VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

čínská aplikace nejde odinstalovat

https://forum.viry.cz:443/viewtopic.php?t=147941

Stránka 1 z 1

čínská aplikace nejde odinstalovat

Napsal: 14 úno 2016 10:39
od skorpo
Ahoj všichni a předem díky za pomoc.

Mám v notebooku nějaké svinstvo s čínskými znaky, kterého se nelze zbavit. vlezlo mi to do browseru, změnilo vyhledávač (což samozřejmě už nejde dát na jiný) a celkově to vyhazuje pop-upy.

adwcleaner log níže

# AdwCleaner v5.033 - Logfile created 12/02/2016 at 17:57:46
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Karolina - KAROLINA-PC
# Running from : C:\Users\Karolina\Desktop\adwcleaner_5.033.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : QQPCRTP
[-] Service Deleted : TAOAccelerator
[-] Service Deleted : TSDefenseBt
[-] Service Deleted : TSSysKit
[-] Service Deleted : QMUdisk
[-] Service Deleted : QQSysMonX64
[-] Service Deleted : TFsFlt
[-] Service Deleted : TAOKernelDriver
[-] Service Deleted : TSSKX64
[-] Service Deleted : SPS

***** [ Folders ] *****

[-] Folder Deleted : C:\Genius
[#] Folder Deleted : C:\Program Files (x86)\tencent
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[#] Folder Deleted : C:\Program Files\Common Files\tencent
[#] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
[-] Folder Deleted : C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
[-] Folder Deleted : C:\Users\Karolina\AppData\Roaming\tencent
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent

***** [ Files ] *****

[-] File Deleted : C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage
[-] File Deleted : C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage
[-] File Deleted : C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Karolina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\电脑管家.lnk
[-] File Deleted : C:\Windows\SysNative\drivers\TAOAccelerator64.sys
[-] File Deleted : C:\Windows\SysNative\drivers\TSSKX64.sys
[-] File Deleted : C:\Windows\SysNative\drivers\TAOKernel64.sys
[-] File Deleted : C:\Windows\SysNative\drivers\TFsFltX64.sys
[-] File Deleted : C:\Windows\SysWOW64\SearchProtectService.exe
[-] File Deleted : C:\Windows\SysWOW64\drivers\TsFltMgr.sys
[-] File Deleted : C:\Windows\SysWOW64\drivers\TS888x64.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Plus-HD-7.6-bg.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2AEF02C3-5159-4C81-A688-8D954F0DEE56}_NewSearch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3D}

***** [ Web browsers ] *****

[-] [C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : microsoft-office-2010.softonic.com
[-] [C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : kindle-to-pdf-converter.en.softonic.com
[-] [C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : journey-to-the-center-of-the-earth.en.softonic.com
[-] [C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : >
[-] [C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nafaimnnclfjfedmmabolbppcngeolgf
[-] [C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nonjdcjchghhkdoolnlbekcfllmednbl
[-] [C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ooebklgpfnbcnpokahmdidgbmlcdepkm

