Tady snad kompletní:
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by pc (administrator) on PC-PC on 07-08-2014 15:46:54
Running from D:\
Platform: Windows 7 Ultimate (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Maskiseft Corporation) C:\Windows\SysWOW64\mafumo.exe
(
www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(SupportSoft, Inc.) C:\Windows\Installer\{7C3BDE10-F246-B99B-7A7E-B7575A2B2DE4}\syshost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Maskiseft Corporation) C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
() C:\Users\pc\AppData\Local\Viber\Viber.exe
(Alibaba (China) Co., Ltd.) C:\Program Files (x86)\Trademanager\AliIM.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe
(drfedcfvgy) C:\Users\pc\AppData\Roaming\WMPRWISE.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(dcfvgydrfe) C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Users\pc\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
() C:\Users\pc\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
() C:\Users\pc\AppData\Local\Temp\hm14E88A59.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Etyhymgodyofb] => C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [306853 2013-09-14] (Maskiseft Corporation)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] => C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2013-08-20] ()
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2571288 2014-06-25] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648048 2013-12-23] (Ask)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [aaaaaaaa] => C:\Windows\SysWOW64\aaaaaaaa.exe [76800 2014-07-28] ()
HKLM-x32\...\Run: [Regedit32] => C:\Windows\SysWOW64\regedit.exe [398336 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Etyhymgodyofb] => C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [306853 2013-09-14] (Maskiseft Corporation)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe [20480 2007-07-26] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM-x32\...\Winlogon: [Shell] Explorer.exe regsvr.exe [ ] () <=== ATTENTION
Winlogon\Notify\rchokoe-x32: C:\Users\pc\AppData\Local\rchokoe.dll ()
Winlogon\Notify\rckonne-x32: C:\Users\pc\AppData\Local\rckonne.dll ()
Winlogon\Notify\soikles-x32: C:\Users\pc\AppData\Local\soikles.dll ()
HKLM\...\Policies\Explorer\Run: [884621673] => C:\ProgramData\msfidbh.exe [31232 2014-06-30] ( ())
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2013-08-20] (ICQ, LLC.)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Viber] => C:\Users\pc\AppData\Local\Viber\Viber.exe [912904 2013-07-31] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\pc\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\pc\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [aliim] => C:\Program Files (x86)\Trademanager\AliIM.exe [293272 2014-05-14] (Alibaba (China) Co., Ltd.)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\pc\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-05-04] (Electronic Arts)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-07-30] (Raptr, Inc)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-03-28] (AMD)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Windows Init] => C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe [146165 2014-06-01] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Microsoft Firewall 2.9] => C:\Users\pc\AppData\Roaming\WMPRWISE.EXE [201964 2014-06-08] (drfedcfvgy)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [hovajook] => C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe [329948 2014-06-20] (dcfvgydrfe)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [aaaaaaaa] => C:\Users\pc\aaaaaaaa.exe [76800 2014-07-28] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [USPmedia Update] => regsvr32.exe C:\Users\pc\AppData\Local\USPmedia\OpenMayaRender.dll
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Msn Messsenger] => C:\Windows\system32\regsvr.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [javaocom] => C:\Windows\system32\makemote.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [soikles] => rundll32 "C:\Users\pc\AppData\Local\soikles.dll",soikles <===== ATTENTION
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [nulowuolanu] => C:\Users\pc\nulowuolanu.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [wxniof] => C:\Users\pc\foinxw\wxniof.exe [188416 2014-07-31] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [rchokoe] => rundll32 "C:\Users\pc\AppData\Local\rchokoe.dll",rchokoe <===== ATTENTION
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [rckonne] => rundll32 "C:\Users\pc\AppData\Local\rckonne.dll",rckonne <===== ATTENTION
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [IbadiRwega] => regsvr32.exe "C:\ProgramData\IbadiRwega\IbadiRwega.dat"
