system32\urlmon.dll
2014-04-29 21:04:59 ----A---- C:\Windows\system32\ieframe.dll
2014-04-29 21:04:58 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-04-29 21:04:55 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-04-29 21:04:55 ----A---- C:\Windows\system32\jscript9.dll
2014-04-25 20:37:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-04-25 20:36:42 ----D---- C:\Program Files (x86)\Zaklínač rozšířená edice
2014-04-23 06:34:15 ----D---- C:\Program Files (x86)\Google
2014-04-21 14:52:53 ----D---- C:\ProgramData\Microsoft Games
======List of files/folders modified in the last 1 month======
2014-05-11 11:14:20 ----HD---- C:\ProgramData
2014-05-11 11:14:19 ----D---- C:\Windows\system32\drivers
2014-05-11 10:53:14 ----RD---- C:\Program Files (x86)
2014-05-11 10:49:39 ----D---- C:\Windows\winsxs
2014-05-11 10:49:36 ----D---- C:\Windows\system32\catroot
2014-05-11 10:41:11 ----SHD---- C:\System Volume Information
2014-05-11 10:41:10 ----D---- C:\Windows\Logs
2014-05-11 10:14:05 ----D---- C:\Windows\SysWOW64
2014-05-11 10:14:05 ----D---- C:\Windows\System32
2014-05-11 09:31:26 ----D---- C:\Windows\system32\catroot2
2014-05-11 09:05:14 ----D---- C:\Windows\ModemLogs
2014-05-11 08:58:34 ----D---- C:\Windows\SoftwareDistribution
2014-05-11 08:49:13 ----SD---- C:\ProgramData\Microsoft
2014-05-11 08:48:15 ----D---- C:\Windows\inf
2014-05-10 13:21:09 ----D---- C:\Windows\Prefetch
2014-05-10 11:32:56 ----D---- C:\Windows\Temp
2014-05-10 11:32:46 ----D---- C:\Windows\system32\config
2014-05-10 11:31:00 ----D---- C:\Windows
2014-05-10 11:27:28 ----RD---- C:\Program Files
2014-05-08 15:54:55 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2014-05-08 14:30:09 ----D---- C:\Users\Admin\AppData\Roaming\avidemux
2014-05-08 13:28:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-08 12:46:38 ----SHD---- C:\Windows\Installer
2014-05-05 20:21:18 ----D---- C:\Users\Admin\AppData\Roaming\uTorrent
2014-05-02 10:52:43 ----D---- C:\Program Files\Common Files
2014-05-01 08:09:10 ----D---- C:\ProgramData\Oracle
2014-05-01 08:08:51 ----D---- C:\Program Files (x86)\Java
2014-04-30 17:08:28 ----D---- C:\Windows\rescache
2014-04-30 14:27:46 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-04-30 14:27:46 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-30 14:27:46 ----D---- C:\Program Files\Internet Explorer
2014-04-30 14:27:45 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-30 14:27:44 ----D---- C:\Windows\system32\sk-SK
2014-04-30 14:27:44 ----D---- C:\Windows\system32\en-US
2014-04-30 14:27:44 ----D---- C:\Windows\system32\cs-CZ
2014-04-30 14:27:44 ----D---- C:\Windows\PolicyDefinitions
2014-04-30 14:27:42 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-25 20:51:04 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2014-04-25 20:48:03 ----RSD---- C:\Windows\assembly
2014-04-23 06:34:21 ----D---- C:\Windows\Tasks
2014-04-23 06:34:21 ----D---- C:\Windows\system32\Tasks
2014-04-11 17:25:37 ----D---- C:\Windows\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\Windows\system32\drivers\hpdskflt.sys [2009-07-08 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 22128]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2013-10-23 129944]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Acceler;Accelerometer Service; C:\Windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-07-20 10603904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 Accelerometer;HP Accelerometer; C:\Windows\system32\drivers\Accelerometer.sys [2009-07-08 41272]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032e.sys [2009-06-10 278016]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 rimmptsk;rimmptsk; C:\Windows\system32\drivers\rimmpx64.sys [2009-06-25 67584]
S3 rismcx64;RICOH Smart Card Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 116648]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
LOG Z FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Admin (administrator) on ADMIN-PC on 10-05-2014 11:34:53
Running from C:\Users\Admin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-559379095-3550260044-3507931095-1001\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-13] (Google Inc.)