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7762 bytes] ##########

a tady je combofix
ComboFix 16-02-09.01 - Karolina 13.02.2016 14:30:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4063.1977 [GMT 1:00]
Spuštěný z: c:\users\Karolina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Karolina\AppData\Local\assembly\tmp
c:\users\Karolina\AppData\Local\assembly\tmp\OXA3633N\__AssemblyInfo__.ini
c:\users\Karolina\AppData\Local\assembly\tmp\OXA3633N\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
c:\windows\IsUn0405.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\tmp144F.tmp
c:\windows\SysWow64\tmp145F.tmp
c:\windows\SysWow64\tmp6F2B.tmp
c:\windows\SysWow64\tmp6F3B.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-13 do 2016-02-13 )))))))))))))))))))))))))))))))
.
.
2016-02-13 13:44 . 2016-02-13 13:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-12 16:59 . 2016-02-12 16:59 -------- d-----w- c:\programdata\TXQMPC
2016-02-10 22:10 . 2016-02-10 22:10 210432 ----a-w- c:\windows\system32\aepic.dll
2016-02-10 22:10 . 2016-02-10 22:10 1164800 ----a-w- c:\windows\system32\aeinv.dll
2016-02-10 21:57 . 2016-02-10 21:57 62464 ----a-w- c:\windows\system32\drivers\appid.sys
2016-02-10 21:54 . 2016-02-10 21:54 879616 ----a-w- c:\windows\system32\advapi32.dll
2016-02-10 21:54 . 2016-02-10 21:54 643072 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-02-10 21:52 . 2016-02-10 21:52 76288 ----a-w- c:\windows\system32\devenum.dll
2016-02-10 21:52 . 2016-02-10 21:52 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2016-02-10 21:52 . 2016-02-10 21:52 624640 ----a-w- c:\windows\system32\qedit.dll
2016-02-10 21:52 . 2016-02-10 21:52 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2016-02-10 21:52 . 2016-02-10 21:52 91648 ----a-w- c:\windows\system32\mapi32.dll
2016-02-10 21:52 . 2016-02-10 21:52 76800 ----a-w- c:\windows\SysWow64\mapistub.dll
2016-02-10 21:52 . 2016-02-10 21:52 14336 ----a-w- c:\windows\SysWow64\fixmapi.exe
2016-02-10 21:52 . 2016-02-10 21:52 91648 ----a-w- c:\windows\system32\mapistub.dll
2016-02-10 21:52 . 2016-02-10 21:52 17920 ----a-w- c:\windows\system32\fixmapi.exe
2016-02-10 21:51 . 2016-02-10 21:51 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-02-10 21:25 . 2016-02-10 21:25 87864 ------w- c:\windows\system32\drivers\TFsFltX64.sys
2016-02-10 21:24 . 2016-02-12 17:00 -------- d-----w- c:\programdata\Tencent
2016-02-10 09:37 . 2016-02-10 09:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2259791-36CE-43F6-A778-7F540B49C3CE}\offreg.3656.dll
2016-02-09 17:53 . 2016-02-09 17:53 -------- d-----w- c:\users\Karolina\AppData\Roaming\GameMill Entertainment
2016-02-09 17:16 . 2016-02-09 17:16 -------- d-----w- c:\programdata\Big Fish
2016-02-09 17:14 . 2016-02-09 17:16 -------- d-----w- c:\users\Karolina\AppData\Local\Big Fish
2016-02-09 09:05 . 2016-02-09 09:05 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-02-09 09:05 . 2016-02-09 09:05 52184 ----a-w- c:\windows\avastSS.scr
2016-02-03 11:01 . 2016-02-03 11:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2259791-36CE-43F6-A778-7F540B49C3CE}\offreg.4380.dll
2016-02-03 10:53 . 2015-12-16 09:15 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2259791-36CE-43F6-A778-7F540B49C3CE}\mpengine.dll
2016-02-03 10:53 . 2016-02-03 10:53 -------- d-----w- C:\4b07b6a08b1f5c3eab3c975b
2016-02-03 10:50 . 2016-02-03 10:50 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2016-02-03 10:50 . 2016-02-03 10:50 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2016-02-03 10:50 . 2016-02-03 10:50 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2016-02-03 10:50 . 2016-02-03 10:50 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2016-02-03 10:50 . 2016-02-03 10:50 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2016-02-03 10:50 . 2016-02-03 10:50 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
2016-02-03 10:50 . 2016-02-03 10:50 69120 ----a-w- c:\windows\system32\nlsbres.dll
2016-02-03 10:47 . 2016-02-03 10:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-02-03 10:47 . 2016-02-03 10:47 2048 ----a-w- c:\windows\system32\tzres.dll
2016-02-03 10:42 . 2016-02-03 10:42 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2016-02-03 10:42 . 2016-02-03 10:42 1180160 ----a-w- c:\windows\system32\FntCache.dll
2016-02-03 10:42 . 2016-02-03 10:42 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-02-03 10:42 . 2016-02-03 10:42 1648128 ----a-w- c:\windows\system32\DWrite.dll
2016-02-03 10:42 . 2016-02-03 10:42 1008640 ----a-w- c:\windows\system32\user32.dll
2016-02-03 10:41 . 2016-02-03 10:41 241664 ----a-w- c:\windows\system32\els.dll
2016-02-03 10:41 . 2016-02-03 10:41 179712 ----a-w- c:\windows\SysWow64\els.dll
2016-02-03 10:39 . 2016-02-03 10:39 17408 ----a-w- c:\windows\system32\wshrm.dll
2016-02-03 10:39 . 2016-02-03 10:39 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2016-02-03 10:39 . 2016-02-03 10:39 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2016-02-03 10:38 . 2016-02-03 10:38 802304 ----a-w- c:\windows\system32\usp10.dll
2016-02-03 10:38 . 2016-02-03 10:38 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2016-02-03 10:37 . 2016-02-03 10:37 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2016-02-03 10:37 . 2016-02-03 10:37 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2016-02-03 10:37 . 2016-02-03 10:37 525312 ----a-w- c:\windows\system32\catsrvut.dll
2016-02-03 10:37 . 2016-02-03 10:37 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2016-02-03 10:18 . 2016-02-03 10:18 497664 ----a-w- c:\windows\system32\drivers\afd.sys
2016-02-03 10:18 . 2016-02-03 10:18 118272 ----a-w- c:\windows\system32\drivers\tdx.sys
2016-02-03 10:16 . 2016-02-03 10:16 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2016-02-03 10:11 . 2016-02-03 10:11 939520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2016-02-03 10:11 . 2016-02-03 10:11 274944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-02-03 10:11 . 2016-02-03 10:11 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2016-02-03 10:11 . 2016-02-03 10:11 1415168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2016-02-03 10:11 . 2016-02-03 10:11 126464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2016-02-03 10:11 . 2016-02-03 10:11 353280 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-02-03 10:11 . 2016-02-03 10:11 275456 ----a-w- c:\windows\system32\InkEd.dll
2016-02-03 10:11 . 2016-02-03 10:11 2103296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-02-03 10:11 . 2016-02-03 10:11 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2016-02-03 10:11 . 2016-02-03 10:11 1372160 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-02-03 10:08 . 2016-02-03 10:08 459344 ----a-w- c:\windows\system32\drivers\cng.sys
2016-02-03 10:08 . 2016-02-03 10:08 298192 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-02-03 10:08 . 2016-02-03 10:08 251000 ----a-w- c:\windows\SysWow64\bcryptprimitives.dll
2016-02-03 10:06 . 2016-02-03 10:06 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2016-02-03 10:06 . 2016-02-03 10:06 6656 ----a-w- c:\windows\system32\shimeng.dll
2016-02-03 10:06 . 2016-02-03 10:06 342016 ----a-w- c:\windows\system32\apphelp.dll
2016-02-03 10:06 . 2016-02-03 10:06 23552 ----a-w- c:\windows\system32\sdbinst.exe
2016-02-03 10:06 . 2016-02-03 10:06 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2016-02-03 10:06 . 2016-02-03 10:06 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2016-02-03 10:06 . 2016-02-03 10:06 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2016-02-03 10:02 . 2016-02-03 10:02 634432 ----a-w- c:\windows\system32\winload.exe
2016-02-03 09:56 . 2016-02-03 09:56 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-03 09:56 . 2016-02-03 09:56 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-03 09:56 . 2016-02-03 09:56 14176768 ----a-w- c:\windows\system32\shell32.dll
2016-02-03 09:53 . 2016-02-03 09:53 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2016-02-03 09:53 . 2016-02-03 09:53 22528 ----a-w- c:\windows\system32\icaapi.dll
2016-02-03 09:51 . 2016-02-03 09:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-03 09:51 . 2016-02-03 09:51 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-03 09:51 . 2016-02-03 09:51 41984 ----a-w- c:\windows\system32\lpk.dll
2016-02-03 09:51 . 2016-02-03 09:51 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-03 09:51 . 2016-02-03 09:51 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-03 09:51 . 2016-02-03 09:51 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-03 09:51 . 2016-02-03 09:51 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-03 09:51 . 2016-02-03 09:51 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-03 09:51 . 2016-02-03 09:51 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-03 09:51 . 2016-02-03 09:51 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-03 09:47 . 2016-02-03 09:47 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-02-03 09:47 . 2016-02-03 09:47 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2016-02-03 09:47 . 2016-02-03 09:47 879104 ----a-w- c:\windows\system32\tdh.dll
2016-02-03 09:47 . 2016-02-03 09:47 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2016-02-03 09:45 . 2016-02-03 09:45 82944 ----a-w- c:\windows\system32\dwmapi.dll