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Etyhymgodyofb] => C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [306853 2013-09-14] (Maskiseft Corporation)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\MountPoints2: {c5ed2903-24c7-11e3-8d52-1c6f65488f8f} - H:\iStudio.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\MountPoints2: {ec5830e4-06fa-11e3-b2da-1c6f65488f8f} - I:\Setup.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\MountPoints2: {fa037aa7-06f6-11e3-aa44-806e6f6e6963} - E:\Launch.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Winlogon: [Shell] C:\Users\pc\AppData\Roaming\template.xml [40960 2009-07-14] () <==== ATTENTION
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML ()
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT ()
InternetURL: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL ->
https://kpai7ycr7jxqkilp.onion2web.com/bpgd
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wxniof.lnk
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.conduit.com?SearchSource= ... =CT1750559
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search =
http://search.icq.com/search/results.ph ... &ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll (ClientConnect Ltd.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll (ClientConnect Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {B868D42F-E12C-4346-8D73-633A540A189C} URL =
http://search.conduit.com/ResultsExt.as ... 31148&UM=1
SearchScopes: HKCU - A26643E6C8DC474FA4BE3678FD281628 URL =
http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0B6518FD-C995-445F-BAE1-6B930BA9538F} URL =
http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
http://www1.delta-search.com/?q={search ... 4&tsp=4981
SearchScopes: HKCU - {1288BF25-D317-4B69-A3BA-67A0EDAC28BF} URL =
http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {19682B9B-2842-4297-8473-0DF162A3A714} URL =
http://www.novinky.cz/hledej?w={searchT ... arch_12454
SearchScopes: HKCU - {3F3CBC6E-CE0C-4b9e-B53D-7EBE855EC1DF} URL =
http://search.yahoo.com/search?p={searc ... type=STDVM
SearchScopes: HKCU - {5BC53F25-8151-422B-9C66-8496C85AADB1} URL =
http://www.mapy.cz/?query={searchTerms} ... arch_12454
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL =
http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {9706AB05-CEE5-4384-8746-489AF4C410A5} URL =
http://encyklopedie.seznam.cz/search?q= ... arch_12454
SearchScopes: HKCU - {B135AA99-5CCD-4e38-B976-F2C31D89F205} URL =
http://www.google.com/cse?cx=partner-pu ... 4067623346
SearchScopes: HKCU - {B868D42F-E12C-4346-8D73-633A540A189C} URL =
http://search.conduit.com/ResultsExt.as ... 31148&UM=1
SearchScopes: HKCU - {C237E758-AB4A-44DC-8024-F25532D3E18B} URL =
http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
SearchScopes: HKCU - {EEE3D246-632A-45C7-8C84-0BFE1CEA034A} URL =
http://search.seznam.cz/?q={searchTerms ... arch_12454
SearchScopes: HKCU - {F1E7676E-7E8A-4A28-9EC5-6FAF668EA786} URL =
http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {F9B4D8BC-240D-4577-B4A7-976E775E902D} URL =
http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho.dll (Alex)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BS Player ControlBar Toolbar -> {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -> C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll (ClientConnect Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {210D0CBC-8B17-48D1-B294-1A338DD2EB3A}
http://94.229.82.168:8081/VatDec.cab
DPF: HKLM-x32 {45830FF9-D9E6-4F41-86ED-B266933D8E90}
http://94.229.82.168:8081/RtspVaPgDec.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 81.200.48.55 81.200.48.11
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\Trademanager\nptrademanager.dll ( )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\pc\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
Chrome:
=======
CHR HomePage: hxxp://
www.msn.com/?pc=UP94&ocid=UP94DHP
CHR StartupUrls: "hxxp://
www.msn.com/?pc=UP94&ocid=UP94DHP", "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=34BAD85D4C99B0A3&affID=123895&tsp=4982"
CHR NewTab: "chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultNewTabURL:
https://isearch.avg.com/chroment?espv=2 ... 2013-10-28 11:49:58&v=17.1.2.0&pid=avg&sg=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (CLSID_SeparateMultipleProcessExplorerHost) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-06-13]
CHR Extension: (Dokumenty Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-19]
CHR Extension: (AVG Security Toolbar) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-08-22]
CHR Extension: (Peněženka Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-02-28]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2013-08-20] ()
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247872 2011-08-17] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-04] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SecurityCenterServer3863432951; C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [306853 2013-09-14] (Maskiseft Corporation) [File not signed]
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (
www.shadowexplorer.com) [File not signed]
R2 syshost32; C:\Windows\Installer\{7C3BDE10-F246-B99B-7A7E-B7575A2B2DE4}\syshost.exe [187904 2014-06-01] (SupportSoft, Inc.) [File not signed]