HKU\S-1-5-21-559379095-3550260044-3507931095-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-559379095-3550260044-3507931095-1001\...\MountPoints2: D - D:\Autorun.exe
==================== Internet (Whitelisted) ====================
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.10.10.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR HomePage: https://www.google.cz/
CHR StartupUrls: "hxxp://websearch.youwillfind.info/?pid=512&r=2013/05/04&hid=3010945429&lg=EN&cc=CZ", "hxxp://www.search.ask.com/?o=APN10640A&gct=hp& ... 83-101&t=4"
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-13]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-13]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-13]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-13]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-24]
CHR Extension: (Peněženka Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-13]
==================== Services (Whitelisted) =================
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 PlugPlay; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-11 11:14 - 2014-05-11 11:14 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 11:14 - 2014-05-11 11:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-11 11:14 - 2014-05-10 11:29 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2014-05-11 11:14 - 2014-05-10 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-11 11:10 - 2014-05-11 11:10 - 00000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2014-05-11 10:53 - 2014-05-11 10:53 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-11 10:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:52 - 2014-05-11 10:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2014-05-11 10:01 - 2014-05-11 10:02 - 04154880 _____ () C:\Users\Admin\Downloads\32-bit-64-bit-w7lxe.exe
2014-05-11 10:01 - 2014-05-11 10:01 - 00261223 _____ () C:\Users\Admin\Downloads\w7lxe-langpack-51.rar
2014-05-11 09:37 - 2014-05-11 09:41 - 00000000 ____D () C:\AdwCleaner
2014-05-11 09:37 - 2014-05-11 09:37 - 01037278 _____ () C:\Users\Admin\Downloads\adwcleaner.exe
2014-05-11 09:07 - 2014-05-11 09:07 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2014-05-11 09:07 - 2014-05-11 09:07 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2014-05-11 09:06 - 2014-05-11 09:06 - 00159144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\WindowsActivationUpdate (1).exe
2014-05-11 09:05 - 2014-05-11 09:05 - 00000808 _____ () C:\Windows\PFRO.log
2014-05-11 09:00 - 2014-05-11 10:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-11 08:59 - 2014-05-11 08:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-11 08:58 - 2014-05-11 08:58 - 00159144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\WindowsActivationUpdate.exe
2014-05-10 11:34 - 2014-05-10 11:35 - 00007120 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-10 11:30 - 2014-05-10 11:34 - 00000000 ____D () C:\FRST
2014-05-10 11:27 - 2014-05-10 11:33 - 00000000 ____D () C:\Program Files\trend micro
2014-05-10 11:27 - 2014-05-10 11:27 - 00000000 ____D () C:\rsit
2014-05-10 11:24 - 2014-05-10 11:24 - 02066432 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-10 11:23 - 2014-05-10 11:23 - 00935175 _____ () C:\Users\Admin\Desktop\RSITx64.exe
2014-05-09 07:11 - 2014-05-09 07:11 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-05-09 07:11 - 2014-05-09 07:11 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-05-08 12:46 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-08 12:46 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-08 12:34 - 2014-05-08 13:10 - 1281876654 _____ () C:\Users\Guest\Desktop\frozen new audio.avi
2014-05-05 18:55 - 2014-05-07 19:20 - 00025088 _____ () C:\Users\Admin\Desktop\Kveten 2014 TC servis.xls
2014-05-05 18:54 - 2014-05-05 18:54 - 00025088 _____ () C:\Users\Admin\Desktop\DOCHAZKA VZOR.xls
2014-05-05 18:41 - 2014-05-05 19:11 - 1672085504 _____ () C:\Users\Guest\Desktop\Frozen.2013.480p.BDRip.XviD.CZ.avi
2014-05-05 18:41 - 2014-05-05 18:41 - 00016626 _____ () C:\Users\Admin\Downloads\[CzT]Ledove_kralovstvi_Frozen_2013_CZ_.torrent
2014-05-03 08:02 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 08:02 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 08:02 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 08:02 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 12:47 - 2014-05-02 12:47 - 00181840 _____ () C:\Users\Guest\Downloads\voes
2014-05-02 11:06 - 2014-05-02 11:10 - 00000000 ____D () C:\Users\Admin\Desktop\ortel vyber
2014-05-02 11:04 - 2014-05-02 11:04 - 01308408 _____ (Ellora Assets Corporation ) C:\Users\Admin\Downloads\FreemakeVideoDownloaderSetup.exe
2014-05-02 10:56 - 2014-05-02 10:57 - 22407856 _____ (Open Media LLC ) C:\Users\Admin\Downloads\4kvideodownloader_3.2.exe