2016-02-03 09:45 . 2016-02-03 09:45 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2016-02-03 09:45 . 2016-02-03 09:45 1632256 ----a-w- c:\windows\system32\dwmcore.dll
2016-02-03 09:45 . 2016-02-03 09:45 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2016-02-03 09:44 . 2016-02-03 09:44 1941504 ----a-w- c:\windows\system32\authui.dll
2016-02-03 09:44 . 2016-02-03 09:44 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-02-03 09:44 . 2016-02-03 09:44 70656 ----a-w- c:\windows\system32\appinfo.dll
2016-02-03 09:44 . 2016-02-03 09:44 115136 ----a-w- c:\windows\system32\consent.exe
2016-02-03 09:39 . 2016-02-03 09:39 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2016-02-03 09:39 . 2016-02-03 09:39 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2016-02-03 09:39 . 2016-02-03 09:39 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-02-03 09:39 . 2016-02-03 09:39 2048 ----a-w- c:\windows\system32\msxml6r.dll
2016-02-03 09:39 . 2016-02-03 09:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-02-03 09:39 . 2016-02-03 09:39 2004480 ----a-w- c:\windows\system32\msxml6.dll
2016-02-03 09:39 . 2016-02-03 09:39 1887232 ----a-w- c:\windows\system32\msxml3.dll
2016-02-03 09:39 . 2016-02-03 09:39 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2016-02-03 09:39 . 2016-02-03 09:39 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2016-02-03 09:38 . 2016-02-03 09:38 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2016-02-03 09:38 . 2016-02-03 09:38 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2016-02-03 09:37 . 2016-02-03 09:37 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-02-03 09:37 . 2016-02-03 09:37 260096 ----a-w- c:\windows\system32\WebClnt.dll
2016-02-03 09:37 . 2016-02-03 09:37 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-02-03 09:37 . 2016-02-03 09:37 102912 ----a-w- c:\windows\system32\davclnt.dll
2016-02-03 09:34 . 2016-02-03 09:34 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\mountmgr.sys.mui
2016-02-03 09:34 . 2016-02-03 09:34 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-02-03 09:34 . 2016-02-03 09:34 11264 ----a-w- c:\windows\system32\msmmsp.dll
2016-02-03 09:34 . 2016-02-03 09:34 1743360 ----a-w- c:\windows\system32\sysmain.dll
2016-02-03 09:27 . 2016-02-03 09:27 52736 ----a-w- c:\windows\system32\basesrv.dll
2016-02-03 09:23 . 2016-02-03 09:23 193536 ----a-w- c:\windows\system32\notepad.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-10 21:58 . 2016-02-10 21:58 344064 ----a-w- c:\windows\system32\schannel.dll
2016-02-10 21:58 . 2016-02-10 21:58 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-02-10 21:57 . 2016-02-10 21:57 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-02-10 21:57 . 2016-02-10 21:57 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-02-10 21:57 . 2016-02-10 21:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-02-10 21:53 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2016-02-10 21:06 . 2013-03-01 13:47 287016 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-02-09 09:05 . 2013-12-18 16:31 165344 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-02-09 09:05 . 2014-04-18 14:08 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-09 09:05 . 2013-03-01 13:47 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-09 09:05 . 2012-02-24 13:42 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-09 09:05 . 2010-05-11 15:30 463744 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-02-09 09:05 . 2010-05-11 15:30 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-02-09 09:04 . 2011-03-26 21:32 1065720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-02-03 10:35 . 2016-02-03 10:35 230400 ----a-w- c:\windows\SysWow64\webcheck.dll
2016-02-03 10:35 . 2016-02-03 10:35 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-02-03 10:06 . 2016-02-03 10:06 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2016-02-03 10:06 . 2016-02-03 10:06 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2016-02-03 10:06 . 2016-02-03 10:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2016-02-03 10:06 . 2016-02-03 10:06 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2016-02-03 10:06 . 2016-02-03 10:06 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-02-03 10:06 . 2016-02-03 10:06 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2016-02-03 10:06 . 2016-02-03 10:06 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2016-02-03 10:06 . 2016-02-03 10:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2016-02-03 10:06 . 2016-02-03 10:06 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2016-02-03 09:39 . 2016-02-03 09:39 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2016-01-17 22:46 . 2016-01-07 16:10 3571488 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-12-30 15:05 . 2015-12-30 15:05 0 ---ha-w- c:\users\Karolina\AppData\Local\BITF621.tmp
2015-12-02 12:18 . 2010-05-11 15:58 301728 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-17 22:01 1536296 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-17 22:01 1536296 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-17 22:01 1536296 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 9"="c:\program files (x86)\IObit\Advanced SystemCare\ASCTray.exe" [2015-11-06 2010912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2016-02-09 7139768]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-11-22 1444880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 athsgt;athsgt;c:\windows\system32\DRIVERS\athsgt.sys;c:\windows\SYSNATIVE\DRIVERS\athsgt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 limsgt;limsgt;c:\windows\system32\DRIVERS\limsgt.sys;c:\windows\SYSNATIVE\DRIVERS\limsgt.sys [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 QQPCRTP;QQPCMgr RTP Service;c:\program files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCRtp.exe;c:\program files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCRtp.exe [x]
R3 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
R3 cmshusbser;Mobile Connector USB Device for Legacy Serial Communication IN ANDROID DEVICE;c:\windows\system32\DRIVERS\cmshusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmshusbser.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 GGSAFERDriver;GGSAFER Driver; [x]
R3 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe;c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [x]
R3 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVSched.exe;c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVSched.exe [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AdvancedSystemCareService9;Advanced SystemCare Service 9;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe;c:\windows\SYSNATIVE\vfsFPService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys;c:\windows\SYSNATIVE\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-09 20:45 1090376 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-24 09:17]
.
2016-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-24 09:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-17 23:08 2093360 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-17 23:08 2093360 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-17 23:08 2093360 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-09 09:05 905248 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
mCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-QQPCTray - c:\program files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCTRAY.EXE
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{95080B13-AA71-4EE8-B951-7E98221E1ED5} - (no file)
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
AddRemove-QQPCMgr - c:\program files (x86)\Tencent\QQPCMgr\11.1.16923.222\Uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.1.16923.222\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,80,41,4b,da,7c,15,4b,8e,74,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,80,41,4b,da,7c,15,4b,8e,74,d4,\
.
[HKEY_USERS\S-1-5-21-417890151-1962072562-667573049-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ac,ba,2f,57,c4,3d,3c,4d,b7,4e,f0,28,c9,05,a3,75,4c,df,80,02,6c,cf,14,
e4,17,c1,82,17,16,6a,4a,c6,2e,05,58,2c,e6,b3,c2,4d,88,91,81,74,d2,9a,c7,bf,\
"??"=hex:d8,90,4b,a3,73,2d,6c,95,da,79,42,27,2f,a3,90,1c
.
[HKEY_USERS\S-1-5-21-417890151-1962072562-667573049-1000\Software\SecuROM\License information*]
"datasecu"=hex:c1,15,d3,e7,d1,15,1e,fd,a3,87,d5,4c,34,ca,7e,5b,85,0f,7c,3d,bc,
3d,01,64,a0,8b,6a,e6,f5,e5,39,fa,08,91,21,8d,e8,0a,a3,ab,1a,29,53,e5,5b,86,\
"rkeysecu"=hex:e2,1c,9c,ff,e4,ff,7d,03,23,9a,e2,72,39,73,4a,a3
.
[HKEY_USERS\S-1-5-21-417890151-1962072562-667573049-1000_Classes\.*MSWIM*]
@Allowed: (Read) (RestrictedCode)
@="ExtractNow"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\IObit\Advanced SystemCare\Monitor.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
.
**************************************************************************
.
Celkový čas: 2016-02-13 14:58:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-02-13 13:58
.
Před spuštěním: Volných bajtů: 176 704 249 856
Po spuštění: Volných bajtů: 176 011 694 080
.
- - End Of File - - 234C3C3338667905295849FD57660DEE
E6317055AD057D25F3037CDC5F95CCAC