R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-03-31] (ClientConnect Ltd.)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-06-25] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 8652bb12e0b3918c; C:\Windows\System32\Drivers\8652bb12e0b3918c.sys [59840 2014-06-01] () <===== ATTENTION Necurs Rootkit?
R3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [265728 2010-09-06] (AVEO Corp)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-22] (Disc Soft Ltd)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-08-07] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-07 15:46 - 2014-08-07 15:46 - 00000000 ____D () C:\FRST
2014-08-07 15:26 - 2014-08-07 15:26 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-08-07 15:25 - 2014-08-07 15:27 - 00000000 ____D () C:\Program Files\trend micro
2014-08-07 15:25 - 2014-08-07 15:25 - 00000000 ____D () C:\rsit
2014-08-06 22:20 - 2014-08-06 22:20 - 00001889 _____ () C:\Users\pc\Desktop\ShadowExplorer.lnk
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\Users\pc\AppData\Roaming\
www.shadowexplorer.com
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-08-06 20:46 - 2014-08-06 20:46 - 00000000 _____ () C:\Users\pc\0719.exe
2014-08-06 20:43 - 2014-08-07 15:07 - 00000112 _____ () C:\Windows\setupact.log
2014-08-06 20:43 - 2014-08-06 20:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-06 20:06 - 2014-08-06 20:06 - 00000000 _____ () C:\autoexec.bat
2014-08-06 20:05 - 2014-08-06 20:05 - 00000000 ____D () C:\sh4ldr
2014-08-06 20:05 - 2014-08-06 20:05 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-06 19:53 - 2014-08-06 20:42 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Tor
2014-08-06 19:53 - 2014-08-06 20:42 - 00000000 ____D () C:\Program Files (x86)\Vidalia Bundle
2014-08-06 19:53 - 2014-08-06 20:36 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Vidalia
2014-08-06 15:00 - 2014-08-06 15:00 - 00023393 _____ () C:\Users\pc\Desktop\PSLogZip.zip
2014-08-05 16:48 - 2014-08-06 21:39 - 00001609 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 16:40 - 2014-08-05 16:40 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Google
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\Program Files\Google
2014-08-05 16:09 - 2014-08-05 16:10 - 00000000 ____D () C:\ProgramData\Google
2014-08-03 11:36 - 2014-08-03 11:36 - 00023552 _____ () C:\Users\pc\AppData\Local\rckonne.dll
2014-08-03 11:36 - 2014-08-03 11:36 - 00000000 ____D () C:\ProgramData\IbadiRwega
2014-08-02 09:23 - 2014-08-07 05:01 - 00000778 _____ () C:\Windows\Tasks\Security Center Update - 3863432951.job
2014-08-02 09:23 - 2014-08-02 09:23 - 00003784 _____ () C:\Windows\System32\Tasks\Security Center Update - 3863432951
2014-08-02 09:23 - 2014-08-02 09:23 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Fuituf
2014-08-02 09:23 - 2013-09-14 00:09 - 00306853 _____ (Maskiseft Corporation) C:\Windows\SysWOW64\mafumo.exe
2014-08-02 09:22 - 2014-08-02 09:22 - 00023552 _____ () C:\Users\pc\AppData\Local\rchokoe.dll
2014-07-31 18:39 - 2014-08-06 21:31 - 00000000 _RSHD () C:\Users\pc\foinxw
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-07-31 17:52 - 2014-07-31 17:52 - 00008198 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:52 - 2014-07-31 17:52 - 00004144 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:52 - 2014-07-31 17:52 - 00000274 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.URL
2014-07-31 17:11 - 2014-07-31 17:11 - 00008198 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:11 - 2014-07-31 17:11 - 00008198 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:11 - 2014-07-31 17:11 - 00004144 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:11 - 2014-07-31 17:11 - 00004144 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:11 - 2014-07-31 17:11 - 00000274 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-07-31 17:11 - 2014-07-31 17:11 - 00000274 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.URL
2014-07-31 17:06 - 2014-07-31 17:06 - 00008198 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:06 - 2014-07-31 17:06 - 00004144 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:06 - 2014-07-31 17:06 - 00000274 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-07-31 15:10 - 2014-07-31 17:06 - 00000000 ____D () C:\Users\pc\AppData\Roaming\G001
2014-07-31 15:08 - 2014-07-31 15:08 - 00099328 _____ () C:\Users\pc\17816.exe
2014-07-30 14:48 - 2014-07-30 14:48 - 00099328 _____ () C:\Users\pc\17639.exe
2014-07-29 15:53 - 2014-07-29 15:53 - 00073728 _____ () C:\Users\pc\28199.exe
2014-07-29 15:53 - 2014-07-29 15:53 - 00000000 _____ () C:\Windows\28199.INI
2014-07-28 19:04 - 2014-07-28 19:04 - 00008196 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-07-28 19:04 - 2014-07-28 19:04 - 00004142 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-07-28 19:04 - 2014-07-28 19:04 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-07-28 19:01 - 2014-07-28 19:01 - 00092891 _____ (dcfdcvfdcd) C:\Users\pc\irarar.exe