2014-05-02 10:55 - 2014-05-02 10:55 - 00000000 ____D () C:\ProgramData\xml_param
2014-05-02 10:52 - 2014-05-02 10:56 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-05-02 10:52 - 2014-05-02 10:55 - 00000000 ____D () C:\ProgramData\iSkysoft iTube Studio
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\iSkysoft
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\ProgramData\iSkysoft Application Common Data
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft
2014-05-02 10:50 - 2014-05-02 10:51 - 31041307 _____ (iSkysoft Software ) C:\Users\Admin\Downloads\itube-studio_full1169.exe
2014-05-02 10:47 - 2014-05-02 10:47 - 00000000 ____D () C:\Windows\Sun
2014-05-02 07:04 - 2014-05-02 07:04 - 00012174 _____ () C:\Users\Admin\Desktop\faktura duben knihovna.xlsx
2014-05-01 09:00 - 2014-05-01 09:00 - 00002367 _____ () C:\Users\Admin\Downloads\DESK-FORM Desk Draw Order.application
2014-05-01 08:09 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-01 08:08 - 2014-05-01 08:08 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-01 08:08 - 2014-05-01 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-01 08:08 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-01 08:08 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-01 08:08 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-01 08:05 - 2014-05-01 08:20 - 737006908 _____ () C:\Users\Admin\Downloads\THE PASSION OF THE CHRIST.Title2.DVDRip.avi
2014-05-01 08:05 - 2014-05-01 08:05 - 00014626 _____ () C:\Users\Admin\Downloads\[CzT]Umuceni_Krista_The_Passion_Of_The_Christ_2004_.torrent
2014-05-01 08:03 - 2014-05-10 11:35 - 00488800 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 21:05 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 21:05 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 21:05 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 21:05 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 21:05 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 21:05 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 21:05 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 21:05 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 21:05 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 21:05 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 21:05 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 21:05 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 21:05 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 21:05 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 21:05 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 21:05 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 21:05 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 21:05 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 21:05 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 21:05 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 21:05 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 21:05 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 21:05 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 21:05 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 21:05 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 21:05 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 21:05 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 21:05 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 21:05 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 21:05 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 21:05 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 21:05 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 21:05 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 21:05 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 21:05 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 21:05 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 21:05 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 21:05 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 21:05 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 21:05 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-29 21:04 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 21:04 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 21:04 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 21:04 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-26 19:03 - 2014-04-26 19:03 - 00001663 _____ () C:\Users\Admin\Desktop\witcher – zástupce.lnk
2014-04-25 20:51 - 2014-04-25 20:51 - 00000031 _____ () C:\Windows\progress
2014-04-25 20:49 - 2014-05-10 07:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\The Witcher
2014-04-25 20:49 - 2014-04-26 18:09 - 00000000 ____D () C:\Users\Admin\Documents\The Witcher