Ohlásit tento příspěvek
Nahoru Profil Upravit příspěvek Odpovědět s citací

skorpo
Předmět příspěvku: Re: čínský šmejd iqiyi-nejde odinstalovatPříspěvekNapsal: včera, 15:03
Online
Návštěvník
Návštěvník

Registrován: 12 úno 2016 18:12
Příspěvky: 3
Log z Combofix. Prosím o pomoc. Děkuji.

ComboFix 16-02-09.01 - Karolina 13.02.2016 14:30:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4063.1977 [GMT 1:00]
Spuštěný z: c:\users\Karolina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Karolina\AppData\Local\assembly\tmp
c:\users\Karolina\AppData\Local\assembly\tmp\OXA3633N\__AssemblyInfo__.ini
c:\users\Karolina\AppData\Local\assembly\tmp\OXA3633N\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
c:\windows\IsUn0405.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\tmp144F.tmp
c:\windows\SysWow64\tmp145F.tmp
c:\windows\SysWow64\tmp6F2B.tmp
c:\windows\SysWow64\tmp6F3B.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-13 do 2016-02-13 )))))))))))))))))))))))))))))))
.
.
2016-02-13 13:44 . 2016-02-13 13:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-12 16:59 . 2016-02-12 16:59 -------- d-----w- c:\programdata\TXQMPC
2016-02-10 22:10 . 2016-02-10 22:10 210432 ----a-w- c:\windows\system32\aepic.dll
2016-02-10 22:10 . 2016-02-10 22:10 1164800 ----a-w- c:\windows\system32\aeinv.dll
2016-02-10 21:57 . 2016-02-10 21:57 62464 ----a-w- c:\windows\system32\drivers\appid.sys
2016-02-10 21:54 . 2016-02-10 21:54 879616 ----a-w- c:\windows\system32\advapi32.dll
2016-02-10 21:54 . 2016-02-10 21:54 643072 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-02-10 21:52 . 2016-02-10 21:52 76288 ----a-w- c:\windows\system32\devenum.dll
2016-02-10 21:52 . 2016-02-10 21:52 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2016-02-10 21:52 . 2016-02-10 21:52 624640 ----a-w- c:\windows\system32\qedit.dll
2016-02-10 21:52 . 2016-02-10 21:52 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2016-02-10 21:52 . 2016-02-10 21:52 91648 ----a-w- c:\windows\system32\mapi32.dll
2016-02-10 21:52 . 2016-02-10 21:52 76800 ----a-w- c:\windows\SysWow64\mapistub.dll
2016-02-10 21:52 . 2016-02-10 21:52 14336 ----a-w- c:\windows\SysWow64\fixmapi.exe
2016-02-10 21:52 . 2016-02-10 21:52 91648 ----a-w- c:\windows\system32\mapistub.dll
2016-02-10 21:52 . 2016-02-10 21:52 17920 ----a-w- c:\windows\system32\fixmapi.exe
2016-02-10 21:51 . 2016-02-10 21:51 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-02-10 21:25 . 2016-02-10 21:25 87864 ------w- c:\windows\system32\drivers\TFsFltX64.sys
2016-02-10 21:24 . 2016-02-12 17:00 -------- d-----w- c:\programdata\Tencent
2016-02-10 09:37 . 2016-02-10 09:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2259791-36CE-43F6-A778-7F540B49C3CE}\offreg.3656.dll
2016-02-09 17:53 . 2016-02-09 17:53 -------- d-----w- c:\users\Karolina\AppData\Roaming\GameMill Entertainment
2016-02-09 17:16 . 2016-02-09 17:16 -------- d-----w- c:\programdata\Big Fish
2016-02-09 17:14 . 2016-02-09 17:16 -------- d-----w- c:\users\Karolina\AppData\Local\Big Fish
2016-02-09 09:05 . 2016-02-09 09:05 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-02-09 09:05 . 2016-02-09 09:05 52184 ----a-w- c:\windows\avastSS.scr
2016-02-03 11:01 . 2016-02-03 11:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2259791-36CE-43F6-A778-7F540B49C3CE}\offreg.4380.dll
2016-02-03 10:53 . 2015-12-16 09:15 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2259791-36CE-43F6-A778-7F540B49C3CE}\mpengine.dll
2016-02-03 10:53 . 2016-02-03 10:53 -------- d-----w- C:\4b07b6a08b1f5c3eab3c975b
2016-02-03 10:50 . 2016-02-03 10:50 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2016-02-03 10:50 . 2016-02-03 10:50 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2016-02-03 10:50 . 2016-02-03 10:50 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2016-02-03 10:50 . 2016-02-03 10:50 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2016-02-03 10:50 . 2016-02-03 10:50 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2016-02-03 10:50 . 2016-02-03 10:50 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
2016-02-03 10:50 . 2016-02-03 10:50 69120 ----a-w- c:\windows\system32\nlsbres.dll
2016-02-03 10:47 . 2016-02-03 10:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-02-03 10:47 . 2016-02-03 10:47 2048 ----a-w- c:\windows\system32\tzres.dll
2016-02-03 10:42 . 2016-02-03 10:42 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2016-02-03 10:42 . 2016-02-03 10:42 1180160 ----a-w- c:\windows\system32\FntCache.dll
2016-02-03 10:42 . 2016-02-03 10:42 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-02-03 10:42 . 2016-02-03 10:42 1648128 ----a-w- c:\windows\system32\DWrite.dll
2016-02-03 10:42 . 2016-02-03 10:42 1008640 ----a-w- c:\windows\system32\user32.dll
2016-02-03 10:41 . 2016-02-03 10:41 241664 ----a-w- c:\windows\system32\els.dll
2016-02-03 10:41 . 2016-02-03 10:41 179712 ----a-w- c:\windows\SysWow64\els.dll
2016-02-03 10:39 . 2016-02-03 10:39 17408 ----a-w- c:\windows\system32\wshrm.dll
2016-02-03 10:39 . 2016-02-03 10:39 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2016-02-03 10:39 . 2016-02-03 10:39 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2016-02-03 10:38 . 2016-02-03 10:38 802304 ----a-w- c:\windows\system32\usp10.dll
2016-02-03 10:38 . 2016-02-03 10:38 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2016-02-03 10:37 . 2016-02-03 10:37 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2016-02-03 10:37 . 2016-02-03 10:37 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2016-02-03 10:37 . 2016-02-03 10:37 525312 ----a-w- c:\windows\system32\catsrvut.dll
2016-02-03 10:37 . 2016-02-03 10:37 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2016-02-03 10:18 . 2016-02-03 10:18 497664 ----a-w- c:\windows\system32\drivers\afd.sys
2016-02-03 10:18 . 2016-02-03 10:18 118272 ----a-w- c:\windows\system32\drivers\tdx.sys
2016-02-03 10:16 . 2016-02-03 10:16 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2016-02-03 10:11 . 2016-02-03 10:11 939520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2016-02-03 10:11 . 2016-02-03 10:11 274944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-02-03 10:11 . 2016-02-03 10:11 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2016-02-03 10:11 . 2016-02-03 10:11 1415168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2016-02-03 10:11 . 2016-02-03 10:11 126464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2016-02-03 10:11 . 2016-02-03 10:11 353280 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-02-03 10:11 . 2016-02-03 10:11 275456 ----a-w- c:\windows\system32\InkEd.dll
2016-02-03 10:11 . 2016-02-03 10:11 2103296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-02-03 10:11 . 2016-02-03 10:11 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2016-02-03 10:11 . 2016-02-03 10:11 1372160 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-02-03 10:08 . 2016-02-03 10:08 459344 ----a-w- c:\windows\system32\drivers\cng.sys
2016-02-03 10:08 . 2016-02-03 10:08 298192 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-02-03 10:08 . 2016-02-03 10:08 251000 ----a-w- c:\windows\SysWow64\bcryptprimitives.dll
2016-02-03 10:06 . 2016-02-03 10:06 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2016-02-03 10:06 . 2016-02-03 10:06 6656 ----a-w- c:\windows\system32\shimeng.dll
2016-02-03 10:06 . 2016-02-03 10:06 342016 ----a-w- c:\windows\system32\apphelp.dll
2016-02-03 10:06 . 2016-02-03 10:06 23552 ----a-w- c:\windows\system32\sdbinst.exe
2016-02-03 10:06 . 2016-02-03 10:06 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2016-02-03 10:06 . 2016-02-03 10:06 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2016-02-03 10:06 . 2016-02-03 10:06 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2016-02-03 10:02 . 2016-02-03 10:02 634432 ----a-w- c:\windows\system32\winload.exe
2016-02-03 09:56 . 2016-02-03 09:56 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-03 09:56 . 2016-02-03 09:56 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-03 09:56 . 2016-02-03 09:56 14176768 ----a-w- c:\windows\system32\shell32.dll
2016-02-03 09:53 . 2016-02-03 09:53 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2016-02-03 09:53 . 2016-02-03 09:53 22528 ----a-w- c:\windows\system32\icaapi.dll
2016-02-03 09:51 . 2016-02-03 09:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-03 09:51 . 2016-02-03 09:51 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-03 09:51 . 2016-02-03 09:51 41984 ----a-w- c:\windows\system32\lpk.dll
2016-02-03 09:51 . 2016-02-03 09:51 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-03 09:51 . 2016-02-03 09:51 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-03 09:51 . 2016-02-03 09:51 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-03 09:51 . 2016-02-03 09:51 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-03 09:51 . 2016-02-03 09:51 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-03 09:51 . 2016-02-03 09:51 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-03 09:51 . 2016-02-03 09:51 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-03 09:47 . 2016-02-03 09:47 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-02-03 09:47 . 2016-02-03 09:47 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2016-02-03 09:47 . 2016-02-03 09:47 879104 ----a-w- c:\windows\system32\tdh.dll
2016-02-03 09:47 . 2016-02-03 09:47 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2016-02-03 09:45 . 2016-02-03 09:45 82944 ----a-w- c:\windows\system32\dwmapi.dll