2014-07-28 19:01 - 2014-07-28 19:01 - 00076800 _____ () C:\Users\pc\29817.exe
2014-07-28 18:57 - 2014-07-28 18:57 - 00270336 _____ () C:\Windows\SysWOW64\makemote.exe
2014-07-28 18:57 - 2014-07-28 18:57 - 00023552 _____ () C:\Users\pc\AppData\Local\soikles.dll
2014-07-28 16:30 - 2014-08-07 15:08 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-07-26 10:46 - 2014-07-26 10:46 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iziziz.exe
2014-07-26 10:42 - 2014-07-26 10:42 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ifefef.exe
2014-07-26 10:38 - 2014-07-26 10:38 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\idadad.exe
2014-07-26 10:37 - 2014-07-26 10:37 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ijijij.exe
2014-07-26 10:36 - 2014-07-26 10:36 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iwewew.exe
2014-07-26 10:35 - 2014-07-26 10:35 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ibobob.exe
2014-07-26 10:34 - 2014-07-26 10:34 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\imemem.exe
2014-07-26 10:32 - 2014-07-26 10:32 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iqoqoq.exe
2014-07-26 10:29 - 2014-07-26 10:29 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ininin.exe
2014-07-26 10:28 - 2014-07-26 10:28 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ilolol.exe
2014-07-26 10:28 - 2014-07-26 10:28 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ijejej.exe
2014-07-26 10:27 - 2014-07-26 10:27 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\igogog.exe
2014-07-26 10:26 - 2014-07-26 10:26 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ivevev.exe
2014-07-26 10:24 - 2014-07-26 10:24 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itutut.exe
2014-07-26 10:24 - 2014-07-26 10:24 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itatat.exe
2014-07-26 10:23 - 2014-07-31 17:30 - 00000000 ____D () C:\Users\pc\Desktop\Fotky
2014-07-26 10:21 - 2014-07-26 10:21 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itotot.exe
2014-07-26 10:20 - 2014-07-26 10:20 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\imamam.exe
2014-07-26 10:20 - 2014-07-26 10:20 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ibibib.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\izazaz.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ixuxux.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ixoxox.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00000000 ____D () C:\Users\pc\Desktop\Nová složka
2014-07-26 10:18 - 2014-07-26 10:18 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ivovov.exe
2014-07-23 18:51 - 2014-07-23 18:51 - 00000000 ____D () C:\Users\pc\AppData\Local\G001
2014-07-19 16:13 - 2014-07-19 16:13 - 00241925 _____ () C:\Users\pc\18369.exe
2014-07-19 16:13 - 2014-07-19 16:13 - 00069632 _____ () C:\Users\pc\38369.exe
2014-07-19 10:57 - 2014-07-19 10:57 - 00002449 __RSH () C:\Windows\SysWOW64\setting.ini
2014-07-19 10:57 - 2014-07-19 10:57 - 00000096 __RSH () C:\Windows\SysWOW64\setup.ini
2014-07-19 10:57 - 2014-07-19 10:57 - 00000000 __SHD () C:\Windows\SysWOW64\28463
2014-07-19 10:57 - 2008-07-14 11:36 - 00656763 __RSH () C:\Windows\SysWOW64\svchost .exe
2014-07-19 10:57 - 2008-07-14 11:36 - 00656763 __RSH () C:\Windows\SysWOW64\regsvr.exe
2014-07-19 10:57 - 2008-07-14 11:36 - 00656763 _____ () C:\Windows\regsvr.exe
2014-07-19 10:47 - 2014-08-06 21:01 - 00000000 ____D () C:\Users\pc\Desktop\zaloha fotak 19.7.2014
2014-07-17 16:05 - 2014-07-31 17:32 - 00000280 _____ () C:\Users\pc\Desktop\Nový textový dokument.txt
2014-07-12 20:09 - 2014-07-12 20:09 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2014-07-12 20:09 - 2014-07-12 20:09 - 00001065 _____ () C:\Users\Public\Desktop\PokerStars.lnk
2014-07-12 20:09 - 2014-07-12 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-07-12 19:54 - 2014-07-12 19:54 - 00000000 ____D () C:\Users\pc\AppData\Roaming\IDM
2014-07-11 18:54 - 2014-07-11 18:54 - 00234664 _____ () C:\Users\pc\19756.exe
2014-07-11 18:54 - 2014-07-11 18:54 - 00035840 _____ () C:\Users\pc\29756.exe
2014-07-11 18:51 - 2014-07-31 17:31 - 00000000 ____D () C:\Users\pc\Desktop\Gavlyn
2014-07-10 20:35 - 2014-07-31 17:53 - 1792860184 _____ () C:\Users\pc\Downloads\hbmutkjx.avi
2014-07-10 18:28 - 2014-07-31 17:53 - 166317085 _____ () C:\Users\pc\Downloads\Czech_Harem_2_part1.mp4
2014-07-10 18:21 - 2014-07-31 17:13 - 00000000 ____D () C:\Users\pc\Desktop\103-Pack
2014-07-10 18:20 - 2014-07-31 17:52 - 261248040 _____ () C:\Users\pc\Downloads\Czech_Harem_1-part1.mp4
2014-07-08 16:31 - 2014-07-31 17:53 - 136277280 _____ () C:\Users\pc\Downloads\Czech_Harem_3_part3.mp4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-07 15:46 - 2014-08-07 15:46 - 00000000 ____D () C:\FRST
2014-08-07 15:38 - 2014-06-04 15:21 - 00000312 _____ () C:\Users\pc\AppData\Roaming\template.css
2014-08-07 15:30 - 2013-08-17 07:11 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 15:27 - 2014-08-07 15:25 - 00000000 ____D () C:\Program Files\trend micro