2014-04-25 20:37 - 2014-04-25 20:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-25 20:36 - 2014-04-25 20:48 - 00000000 ____D () C:\Program Files (x86)\Zaklínač rozšířená edice
2014-04-25 20:36 - 2014-04-25 20:47 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-04-23 06:36 - 2014-05-10 11:32 - 00000000 ___RD () C:\Users\Admin\Disk Google
2014-04-23 06:36 - 2014-04-23 06:36 - 00001720 _____ () C:\Users\Admin\Desktop\Disk Google.lnk
2014-04-23 06:35 - 2014-05-08 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-04-23 06:34 - 2014-05-11 10:44 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 06:34 - 2014-05-10 11:32 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 06:34 - 2014-05-07 14:39 - 00003946 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-23 06:34 - 2014-05-07 14:39 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-23 06:34 - 2014-04-23 06:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-23 06:34 - 2014-04-23 06:34 - 00884672 _____ (Google Inc.) C:\Users\Admin\Downloads\googledrivesync.exe
2014-04-22 13:03 - 2014-04-22 13:41 - 367665152 _____ () C:\Users\Guest\Downloads\Dr.-House-4x01---Sám.avi
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft Games
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-04-21 14:49 - 2014-04-21 14:49 - 00000000 ____D () C:\Users\Guest\Downloads\Zoo-Tycoon-2-celá-hra+čeština
2014-04-21 13:55 - 2014-04-21 14:38 - 397292820 _____ () C:\Users\Guest\Downloads\Zoo-Tycoon-2-celá-hra+čeština.zip
2014-04-20 21:22 - 2014-04-25 20:36 - 00000000 ____D () C:\Users\Admin\Downloads\Zaklínač - Rozšířená edice CZ
2014-04-20 21:21 - 2014-04-20 21:21 - 00048927 _____ () C:\Users\Admin\Downloads\[CzT]Zaklinac_Rozsirena_edice_Original_CZ_verze_.torrent
2014-04-20 18:58 - 2014-04-20 18:58 - 00000000 ____D () C:\Users\Admin\Desktop\teo
2014-04-17 21:27 - 2014-04-17 21:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-04-15 19:48 - 2014-04-15 19:48 - 00023552 _____ () C:\Users\Admin\Desktop\faktura duben Kyklop.xls
2014-04-11 19:54 - 2014-04-11 21:22 - 1559525376 _____ () C:\Users\Admin\Downloads\solomon-kane-akcni-dobrodruzny-fantasy-2009-cz-sten-ok.avi
2014-04-11 17:29 - 2014-04-11 17:29 - 04994480 _____ (Adobe Systems Inc.) C:\Users\Guest\Downloads\Shockwave_Installer_Slim (1).exe
2014-04-10 18:21 - 2014-04-10 18:36 - 733687808 _____ () C:\Users\Admin\Downloads\Mama Mia DVDRip cz dabing.avi
2014-04-10 17:40 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 17:40 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 17:40 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 17:40 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 17:40 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 17:40 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 17:40 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 17:40 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 17:40 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 17:40 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 17:40 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
==================== One Month Modified Files and Folders =======
2014-05-11 11:14 - 2014-05-11 11:14 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 11:14 - 2014-05-11 11:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-11 11:10 - 2014-05-11 11:10 - 00000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2014-05-11 11:05 - 2014-02-13 21:07 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001UA.job
2014-05-11 11:04 - 2009-07-14 06:45 - 00036000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 11:04 - 2009-07-14 06:45 - 00036000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 10:53 - 2014-05-11 10:53 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-11 10:53 - 2014-05-11 10:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-11 10:53 - 2014-05-11 10:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2014-05-11 10:53 - 2014-05-11 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-11 10:44 - 2014-04-23 06:34 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 10:38 - 2009-07-14 07:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-11 10:02 - 2014-05-11 10:01 - 04154880 _____ () C:\Users\Admin\Downloads\32-bit-64-bit-w7lxe.exe
2014-05-11 10:01 - 2014-05-11 10:01 - 00261223 _____ () C:\Users\Admin\Downloads\w7lxe-langpack-51.rar
2014-05-11 09:41 - 2014-05-11 09:37 - 00000000 ____D () C:\AdwCleaner
2014-05-11 09:37 - 2014-05-11 09:37 - 01037278 _____ () C:\Users\Admin\Downloads\adwcleaner.exe
2014-05-11 09:07 - 2014-05-11 09:07 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2014-05-11 09:07 - 2014-05-11 09:07 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2014-05-11 09:06 - 2014-05-11 09:06 - 00159144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\WindowsActivationUpdate (1).exe