2016-02-03 09:45 . 2016-02-03 09:45 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2016-02-03 09:45 . 2016-02-03 09:45 1632256 ----a-w- c:\windows\system32\dwmcore.dll
2016-02-03 09:45 . 2016-02-03 09:45 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2016-02-03 09:44 . 2016-02-03 09:44 1941504 ----a-w- c:\windows\system32\authui.dll
2016-02-03 09:44 . 2016-02-03 09:44 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-02-03 09:44 . 2016-02-03 09:44 70656 ----a-w- c:\windows\system32\appinfo.dll
2016-02-03 09:44 . 2016-02-03 09:44 115136 ----a-w- c:\windows\system32\consent.exe
2016-02-03 09:39 . 2016-02-03 09:39 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2016-02-03 09:39 . 2016-02-03 09:39 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2016-02-03 09:39 . 2016-02-03 09:39 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-02-03 09:39 . 2016-02-03 09:39 2048 ----a-w- c:\windows\system32\msxml6r.dll
2016-02-03 09:39 . 2016-02-03 09:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-02-03 09:39 . 2016-02-03 09:39 2004480 ----a-w- c:\windows\system32\msxml6.dll
2016-02-03 09:39 . 2016-02-03 09:39 1887232 ----a-w- c:\windows\system32\msxml3.dll
2016-02-03 09:39 . 2016-02-03 09:39 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2016-02-03 09:39 . 2016-02-03 09:39 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2016-02-03 09:38 . 2016-02-03 09:38 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2016-02-03 09:38 . 2016-02-03 09:38 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2016-02-03 09:37 . 2016-02-03 09:37 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-02-03 09:37 . 2016-02-03 09:37 260096 ----a-w- c:\windows\system32\WebClnt.dll
2016-02-03 09:37 . 2016-02-03 09:37 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-02-03 09:37 . 2016-02-03 09:37 102912 ----a-w- c:\windows\system32\davclnt.dll
2016-02-03 09:34 . 2016-02-03 09:34 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\mountmgr.sys.mui
2016-02-03 09:34 . 2016-02-03 09:34 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-02-03 09:34 . 2016-02-03 09:34 11264 ----a-w- c:\windows\system32\msmmsp.dll
2016-02-03 09:34 . 2016-02-03 09:34 1743360 ----a-w- c:\windows\system32\sysmain.dll
2016-02-03 09:27 . 2016-02-03 09:27 52736 ----a-w- c:\windows\system32\basesrv.dll
2016-02-03 09:23 . 2016-02-03 09:23 193536 ----a-w- c:\windows\system32\notepad.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-10 21:58 . 2016-02-10 21:58 344064 ----a-w- c:\windows\system32\schannel.dll
2016-02-10 21:58 . 2016-02-10 21:58 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-02-10 21:57 . 2016-02-10 21:57 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-02-10 21:57 . 2016-02-10 21:57 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-02-10 21:57 . 2016-02-10 21:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-02-10 21:53 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2016-02-10 21:06 . 2013-03-01 13:47 287016 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-02-09 09:05 . 2013-12-18 16:31 165344 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-02-09 09:05 . 2014-04-18 14:08 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-09 09:05 . 2013-03-01 13:47 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-09 09:05 . 2012-02-24 13:42 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-09 09:05 . 2010-05-11 15:30 463744 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-02-09 09:05 . 2010-05-11 15:30 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-02-09 09:04 . 2011-03-26 21:32 1065720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-02-03 10:35 . 2016-02-03 10:35 230400 ----a-w- c:\windows\SysWow64\webcheck.dll
2016-02-03 10:35 . 2016-02-03 10:35 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-02-03 10:06 . 2016-02-03 10:06 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2016-02-03 10:06 . 2016-02-03 10:06 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2016-02-03 10:06 . 2016-02-03 10:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2016-02-03 10:06 . 2016-02-03 10:06 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2016-02-03 10:06 . 2016-02-03 10:06 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-02-03 10:06 . 2016-02-03 10:06 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2016-02-03 10:06 . 2016-02-03 10:06 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2016-02-03 10:06 . 2016-02-03 10:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2016-02-03 10:06 . 2016-02-03 10:06 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2016-02-03 09:39 . 2016-02-03 09:39 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2016-01-17 22:46 . 2016-01-07 16:10 3571488 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-12-30 15:05 . 2015-12-30 15:05 0 ---ha-w- c:\users\Karolina\AppData\Local\BITF621.tmp
2015-12-02 12:18 . 2010-05-11 15:58 301728 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-01-07 16:18 329376 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-17 22:01 1536296 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-17 22:01 1536296 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-17 22:01 1536296 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 9"="c:\program files (x86)\IObit\Advanced SystemCare\ASCTray.exe" [2015-11-06 2010912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2016-02-09 7139768]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-11-22 1444880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 athsgt;athsgt;c:\windows\system32\DRIVERS\athsgt.sys;c:\windows\SYSNATIVE\DRIVERS\athsgt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 limsgt;limsgt;c:\windows\system32\DRIVERS\limsgt.sys;c:\windows\SYSNATIVE\DRIVERS\limsgt.sys [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 QQPCRTP;QQPCMgr RTP Service;c:\program files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCRtp.exe;c:\program files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCRtp.exe [x]
R3 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
R3 cmshusbser;Mobile Connector USB Device for Legacy Serial Communication IN ANDROID DEVICE;c:\windows\system32\DRIVERS\cmshusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmshusbser.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 GGSAFERDriver;GGSAFER Driver; [x]
R3 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe;c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [x]
R3 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVSched.exe;c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVSched.exe [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AdvancedSystemCareService9;Advanced SystemCare Service 9;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe;c:\windows\SYSNATIVE\vfsFPService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys;c:\windows\SYSNATIVE\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-09 20:45 1090376 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-24 09:17]
.
2016-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-24 09:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-01-07 16:19 358064 ----a-w- c:\users\Karolina\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-17 23:08 2093360 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-17 23:08 2093360 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-17 23:08 2093360 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-09 09:05 905248 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
mCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-QQPCTray - c:\program files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCTRAY.EXE
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{95080B13-AA71-4EE8-B951-7E98221E1ED5} - (no file)
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
AddRemove-QQPCMgr - c:\program files (x86)\Tencent\QQPCMgr\11.1.16923.222\Uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.1.16923.222\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,80,41,4b,da,7c,15,4b,8e,74,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,80,41,4b,da,7c,15,4b,8e,74,d4,\
.
[HKEY_USERS\S-1-5-21-417890151-1962072562-667573049-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ac,ba,2f,57,c4,3d,3c,4d,b7,4e,f0,28,c9,05,a3,75,4c,df,80,02,6c,cf,14,
e4,17,c1,82,17,16,6a,4a,c6,2e,05,58,2c,e6,b3,c2,4d,88,91,81,74,d2,9a,c7,bf,\
"??"=hex:d8,90,4b,a3,73,2d,6c,95,da,79,42,27,2f,a3,90,1c
.
[HKEY_USERS\S-1-5-21-417890151-1962072562-667573049-1000\Software\SecuROM\License information*]
"datasecu"=hex:c1,15,d3,e7,d1,15,1e,fd,a3,87,d5,4c,34,ca,7e,5b,85,0f,7c,3d,bc,
3d,01,64,a0,8b,6a,e6,f5,e5,39,fa,08,91,21,8d,e8,0a,a3,ab,1a,29,53,e5,5b,86,\
"rkeysecu"=hex:e2,1c,9c,ff,e4,ff,7d,03,23,9a,e2,72,39,73,4a,a3
.
[HKEY_USERS\S-1-5-21-417890151-1962072562-667573049-1000_Classes\.*MSWIM*]
@Allowed: (Read) (RestrictedCode)
@="ExtractNow"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\IObit\Advanced SystemCare\Monitor.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
.
**************************************************************************
.
Celkový čas: 2016-02-13 14:58:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-02-13 13:58
.
Před spuštěním: Volných bajtů: 176 704 249 856
Po spuštění: Volných bajtů: 176 011 694 080
.
- - End Of File - - 234C3C3338667905295849FD57660DEE
E6317055AD057D25F3037CDC5F95CCAC