2014-08-07 15:26 - 2014-08-07 15:26 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-08-07 15:26 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 15:26 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-07 15:25 - 2014-08-07 15:25 - 00000000 ____D () C:\rsit
2014-08-07 15:16 - 2013-08-17 10:29 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 15:13 - 2009-07-14 17:18 - 00671356 _____ () C:\Windows\system32\perfh005.dat
2014-08-07 15:13 - 2009-07-14 17:18 - 00142044 _____ () C:\Windows\system32\perfc005.dat
2014-08-07 15:13 - 2009-07-14 07:13 - 01590870 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 15:12 - 2013-11-09 14:20 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Seznam.cz
2014-08-07 15:11 - 2013-10-05 11:43 - 00000000 ____D () C:\Users\pc\AppData\Roaming\ViberPC
2014-08-07 15:10 - 2014-06-01 16:58 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Raptr
2014-08-07 15:10 - 2013-12-19 16:07 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-07 15:10 - 2013-08-20 18:00 - 00000000 ____D () C:\Users\pc\AppData\Roaming\ICQ
2014-08-07 15:08 - 2014-07-28 16:30 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-08-07 15:08 - 2013-10-05 11:41 - 00000000 ____D () C:\Users\pc\AppData\Local\Viber
2014-08-07 15:08 - 2013-08-17 08:26 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-08-07 15:07 - 2014-08-06 20:43 - 00000112 _____ () C:\Windows\setupact.log
2014-08-07 15:07 - 2013-08-17 08:25 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-08-07 15:07 - 2013-08-17 07:11 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-07 15:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 05:01 - 2014-08-02 09:23 - 00000778 _____ () C:\Windows\Tasks\Security Center Update - 3863432951.job
2014-08-06 22:20 - 2014-08-06 22:20 - 00001889 _____ () C:\Users\pc\Desktop\ShadowExplorer.lnk
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\Users\pc\AppData\Roaming\
www.shadowexplorer.com
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-08-06 21:39 - 2014-08-05 16:48 - 00001609 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 21:34 - 2011-03-31 16:49 - 00000000 ____D () C:\Notebook
2014-08-06 21:31 - 2014-07-31 18:39 - 00000000 _RSHD () C:\Users\pc\foinxw
2014-08-06 21:01 - 2014-07-19 10:47 - 00000000 ____D () C:\Users\pc\Desktop\zaloha fotak 19.7.2014
2014-08-06 20:48 - 2013-08-21 18:26 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-06 20:48 - 2013-08-17 06:49 - 00000000 ____D () C:\Users\pc
2014-08-06 20:46 - 2014-08-06 20:46 - 00000000 _____ () C:\Users\pc\0719.exe
2014-08-06 20:43 - 2014-08-06 20:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-06 20:42 - 2014-08-06 19:53 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Tor
2014-08-06 20:42 - 2014-08-06 19:53 - 00000000 ____D () C:\Program Files (x86)\Vidalia Bundle
2014-08-06 20:42 - 2013-12-11 18:01 - 00000000 ____D () C:\Program Files (x86)\Trademanager
2014-08-06 20:42 - 2013-11-17 20:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-06 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-06 20:36 - 2014-08-06 19:53 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Vidalia
2014-08-06 20:06 - 2014-08-06 20:06 - 00000000 _____ () C:\autoexec.bat
2014-08-06 20:05 - 2014-08-06 20:05 - 00000000 ____D () C:\sh4ldr
2014-08-06 20:05 - 2014-08-06 20:05 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-06 15:00 - 2014-08-06 15:00 - 00023393 _____ () C:\Users\pc\Desktop\PSLogZip.zip
2014-08-05 16:52 - 2013-08-18 19:26 - 00000000 ____D () C:\Users\pc\AppData\Local\PokerStars
2014-08-05 16:52 - 2013-08-18 19:26 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-08-05 16:40 - 2014-08-05 16:40 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Google
2014-08-05 16:40 - 2013-08-17 07:11 - 00000000 ____D () C:\Users\pc\AppData\Local\Google
2014-08-05 16:12 - 2013-08-22 19:41 - 00000000 ____D () C:\Users\pc\AppData\Roaming\DAEMON Tools Lite
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\Program Files\Google
2014-08-05 16:10 - 2014-08-05 16:09 - 00000000 ____D () C:\ProgramData\Google
2014-08-05 16:10 - 2013-08-21 18:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-05 16:10 - 2013-08-17 07:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-05 15:22 - 2014-05-04 10:09 - 00000000 ____D () C:\ProgramData\Origin
2014-08-05 15:14 - 2014-06-01 16:58 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-05 15:14 - 2014-05-04 10:09 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-03 11:36 - 2014-08-03 11:36 - 00023552 _____ () C:\Users\pc\AppData\Local\rckonne.dll
2014-08-03 11:36 - 2014-08-03 11:36 - 00000000 ____D () C:\ProgramData\IbadiRwega
2014-08-02 09:23 - 2014-08-02 09:23 - 00003784 _____ () C:\Windows\System32\Tasks\Security Center Update - 3863432951
2014-08-02 09:23 - 2014-08-02 09:23 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Fuituf
2014-08-02 09:22 - 2014-08-02 09:22 - 00023552 _____ () C:\Users\pc\AppData\Local\rchokoe.dll
2014-07-31 18:27 - 2012-08-04 11:38 - 00000000 ____D () C:\czshare
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-06-11 19:21 - 08832792 _____ () C:\Users\pc\Downloads\TTP (1).ppt