2014-05-11 09:05 - 2014-05-11 09:05 - 00000808 _____ () C:\Windows\PFRO.log
2014-05-11 08:59 - 2014-05-11 08:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-11 08:58 - 2014-05-11 08:58 - 00159144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\WindowsActivationUpdate.exe
2014-05-10 11:35 - 2014-05-10 11:34 - 00007120 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-10 11:35 - 2014-05-01 08:03 - 00488800 _____ () C:\Windows\WindowsUpdate.log
2014-05-10 11:34 - 2014-05-10 11:30 - 00000000 ____D () C:\FRST
2014-05-10 11:33 - 2014-05-10 11:27 - 00000000 ____D () C:\Program Files\trend micro
2014-05-10 11:32 - 2014-04-23 06:36 - 00000000 ___RD () C:\Users\Admin\Disk Google
2014-05-10 11:32 - 2014-04-23 06:34 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-10 11:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 11:29 - 2014-05-11 11:14 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2014-05-10 11:29 - 2014-05-11 11:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-10 11:27 - 2014-05-10 11:27 - 00000000 ____D () C:\rsit
2014-05-10 11:24 - 2014-05-10 11:24 - 02066432 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-10 11:23 - 2014-05-10 11:23 - 00935175 _____ () C:\Users\Admin\Desktop\RSITx64.exe
2014-05-10 07:38 - 2014-04-25 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\The Witcher
2014-05-10 06:12 - 2014-02-13 21:07 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001Core.job
2014-05-10 06:00 - 2014-02-13 21:07 - 00003936 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001UA
2014-05-10 06:00 - 2014-02-13 21:07 - 00003540 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-559379095-3550260044-3507931095-1001Core
2014-05-09 07:11 - 2014-05-09 07:11 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-05-09 07:11 - 2014-05-09 07:11 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-05-08 15:54 - 2014-03-28 20:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-05-08 14:30 - 2014-03-15 23:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\avidemux
2014-05-08 13:28 - 2011-04-12 10:34 - 00666444 _____ () C:\Windows\system32\perfh005.dat
2014-05-08 13:28 - 2011-04-12 10:34 - 00140108 _____ () C:\Windows\system32\perfc005.dat
2014-05-08 13:28 - 2009-07-14 07:13 - 01576554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 13:10 - 2014-05-08 12:34 - 1281876654 _____ () C:\Users\Guest\Desktop\frozen new audio.avi
2014-05-08 12:46 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-08 12:46 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-08 12:46 - 2014-04-23 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-07 19:20 - 2014-05-05 18:55 - 00025088 _____ () C:\Users\Admin\Desktop\Kveten 2014 TC servis.xls
2014-05-07 14:39 - 2014-04-23 06:34 - 00003946 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 14:39 - 2014-04-23 06:34 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 20:21 - 2014-02-13 21:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2014-05-05 19:11 - 2014-05-05 18:41 - 1672085504 _____ () C:\Users\Guest\Desktop\Frozen.2013.480p.BDRip.XviD.CZ.avi
2014-05-05 18:54 - 2014-05-05 18:54 - 00025088 _____ () C:\Users\Admin\Desktop\DOCHAZKA VZOR.xls
2014-05-05 18:41 - 2014-05-05 18:41 - 00016626 _____ () C:\Users\Admin\Downloads\[CzT]Ledove_kralovstvi_Frozen_2013_CZ_.torrent
2014-05-02 16:55 - 2014-02-13 21:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2014-05-02 12:47 - 2014-05-02 12:47 - 00181840 _____ () C:\Users\Guest\Downloads\voes
2014-05-02 11:10 - 2014-05-02 11:06 - 00000000 ____D () C:\Users\Admin\Desktop\ortel vyber
2014-05-02 11:04 - 2014-05-02 11:04 - 01308408 _____ (Ellora Assets Corporation ) C:\Users\Admin\Downloads\FreemakeVideoDownloaderSetup.exe
2014-05-02 10:57 - 2014-05-02 10:56 - 22407856 _____ (Open Media LLC ) C:\Users\Admin\Downloads\4kvideodownloader_3.2.exe
2014-05-02 10:56 - 2014-05-02 10:52 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-05-02 10:55 - 2014-05-02 10:55 - 00000000 ____D () C:\ProgramData\xml_param
2014-05-02 10:55 - 2014-05-02 10:52 - 00000000 ____D () C:\ProgramData\iSkysoft iTube Studio
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\iSkysoft
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\ProgramData\iSkysoft Application Common Data
2014-05-02 10:52 - 2014-05-02 10:52 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft
2014-05-02 10:51 - 2014-05-02 10:50 - 31041307 _____ (iSkysoft Software ) C:\Users\Admin\Downloads\itube-studio_full1169.exe
2014-05-02 10:47 - 2014-05-02 10:47 - 00000000 ____D () C:\Windows\Sun
2014-05-02 07:04 - 2014-05-02 07:04 - 00012174 _____ () C:\Users\Admin\Desktop\faktura duben knihovna.xlsx