díky

Re: čínská aplikace nejde odinstalovat

Napsal: 14 úno 2016 11:15
od Rudy
Zdravím!
Proč spuštíte Combofix bez pokynu rádce? Je to profesinální utilita, kterou si laik snadno může poškodit systém. V záhlaví stránky (Pravidla fóra) máte jasně napsáno, co máte spustit, požadujete-li od nás pomoc. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: čínská aplikace nejde odinstalovat

Napsal: 14 úno 2016 11:47
od skorpo
Zdravím, musím rozdělit na 2 odpovědi, text je moc dlouhý. díky

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Karolina (administrator) on KAROLINA-PC (14-02-2016 11:34:38)
Running from C:\Users\Karolina\Desktop
Loaded Profiles: Karolina (Available Profiles: Karolina)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(forum.viry.cz) C:\Users\Karolina\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [7139768 2016-02-09] (AVAST Software)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-22] (Easybits)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCTRAY.EXE" /regrun /qqrepair
HKU\S-1-5-21-417890151-1962072562-667573049-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2010912 2015-11-06] (IObit)
HKU\S-1-5-21-417890151-1962072562-667573049-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-417890151-1962072562-667573049-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-417890151-1962072562-667573049-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2016-02-09] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy-x32: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B15BDA20-B1F8-4205-BDA9-735F10059DE4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E7D758D2-D006-4EE0-A622-B33A923B5CEB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-417890151-1962072562-667573049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-417890151-1962072562-667573049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-417890151-1962072562-667573049-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {CCDE0922-CEA4-46A7-A315-9DEF7285248A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {CCDE0922-CEA4-46A7-A315-9DEF7285248A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> DefaultScope {CCDE0922-CEA4-46A7-A315-9DEF7285248A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> search13 URL = hxxp://search13.net/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {152509EE-2247-4D3A-BF19-3F7E076160F6} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {40D39C80-C042-4F98-9EFE-A43FD048E5EC} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_13415
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {477335C2-2809-4C86-9652-4BD6761D3B8F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {5B9258D9-FA56-4BE9-91D6-564D69C15138} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {9D3FFDDF-67E9-4948-ADF5-1CF819F51F5C} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {A4302671-E6A4-450E-84A8-F1C98476A441} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {AB363E11-3911-4F82-B22D-AFB6E3937C00} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_13415
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {BFD9572B-3562-4814-849A-B62083EF8146} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_13415
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {CCDE0922-CEA4-46A7-A315-9DEF7285248A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {FE493546-FD36-47AE-B5D9-A7A519B16D5A} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_13415
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2016-02-09] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2016-02-09] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\.DEFAULT -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> No Name - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-03-27] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2013-06-28] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-417890151-1962072562-667573049-1000: @lingea.com/x-lingea-translate -> C:\Program Files (x86)\Common Files\Lingea Shared\LG_Mozilla.dll [2014-04-18] (Lingea s.r.o.)
FF Plugin HKU\S-1-5-21-417890151-1962072562-667573049-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karolina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-10] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2009-08-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016-02-09]
FF HKU\S-1-5-21-417890151-1962072562-667573049-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Disk Google) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]
CHR Extension: (Vyhledávání Google) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Causality Games) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2015-03-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Bookmark Manager) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-01]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-10-27]
CHR Extension: (Uncharted 2) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmioeheihppgmilgbdcameakgnfapfob [2015-07-10]
CHR Extension: (iLivid) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2016-02-12]
CHR Extension: (Citace PRO) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfaidppllikakgbjppnjfidjkpafmp [2015-11-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-03-06]
CHR Extension: (电脑管家上网防护) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-02-12]
CHR Extension: (Gmail) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]
CHR HKLM-x32\...\Chrome\Extension: [ligocpecgmjonmijmlompafnhnpgjccd] - C:\Program Files (x86)\Lingea\Lexicon5\syst\LG_Chrome.crx [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [827680 2015-11-04] (IObit)
S3 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [237096 2016-02-09] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-07-17] (DigitalPersona, Inc.) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-05-10] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-04] (Electronic Arts)
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 TVCapSvc; c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [296360 2009-10-06] ()
S3 TVSched; c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVSched.exe [169376 2009-10-06] ()
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-08-17] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-08-17] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCRtp.exe" -r [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
S2 athsgt; C:\Windows\SysWOW64\DRIVERS\athsgt.sys [164992 2010-10-10] () [File not signed]
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-08-20] ()
R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.)
S3 cmshusbser; C:\Windows\System32\DRIVERS\cmshusbser.sys [127232 2011-11-30] (QUALCOMM Incorporated)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 GGSAFERDriver; no ImagePath
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-22] (REALiX(tm))
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2015-05-22] (JMicron Technology Corp.)
S2 limsgt; C:\Windows\SysWOW64\DRIVERS\limsgt.sys [12544 2010-10-10] () [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-08-20] ()
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2015-05-22] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-13] () [File not signed]
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
U3 a8b0q2v5; C:\Windows\System32\Drivers\a8b0q2v5.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 aghqxgvw; C:\Windows\System32\Drivers\aghqxgvw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 11:34 - 2016-02-14 11:36 - 00028538 _____ C:\Users\Karolina\Desktop\FRST.txt
2016-02-14 11:33 - 2016-02-14 11:34 - 00000000 ____D C:\FRST
2016-02-14 11:33 - 2016-02-14 11:33 - 00112640 _____ (forum.viry.cz) C:\Users\Karolina\Desktop\FRSTLauncher.exe
2016-02-14 11:32 - 2016-02-14 11:33 - 02370560 _____ (Farbar) C:\Users\Karolina\Desktop\FRST64.exe
2016-02-14 11:30 - 2016-02-14 11:30 - 00112640 _____ (forum.viry.cz) C:\Users\Karolina\Desktop\Nepotvrzeno 38211.crdownload
2016-02-13 14:58 - 2016-02-13 14:58 - 00041839 _____ C:\ComboFix.txt