2014-07-31 17:54 - 2014-06-08 19:22 - 07637016 _____ () C:\Users\pc\Downloads\TTP_.pptx
2014-07-31 17:54 - 2014-05-24 20:39 - 1124994822 _____ () C:\Users\pc\Downloads\Vlk z Wall Streat CZ- dab.avi
2014-07-31 17:54 - 2014-05-11 15:25 - 08832792 _____ () C:\Users\pc\Downloads\TTP.ppt
2014-07-31 17:54 - 2014-04-13 10:10 - 00000000 ____D () C:\Users\pc\P5JavaClientSettings
2014-07-31 17:53 - 2014-07-10 20:35 - 1792860184 _____ () C:\Users\pc\Downloads\hbmutkjx.avi
2014-07-31 17:53 - 2014-07-10 18:28 - 166317085 _____ () C:\Users\pc\Downloads\Czech_Harem_2_part1.mp4
2014-07-31 17:53 - 2014-07-08 16:31 - 136277280 _____ () C:\Users\pc\Downloads\Czech_Harem_3_part3.mp4
2014-07-31 17:53 - 2014-07-06 15:03 - 342930813 _____ () C:\Users\pc\Downloads\rychlyprachy70 - Cesky amaterky [xxx].wmv
2014-07-31 17:53 - 2014-07-06 15:02 - 146135721 _____ () C:\Users\pc\Downloads\Czech_Harem_3_part2.mp4
2014-07-31 17:53 - 2014-07-06 14:09 - 682479579 _____ () C:\Users\pc\Downloads\Czech_Harem_3_Part_1.wmv
2014-07-31 17:53 - 2014-06-11 21:01 - 1034965016 _____ () C:\Users\pc\Downloads\Na život a na smrt BRRip CZ.avi
2014-07-31 17:53 - 2014-05-25 08:35 - 1574288928 _____ () C:\Users\pc\Downloads\Planeta ocean.Planet Ocean (2012) v CZ dokument Francie V.Británie.avi
2014-07-31 17:53 - 2014-03-11 17:53 - 00016152 _____ () C:\Users\pc\Downloads\hotel_Maj_ceník2014 (1).xls
2014-07-31 17:53 - 2014-03-09 15:28 - 00016152 _____ () C:\Users\pc\Downloads\hotel_Maj_ceník2014.xls
2014-07-31 17:53 - 2013-11-09 22:42 - 00016664 _____ () C:\Users\pc\Downloads\Osobni udaje.odt
2014-07-31 17:53 - 2013-11-01 20:56 - 00059416 _____ () C:\Users\pc\Downloads\Seznam objektů bytového a nebytového fondu (2).xls
2014-07-31 17:53 - 2013-10-07 15:35 - 00059416 _____ () C:\Users\pc\Downloads\Seznam objektů bytového a nebytového fondu (1).xls
2014-07-31 17:53 - 2013-09-26 17:01 - 00059416 _____ () C:\Users\pc\Downloads\Seznam objektů bytového a nebytového fondu.xls
2014-07-31 17:52 - 2014-07-31 17:52 - 00008198 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:52 - 2014-07-31 17:52 - 00004144 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:52 - 2014-07-31 17:52 - 00000274 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.URL
2014-07-31 17:52 - 2014-07-10 18:20 - 261248040 _____ () C:\Users\pc\Downloads\Czech_Harem_1-part1.mp4
2014-07-31 17:52 - 2014-06-29 07:24 - 00040216 _____ () C:\Users\pc\Downloads\BRASIL2014 (1).xls
2014-07-31 17:52 - 2014-06-25 20:40 - 00000000 ____D () C:\Users\pc\Downloads\com.garmin.android.apps.viago
2014-07-31 17:52 - 2014-06-20 17:24 - 00036120 _____ () C:\Users\pc\Downloads\BRASIL2014.xls
2014-07-31 17:52 - 2014-06-11 19:20 - 00400408 _____ () C:\Users\pc\Downloads\03 Spalovacie teploty (1).ppt
2014-07-31 17:52 - 2014-06-11 19:20 - 00234520 _____ () C:\Users\pc\Downloads\02 Spalovanie paliv (1).ppt
2014-07-31 17:52 - 2014-06-11 19:18 - 00235544 _____ () C:\Users\pc\Downloads\01 Paliva (1).ppt
2014-07-31 17:52 - 2014-05-11 15:25 - 00400408 _____ () C:\Users\pc\Downloads\03 Spalovacie teploty.ppt
2014-07-31 17:52 - 2014-05-11 15:25 - 00235544 _____ () C:\Users\pc\Downloads\01 Paliva.ppt
2014-07-31 17:52 - 2014-05-11 15:25 - 00234520 _____ () C:\Users\pc\Downloads\02 Spalovanie paliv.ppt
2014-07-31 17:49 - 2014-07-06 14:15 - 95018028 _____ () C:\Users\pc\Documents\Czech_Harem_3_Part_1.wmv.crdownload.avi
2014-07-31 17:49 - 2014-05-14 21:12 - 00000000 ____D () C:\Users\pc\Documents\Soubory aplikace Outlook
2014-07-31 17:49 - 2014-04-28 20:17 - 2033147928 _____ () C:\Users\pc\Desktop\Zprávař 2 - Legenda pokračuje.avi
2014-07-31 17:49 - 2014-01-05 20:50 - 588298264 _____ () C:\Users\pc\Documents\Jackass Presents- Bad Grandpa (2013) Novinka Angl. dabing Komedie HDRip kvalita.avi
2014-07-31 17:49 - 2013-10-27 16:56 - 00000000 ____D () C:\Users\pc\Documents\Euro Truck Simulator 2
2014-07-31 17:49 - 2013-09-23 18:21 - 00000000 ____D () C:\Users\pc\Desktop\zaloha HTC karta
2014-07-31 17:39 - 2014-07-07 16:11 - 27965473 _____ () C:\Users\pc\Desktop\VID_20140705_024747.mp4
2014-07-31 17:39 - 2014-07-07 16:10 - 15196558 _____ () C:\Users\pc\Desktop\VID_20140705_025049.mp4
2014-07-31 17:39 - 2014-05-11 15:28 - 08832792 _____ () C:\Users\pc\Desktop\výměníky tepla.ppt
2014-07-31 17:39 - 2014-02-19 19:11 - 00000000 ____D () C:\Users\pc\Desktop\Trading
2014-07-31 17:39 - 2013-11-10 11:23 - 00000000 ____D () C:\Users\pc\Desktop\School
2014-07-31 17:32 - 2014-07-17 16:05 - 00000280 _____ () C:\Users\pc\Desktop\Nový textový dokument.txt
2014-07-31 17:32 - 2014-05-27 18:00 - 00000000 ____D () C:\Users\pc\Desktop\Materiály2
2014-07-31 17:32 - 2014-05-27 18:00 - 00000000 ____D () C:\Users\pc\Desktop\Materiály
2014-07-31 17:32 - 2014-05-12 19:16 - 00006680 _____ () C:\Users\pc\Desktop\Nový Microsoft Excel Worksheet.xlsx
2014-07-31 17:32 - 2014-05-02 20:26 - 865974296 _____ () C:\Users\pc\Desktop\oh.avi
2014-07-31 17:32 - 2013-09-23 17:12 - 00000000 ____D () C:\Users\pc\Desktop\Lenovo CP
2014-07-31 17:32 - 2013-09-17 18:20 - 00000000 ____D () C:\Users\pc\Desktop\OpenOffice 4.0.0 (cs) Installation Files