2014-05-01 09:00 - 2014-05-01 09:00 - 00002367 _____ () C:\Users\Admin\Downloads\DESK-FORM Desk Draw Order.application
2014-05-01 08:20 - 2014-05-01 08:05 - 737006908 _____ () C:\Users\Admin\Downloads\THE PASSION OF THE CHRIST.Title2.DVDRip.avi
2014-05-01 08:09 - 2014-02-20 20:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-01 08:08 - 2014-05-01 08:08 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-01 08:08 - 2014-05-01 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-01 08:08 - 2014-02-20 20:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-01 08:05 - 2014-05-01 08:05 - 00014626 _____ () C:\Users\Admin\Downloads\[CzT]Umuceni_Krista_The_Passion_Of_The_Christ_2004_.torrent
2014-04-30 19:34 - 2014-02-13 21:12 - 00002372 _____ () C:\Users\Admin\Desktop\Google Chrome.lnk
2014-04-30 19:31 - 2014-04-09 18:39 - 00025088 _____ () C:\Users\Admin\Desktop\duben 2014 TC-SERVIS.xls
2014-04-30 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-30 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-04-30 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-04-30 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 19:26 - 2014-02-17 18:58 - 00002372 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
2014-04-29 16:01 - 2014-05-03 08:02 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 08:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 08:02 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 08:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 19:03 - 2014-04-26 19:03 - 00001663 _____ () C:\Users\Admin\Desktop\witcher – zástupce.lnk
2014-04-26 18:09 - 2014-04-25 20:49 - 00000000 ____D () C:\Users\Admin\Documents\The Witcher
2014-04-25 20:51 - 2014-04-25 20:51 - 00000031 _____ () C:\Windows\progress
2014-04-25 20:48 - 2014-04-25 20:36 - 00000000 ____D () C:\Program Files (x86)\Zaklínač rozšířená edice
2014-04-25 20:48 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-25 20:47 - 2014-04-25 20:36 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-04-25 20:37 - 2014-04-25 20:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-25 20:36 - 2014-04-20 21:22 - 00000000 ____D () C:\Users\Admin\Downloads\Zaklínač - Rozšířená edice CZ
2014-04-23 14:54 - 2014-02-17 18:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-04-23 06:36 - 2014-04-23 06:36 - 00001720 _____ () C:\Users\Admin\Desktop\Disk Google.lnk
2014-04-23 06:36 - 2014-02-13 21:02 - 00000000 ____D () C:\Users\Admin
2014-04-23 06:35 - 2014-04-23 06:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-23 06:35 - 2014-02-13 21:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-04-23 06:34 - 2014-04-23 06:34 - 00884672 _____ (Google Inc.) C:\Users\Admin\Downloads\googledrivesync.exe
2014-04-22 13:41 - 2014-04-22 13:03 - 367665152 _____ () C:\Users\Guest\Downloads\Dr.-House-4x01---Sám.avi
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft Games
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-04-21 14:49 - 2014-04-21 14:49 - 00000000 ____D () C:\Users\Guest\Downloads\Zoo-Tycoon-2-celá-hra+čeština
2014-04-21 14:38 - 2014-04-21 13:55 - 397292820 _____ () C:\Users\Guest\Downloads\Zoo-Tycoon-2-celá-hra+čeština.zip
2014-04-20 21:21 - 2014-04-20 21:21 - 00048927 _____ () C:\Users\Admin\Downloads\[CzT]Zaklinac_Rozsirena_edice_Original_CZ_verze_.torrent
2014-04-20 18:58 - 2014-04-20 18:58 - 00000000 ____D () C:\Users\Admin\Desktop\teo
2014-04-17 21:27 - 2014-04-17 21:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-04-17 21:27 - 2014-02-16 22:10 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-04-15 19:48 - 2014-04-15 19:48 - 00023552 _____ () C:\Users\Admin\Desktop\faktura duben Kyklop.xls
2014-04-15 19:48 - 2014-04-09 18:38 - 00025088 _____ () C:\Users\Admin\Desktop\duben 2014 Kyklop.xls
2014-04-15 19:45 - 2014-03-30 13:50 - 00023552 _____ () C:\Users\Admin\Desktop\faktura brezen.xls
2014-04-14 20:13 - 2014-05-01 08:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-05-01 08:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-05-01 08:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-05-01 08:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-11 21:22 - 2014-04-11 19:54 - 1559525376 _____ () C:\Users\Admin\Downloads\solomon-kane-akcni-dobrodruzny-fantasy-2009-cz-sten-ok.avi
2014-04-11 17:29 - 2014-04-11 17:29 - 04994480 _____ (Adobe Systems Inc.) C:\Users\Guest\Downloads\Shockwave_Installer_Slim (1).exe
2014-04-10 18:36 - 2014-04-10 18:21 - 733687808 _____ () C:\Users\Admin\Downloads\Mama Mia DVDRip cz dabing.avi
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 09:44
==================== End Of Log ============================
V logách, až na pár zbytečností, nic špatného není. Zkuste použít FixIt: 
to je v pr.... hledam cely den reseni a zatim nic...