2016-02-13 14:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-13 14:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-13 14:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-13 14:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-13 14:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-13 14:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-13 14:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-13 14:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-02-13 14:26 - 2016-02-13 14:58 - 00000000 ____D C:\Qoobox
2016-02-13 14:25 - 2016-02-13 14:55 - 00000000 ____D C:\Windows\erdnt
2016-02-13 14:25 - 2016-02-13 14:25 - 05657611 ____R (Swearware) C:\Users\Karolina\Desktop\ComboFix.exe
2016-02-12 18:03 - 2016-02-12 18:03 - 00007877 _____ C:\Users\Karolina\Desktop\AdwCleaner[C1].txt
2016-02-12 17:59 - 2016-02-12 17:59 - 00000000 ____D C:\ProgramData\TXQMPC
2016-02-12 17:41 - 2016-02-12 17:41 - 01508352 _____ C:\Users\Karolina\Desktop\adwcleaner_5.033.exe
2016-02-11 11:44 - 2016-02-11 11:44 - 00000000 ____D C:\Users\Karolina\AppData\LocalLow\uTorrent
2016-02-11 11:34 - 2016-02-11 11:35 - 05275552 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 23:14 - 2016-02-10 23:14 - 00000000 ____H C:\asc_rdflag
2016-02-10 23:10 - 2016-02-10 23:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 23:10 - 2016-02-10 23:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 05553600 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 22:58 - 2016-02-10 22:58 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-02-10 22:58 - 2016-02-10 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-02-10 22:58 - 2016-02-10 22:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 22:58 - 2016-02-10 22:58 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 22:58 - 2016-02-10 22:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 22:58 - 2016-02-10 22:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 22:58 - 2016-02-10 22:58 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 22:58 - 2016-02-10 22:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 22:58 - 2016-02-10 22:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 22:58 - 2016-02-10 22:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 22:58 - 2016-02-10 22:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 22:58 - 2016-02-10 22:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 22:58 - 2016-02-10 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 22:58 - 2016-02-10 22:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 22:58 - 2016-02-10 22:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 03998144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 22:57 - 2016-02-10 22:57 - 03943360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 22:57 - 2016-02-10 22:57 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-02-10 22:57 - 2016-02-10 22:57 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-02-10 22:57 - 2016-02-10 22:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 22:57 - 2016-02-10 22:57 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-02-10 22:57 - 2016-02-10 22:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 22:57 - 2016-02-10 22:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 22:57 - 2016-02-10 22:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 22:54 - 2016-02-10 22:54 - 00879616 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 22:54 - 2016-02-10 22:54 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-02-10 22:53 - 2016-02-10 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-02-10 22:53 - 2016-02-10 22:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-02-10 22:53 - 2016-02-10 22:53 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-02-10 22:53 - 2016-02-10 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-02-10 22:53 - 2016-02-10 22:53 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-02-10 22:53 - 2016-02-10 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-02-10 22:53 - 2016-02-10 22:53 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-02-10 22:53 - 2016-02-10 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-02-10 22:53 - 2016-02-10 22:53 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-02-10 22:53 - 2016-02-10 22:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-02-10 22:53 - 2016-02-10 22:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-02-10 22:52 - 2016-02-10 22:52 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-02-10 22:52 - 2016-02-10 22:52 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-02-10 22:52 - 2016-02-10 22:52 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-02-10 22:52 - 2016-02-10 22:52 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-02-10 22:52 - 2016-02-10 22:52 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-02-10 22:52 - 2016-02-10 22:52 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-02-10 22:52 - 2016-02-10 22:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-02-10 22:52 - 2016-02-10 22:52 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-02-10 22:52 - 2016-02-10 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-02-10 22:52 - 2016-02-10 22:52 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-02-10 22:51 - 2016-02-10 22:51 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 22:42 - 2016-02-10 22:42 - 73256960 _____ C:\Windows\system32\config\components.iobit
2016-02-10 22:27 - 2016-02-10 22:27 - 00005120 _____ C:\Users\Karolina\AppData\Roaming\GiftBag.db
2016-02-10 22:25 - 2016-02-10 22:25 - 00087864 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-02-10 22:24 - 2016-02-12 18:00 - 00000000 ____D C:\ProgramData\Tencent
2016-02-10 22:22 - 2016-02-10 23:26 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-02-10 22:22 - 2016-02-10 22:22 - 00000008 __RSH C:\Users\Karolina\ntuser.pol
2016-02-10 16:18 - 2016-02-10 16:18 - 00000000 ____D C:\Users\Karolina\AppData\LocalLow\CampoSanto
2016-02-09 18:53 - 2016-02-09 18:53 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\GameMill Entertainment
2016-02-09 18:16 - 2016-02-09 18:16 - 00000000 ____D C:\ProgramData\Big Fish
2016-02-09 18:14 - 2016-02-09 18:16 - 00000000 ____D C:\Users\Karolina\AppData\Local\Big Fish
2016-02-09 17:49 - 2016-02-09 17:49 - 00034304 _____ C:\Users\Karolina\Downloads\A78A.tmp
2016-02-09 10:05 - 2016-02-09 10:05 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-09 10:05 - 2016-02-09 10:05 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-05 14:41 - 2016-02-05 14:42 - 00000660 _____ C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\WinRAR.lnk
2016-02-03 11:53 - 2016-02-03 11:53 - 00000000 ____D C:\4b07b6a08b1f5c3eab3c975b
2016-02-03 11:52 - 2016-02-03 11:52 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-03 11:52 - 2016-02-03 11:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-03 11:52 - 2016-02-03 11:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-03 11:52 - 2016-02-03 11:52 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-03 11:52 - 2016-02-03 11:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-03 11:50 - 2016-02-03 11:50 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-02-03 11:50 - 2016-02-03 11:50 - 00419928 _____ C:\Windows\system32\locale.nls
2016-02-03 11:50 - 2016-02-03 11:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-02-03 11:50 - 2016-02-03 11:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-02-03 11:50 - 2016-02-03 11:50 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-02-03 11:50 - 2016-02-03 11:50 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-02-03 11:50 - 2016-02-03 11:50 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-02-03 11:50 - 2016-02-03 11:50 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-02-03 11:50 - 2016-02-03 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-02-03 11:50 - 2016-02-03 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-02-03 11:47 - 2016-02-03 11:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-02-03 11:47 - 2016-02-03 11:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-02-03 11:42 - 2016-02-03 11:42 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-02-03 11:42 - 2016-02-03 11:42 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-02-03 11:42 - 2016-02-03 11:42 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-02-03 11:42 - 2016-02-03 11:42 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