2014-07-31 17:32 - 2013-09-03 16:24 - 00000000 ____D () C:\Users\pc\Desktop\Samsung sdhc 32gb
2014-07-31 17:31 - 2014-07-11 18:51 - 00000000 ____D () C:\Users\pc\Desktop\Gavlyn
2014-07-31 17:31 - 2014-04-24 16:19 - 00000000 ____D () C:\Users\pc\Desktop\inzeráty
2014-07-31 17:31 - 2014-04-21 15:35 - 1743384600 ____R () C:\Users\pc\Desktop\Last.Vegas.2013.480p.BDRip.AC3.XViD.CZ.4play.avi
2014-07-31 17:30 - 2014-07-26 10:23 - 00000000 ____D () C:\Users\pc\Desktop\Fotky
2014-07-31 17:30 - 2014-05-14 18:39 - 00000000 ____D () C:\Users\pc\Desktop\FreeRapid-0.9u3
2014-07-31 17:13 - 2014-07-10 18:21 - 00000000 ____D () C:\Users\pc\Desktop\103-Pack
2014-07-31 17:13 - 2014-06-20 17:24 - 00036120 _____ () C:\Users\pc\Desktop\BRASIL2014.xls
2014-07-31 17:13 - 2014-02-07 11:54 - 00000000 ____D () C:\Users\pc\Desktop\bum
2014-07-31 17:11 - 2014-07-31 17:11 - 00008198 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:11 - 2014-07-31 17:11 - 00008198 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:11 - 2014-07-31 17:11 - 00004144 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:11 - 2014-07-31 17:11 - 00004144 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:11 - 2014-07-31 17:11 - 00000274 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-07-31 17:11 - 2014-07-31 17:11 - 00000274 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.URL
2014-07-31 17:11 - 2014-05-14 18:41 - 00000000 ____D () C:\Users\pc\AppData\Roaming\VitySoft
2014-07-31 17:11 - 2014-02-04 17:22 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Winamp
2014-07-31 17:09 - 2014-01-01 16:30 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Skype
2014-07-31 17:09 - 2013-08-21 16:51 - 00000000 ____D () C:\Users\pc\AppData\Roaming\uTorrent
2014-07-31 17:08 - 2013-09-07 09:45 - 00000000 ____D () C:\Users\pc\AppData\Roaming\PacificPoker
2014-07-31 17:06 - 2014-07-31 17:06 - 00008198 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:06 - 2014-07-31 17:06 - 00004144 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:06 - 2014-07-31 17:06 - 00000274 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-07-31 17:06 - 2014-07-31 15:10 - 00000000 ____D () C:\Users\pc\AppData\Roaming\G001
2014-07-31 17:06 - 2014-05-04 11:42 - 00000000 ____D () C:\Users\pc\AppData\Local\PunkBuster
2014-07-31 17:06 - 2014-05-04 10:10 - 00000000 ____D () C:\Users\pc\AppData\Local\Origin
2014-07-31 17:06 - 2014-04-13 10:10 - 00000000 ____D () C:\Users\pc\AppData\Local\P5
2014-07-31 17:06 - 2014-04-09 17:25 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Opera Software
2014-07-31 17:06 - 2014-01-17 19:09 - 00000000 ____D () C:\Users\pc\AppData\Roaming\BSplayer
2014-07-31 17:06 - 2013-09-17 18:23 - 00000000 ____D () C:\Users\pc\AppData\Roaming\OpenOffice
2014-07-31 17:06 - 2013-08-21 16:45 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Babylon
2014-07-31 17:06 - 2013-08-17 10:29 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Adobe
2014-07-31 17:05 - 2013-10-20 10:26 - 00000000 ____D () C:\Train Simulator 2014 Steam Edition
2014-07-31 17:05 - 2013-08-21 19:04 - 00000000 ____D () C:\Users\pc\AppData\Local\AVG Secure Search
2014-07-31 17:05 - 2013-08-21 17:49 - 00000000 ____D () C:\Users\pc\AppData\Local\AMD
2014-07-31 17:01 - 2014-04-13 10:10 - 00000000 ____D () C:\Redbet
2014-07-31 17:01 - 2013-08-17 10:27 - 00000000 ____D () C:\Poker
2014-07-31 15:08 - 2014-07-31 15:08 - 00099328 _____ () C:\Users\pc\17816.exe
2014-07-30 14:48 - 2014-07-30 14:48 - 00099328 _____ () C:\Users\pc\17639.exe
2014-07-30 14:46 - 2009-07-14 07:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 15:53 - 2014-07-29 15:53 - 00073728 _____ () C:\Users\pc\28199.exe
2014-07-29 15:53 - 2014-07-29 15:53 - 00000000 _____ () C:\Windows\28199.INI
2014-07-28 19:31 - 2011-11-28 16:59 - 00000000 ____D () C:\fotky notebook
2014-07-28 19:08 - 2013-08-21 16:36 - 00000000 ____D () C:\AMD
2014-07-28 19:04 - 2014-07-28 19:04 - 00008196 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-07-28 19:04 - 2014-07-28 19:04 - 00004142 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-07-28 19:04 - 2014-07-28 19:04 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-07-28 19:04 - 2014-04-28 15:36 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-07-28 19:04 - 2014-01-01 16:30 - 00000000 ____D () C:\ProgramData\Skype
2014-07-28 19:04 - 2013-08-21 16:40 - 00000000 ____D () C:\ProgramData\AMD
2014-07-28 19:01 - 2014-07-28 19:01 - 00092891 _____ (dcfdcvfdcd) C:\Users\pc\irarar.exe
2014-07-28 19:01 - 2014-07-28 19:01 - 00076800 _____ () C:\Users\pc\29817.exe
2014-07-28 19:01 - 2014-06-24 18:42 - 00076800 _____ () C:\Windows\SysWOW64\aaaaaaaa.exe
2014-07-28 19:01 - 2014-06-24 18:42 - 00076800 _____ () C:\Users\pc\aaaaaaaa.exe
2014-07-28 18:57 - 2014-07-28 18:57 - 00270336 _____ () C:\Windows\SysWOW64\makemote.exe
2014-07-28 18:57 - 2014-07-28 18:57 - 00023552 _____ () C:\Users\pc\AppData\Local\soikles.dll
2014-07-26 10:46 - 2014-07-26 10:46 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iziziz.exe
2014-07-26 10:42 - 2014-07-26 10:42 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ifefef.exe
2014-07-26 10:38 - 2014-07-26 10:38 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\idadad.exe
2014-07-26 10:37 - 2014-07-26 10:37 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ijijij.exe
2014-07-26 10:36 - 2014-07-26 10:36 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iwewew.exe
2014-07-26 10:35 - 2014-07-26 10:35 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ibobob.exe
2014-07-26 10:34 - 2014-07-26 10:34 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\imemem.exe
2014-07-26 10:32 - 2014-07-26 10:32 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iqoqoq.exe
2014-07-26 10:29 - 2014-07-26 10:29 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ininin.exe
2014-07-26 10:28 - 2014-07-26 10:28 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ilolol.exe
2014-07-26 10:28 - 2014-07-26 10:28 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ijejej.exe
2014-07-26 10:27 - 2014-07-26 10:27 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\igogog.exe
2014-07-26 10:26 - 2014-07-26 10:26 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ivevev.exe
2014-07-26 10:24 - 2014-07-26 10:24 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itutut.exe
2014-07-26 10:24 - 2014-07-26 10:24 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itatat.exe
2014-07-26 10:21 - 2014-07-26 10:21 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itotot.exe
2014-07-26 10:20 - 2014-07-26 10:20 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\imamam.exe
2014-07-26 10:20 - 2014-07-26 10:20 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ibibib.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\izazaz.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ixuxux.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ixoxox.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00000000 ____D () C:\Users\pc\Desktop\Nová složka
2014-07-26 10:18 - 2014-07-26 10:18 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ivovov.exe
2014-07-23 18:51 - 2014-07-23 18:51 - 00000000 ____D () C:\Users\pc\AppData\Local\G001
2014-07-22 05:21 - 2013-08-17 07:11 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 16:13 - 2014-07-19 16:13 - 00241925 _____ () C:\Users\pc\18369.exe
2014-07-19 16:13 - 2014-07-19 16:13 - 00069632 _____ () C:\Users\pc\38369.exe
2014-07-19 16:11 - 2014-06-13 19:02 - 00000000 ____D () C:\Users\pc\AppData\Local\USPmedia
2014-07-19 10:57 - 2014-07-19 10:57 - 00002449 __RSH () C:\Windows\SysWOW64\setting.ini
2014-07-19 10:57 - 2014-07-19 10:57 - 00000096 __RSH () C:\Windows\SysWOW64\setup.ini
2014-07-19 10:57 - 2014-07-19 10:57 - 00000000 __SHD () C:\Windows\SysWOW64\28463
2014-07-15 18:04 - 2013-09-07 09:45 - 00000000 ____D () C:\Users\pc\Documents\888poker
2014-07-12 20:09 - 2014-07-12 20:09 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2014-07-12 20:09 - 2014-07-12 20:09 - 00001065 _____ () C:\Users\Public\Desktop\PokerStars.lnk
2014-07-12 20:09 - 2014-07-12 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-07-12 19:54 - 2014-07-12 19:54 - 00000000 ____D () C:\Users\pc\AppData\Roaming\IDM
2014-07-11 18:54 - 2014-07-11 18:54 - 00234664 _____ () C:\Users\pc\19756.exe
2014-07-11 18:54 - 2014-07-11 18:54 - 00035840 _____ () C:\Users\pc\29756.exe
2014-07-08 20:16 - 2013-08-17 10:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:16 - 2013-08-17 10:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 20:16 - 2013-08-17 10:29 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
Files to move or delete:
====================
C:\ProgramData\msfidbh.exe
C:\Users\pc\0719.exe
C:\Users\pc\17639.exe
C:\Users\pc\17816.exe
C:\Users\pc\17917.exe
C:\Users\pc\18124.exe
C:\Users\pc\18369.exe
C:\Users\pc\19756.exe
C:\Users\pc\19814.exe
C:\Users\pc\25663.exe
C:\Users\pc\28124.exe
C:\Users\pc\28199.exe
C:\Users\pc\29673.exe
C:\Users\pc\29756.exe
C:\Users\pc\29817.exe
C:\Users\pc\35663.exe
C:\Users\pc\37449.exe
C:\Users\pc\37814.exe
C:\Users\pc\38369.exe
C:\Users\pc\39673.exe
C:\Users\pc\39814.exe
C:\Users\pc\aaaaaaaa.exe
C:\Users\pc\gigig.exe
C:\Users\pc\ibibib.exe
C:\Users\pc\ibobob.exe
C:\Users\pc\idadad.exe
C:\Users\pc\ifefef.exe
C:\Users\pc\igogog.exe
C:\Users\pc\ijejej.exe
C:\Users\pc\ijijij.exe
C:\Users\pc\ilolol.exe
C:\Users\pc\imamam.exe
C:\Users\pc\imemem.exe
C:\Users\pc\ininin.exe
C:\Users\pc\iqoqoq.exe
C:\Users\pc\irarar.exe
C:\Users\pc\itatat.exe
C:\Users\pc\itotot.exe
C:\Users\pc\itutut.exe
C:\Users\pc\ivevev.exe
C:\Users\pc\ivovov.exe
C:\Users\pc\iwewew.exe
C:\Users\pc\ixoxox.exe
C:\Users\pc\ixuxux.exe
C:\Users\pc\izazaz.exe
C:\Users\pc\iziziz.exe
C:\Users\pc\nenen.exe
C:\Users\pc\qiqiq.exe
C:\Users\pc\zezez.exe
Some content of TEMP:
====================
C:\Users\pc\AppData\Local\Temp\KMP_3.9.0.126.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-07-29 18:56
==================== End Of Log ============================
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