Re: čínská aplikace nejde odinstalovat

Napsal: 14 úno 2016 11:48
od skorpo
2016-02-03 11:42 - 2016-02-03 11:42 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-02-03 11:41 - 2016-02-03 11:41 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-02-03 11:41 - 2016-02-03 11:41 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-02-03 11:39 - 2016-02-03 11:39 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-02-03 11:39 - 2016-02-03 11:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-02-03 11:39 - 2016-02-03 11:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-02-03 11:38 - 2016-02-03 11:38 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-02-03 11:38 - 2016-02-03 11:38 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-02-03 11:37 - 2016-02-03 11:37 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-03 11:37 - 2016-02-03 11:37 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-02-03 11:37 - 2016-02-03 11:37 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-02-03 11:37 - 2016-02-03 11:37 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-03 11:35 - 2016-02-03 11:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-03 11:35 - 2016-02-03 11:35 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-03 11:35 - 2016-02-03 11:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-03 11:35 - 2016-02-03 11:35 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-03 11:35 - 2016-02-03 11:35 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-03 11:35 - 2016-02-03 11:35 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-03 11:35 - 2016-02-03 11:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-03 11:35 - 2016-02-03 11:35 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-03 11:35 - 2016-02-03 11:35 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-03 11:35 - 2016-02-03 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-03 11:35 - 2016-02-03 11:35 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-03 11:35 - 2016-02-03 11:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-03 11:18 - 2016-02-03 11:18 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-02-03 11:18 - 2016-02-03 11:18 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-02-03 11:16 - 2016-02-03 11:16 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-02-03 11:11 - 2016-02-03 11:11 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-03 11:11 - 2016-02-03 11:11 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-03 11:08 - 2016-02-03 11:08 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-03 11:08 - 2016-02-03 11:08 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-02-03 11:08 - 2016-02-03 11:08 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-02-03 11:06 - 2016-02-03 11:06 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-02-03 11:06 - 2016-02-03 11:06 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-02-03 11:06 - 2016-02-03 11:06 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-02-03 11:06 - 2016-02-03 11:06 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-02-03 11:06 - 2016-02-03 11:06 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-02-03 11:06 - 2016-02-03 11:06 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-02-03 11:06 - 2016-02-03 11:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-02-03 11:02 - 2016-02-03 11:02 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-02-03 10:56 - 2016-02-03 10:56 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-03 10:56 - 2016-02-03 10:56 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-03 10:56 - 2016-02-03 10:56 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-03 10:56 - 2016-02-03 10:56 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-03 10:53 - 2016-02-03 10:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-02-03 10:53 - 2016-02-03 10:53 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-02-03 10:51 - 2016-02-03 10:51 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-02-03 10:47 - 2016-02-03 10:47 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-02-03 10:47 - 2016-02-03 10:47 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-02-03 10:47 - 2016-02-03 10:47 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-02-03 10:47 - 2016-02-03 10:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-02-03 10:45 - 2016-02-03 10:45 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-02-03 10:45 - 2016-02-03 10:45 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-02-03 10:45 - 2016-02-03 10:45 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-02-03 10:45 - 2016-02-03 10:45 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-02-03 10:44 - 2016-02-03 10:44 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-03 10:44 - 2016-02-03 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-03 10:44 - 2016-02-03 10:44 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-02-03 10:44 - 2016-02-03 10:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-02-03 10:39 - 2016-02-03 10:39 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-02-03 10:39 - 2016-02-03 10:39 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-02-03 10:39 - 2016-02-03 10:39 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-02-03 10:39 - 2016-02-03 10:39 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-02-03 10:39 - 2016-02-03 10:39 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-02-03 10:39 - 2016-02-03 10:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-02-03 10:39 - 2016-02-03 10:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-02-03 10:39 - 2016-02-03 10:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-02-03 10:39 - 2016-02-03 10:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-02-03 10:38 - 2016-02-03 10:38 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-02-03 10:38 - 2016-02-03 10:38 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-02-03 10:37 - 2016-02-03 10:37 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-02-03 10:37 - 2016-02-03 10:37 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-02-03 10:37 - 2016-02-03 10:37 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-02-03 10:37 - 2016-02-03 10:37 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-02-03 10:34 - 2016-02-03 10:34 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-02-03 10:34 - 2016-02-03 10:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-02-03 10:34 - 2016-02-03 10:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-02-03 10:27 - 2016-02-03 10:27 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-02-03 10:23 - 2016-02-03 10:23 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-02-03 10:23 - 2016-02-03 10:23 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-02-03 10:23 - 2016-02-03 10:23 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-02-03 10:19 - 2016-02-03 10:19 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-02-03 10:19 - 2016-02-03 10:19 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-02-03 10:19 - 2016-02-03 10:19 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-02-03 10:19 - 2016-02-03 10:19 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-02-03 10:19 - 2016-02-03 10:19 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-02-03 10:19 - 2016-02-03 10:19 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-02-03 10:19 - 2016-02-03 10:19 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-02-02 13:07 - 2016-02-02 13:07 - 00001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Annotator.lnk
2016-02-02 13:07 - 2016-02-02 13:07 - 00001090 _____ C:\Users\Public\Desktop\PDF Annotator.lnk
2016-02-02 13:07 - 2016-02-02 13:07 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\Softland
2016-02-02 13:07 - 2016-02-02 13:07 - 00000000 ____D C:\Users\Karolina\AppData\Local\PDF Annotator
2016-02-02 13:07 - 2016-02-02 13:07 - 00000000 ____D C:\Program Files (x86)\PDF Annotator
2016-02-02 13:07 - 2014-06-16 10:13 - 00033056 _____ (Softland) C:\Windows\system32\novamnv7.dll
2016-02-02 13:07 - 2014-06-16 10:13 - 00022304 _____ (Softland) C:\Windows\system32\novamiv7.dll
2016-02-02 13:07 - 2014-01-10 16:43 - 00007549 _____ C:\Windows\system32\novav7.ctm
2016-02-02 13:07 - 2014-01-10 16:42 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-02-01 21:40 - 2016-01-31 19:12 - 00014731 _____ C:\Users\Karolina\Documents\mamka kontakty.vcf
2016-01-31 20:00 - 2016-01-31 20:00 - 00003430 _____ C:\Users\Karolina\Documents\mamka kontakty.csv
2016-01-31 19:49 - 2016-02-05 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProcessText Group
2016-01-26 20:04 - 2016-01-26 20:04 - 00001245 _____ C:\Users\Karolina\Desktop\The Treasures of Montezuma 4.lnk
2016-01-22 08:49 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-22 08:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-20 21:43 - 2016-01-20 21:43 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\AlawarEntertainment
2016-01-20 21:42 - 2016-01-20 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Treasures of Montezuma 4
2016-01-20 21:41 - 2016-01-20 21:42 - 00000000 ____D C:\Program Files (x86)\The Treasures of Montezuma 4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 11:34 - 2009-07-14 05:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-14 11:34 - 2009-07-14 05:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-14 11:33 - 2009-11-28 05:41 - 00670924 _____ C:\Windows\system32\perfh005.dat
2016-02-14 11:33 - 2009-11-28 05:41 - 00142504 _____ C:\Windows\system32\perfc005.dat
2016-02-14 11:33 - 2009-07-14 06:13 - 01584626 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-14 11:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-14 11:27 - 2015-03-17 20:22 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-02-14 11:24 - 2013-07-24 10:01 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-14 11:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-13 18:28 - 2010-05-23 14:17 - 00000000 ____D C:\Users\Karolina\Documents\stáhnuté
2016-02-13 18:25 - 2012-02-26 19:17 - 00000000 ____D C:\Users\Karolina\Documents\My Games
2016-02-13 18:24 - 2010-09-09 21:10 - 00000000 ____D C:\Users\Karolina\Documents\Škola
2016-02-13 16:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-02-13 15:16 - 2010-05-12 17:22 - 00000000 ___RD C:\Users\Karolina\Documents\Kajak,Caroline,Kaja,Karolina
2016-02-13 15:16 - 2010-05-12 13:21 - 00000000 ____D C:\Users\Karolina\AppData\Local\Deployment
2016-02-13 15:16 - 2010-05-12 13:21 - 00000000 ____D C:\Users\Karolina\AppData\Local\Apps\2.0
2016-02-13 14:58 - 2010-06-22 19:02 - 00000000 ____D C:\Users\Bara
2016-02-13 14:50 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-02-13 14:21 - 2015-02-14 19:52 - 00002916 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Karolina
2016-02-13 14:20 - 2012-07-04 10:04 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-12 17:57 - 2014-03-05 14:53 - 00000000 ____D C:\AdwCleaner
2016-02-12 17:47 - 2013-07-24 10:01 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-12 17:45 - 2013-07-24 10:01 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-12 17:45 - 2013-07-24 10:01 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-11 11:57 - 2015-12-03 20:46 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-02-11 11:57 - 2015-02-14 19:53 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\ProductData
2016-02-11 11:57 - 2015-02-14 19:51 - 00000000 ____D C:\ProgramData\ProductData
2016-02-11 11:57 - 2015-01-31 16:18 - 00000000 ____D C:\Users\Karolina\AppData\LocalLow\IObit
2016-02-11 11:57 - 2014-07-11 18:04 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\uTorrent
2016-02-11 11:57 - 2011-07-21 20:37 - 00000000 ____D C:\ProgramData\IObit
2016-02-11 11:57 - 2011-07-21 20:32 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\IObit
2016-02-11 11:57 - 2010-05-10 17:24 - 00000000 ____D C:\Users\Karolina
2016-02-11 11:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-02-10 23:36 - 2012-09-04 13:55 - 00000000 ____D C:\found.000
2016-02-10 23:36 - 2009-09-07 01:40 - 00000000 ____D C:\SwSetup
2016-02-10 22:53 - 2009-07-14 01:22 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-02-10 22:47 - 2010-12-08 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2016-02-10 22:47 - 2010-05-13 18:39 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\DAEMON Tools Lite
2016-02-10 22:35 - 2010-05-10 17:27 - 00121592 _____ C:\Users\Karolina\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-10 22:22 - 2010-06-05 14:22 - 00000000 ____D C:\Users\Karolina\AppData\Local\CrashDumps
2016-02-10 22:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-02-10 22:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-02-10 22:06 - 2013-03-01 14:47 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-10 21:17 - 2010-05-16 15:29 - 00000000 ____D C:\Users\Karolina\Desktop\Hry-zástupci
2016-02-10 21:15 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-10 20:36 - 2011-10-11 16:05 - 00000000 ____D C:\Users\Karolina\Documents\Lexicon
2016-02-10 15:57 - 2014-09-23 19:30 - 00000000 ____D C:\Users\Karolina\Desktop\VŠ-materiály, učebnice
2016-02-10 14:00 - 2014-07-26 11:55 - 00000000 ____D C:\ProgramData\Origin
2016-02-10 13:47 - 2014-12-14 22:43 - 00000000 ____D C:\Users\Karolina\AppData\Local\Spotify
2016-02-10 10:52 - 2014-12-14 22:43 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\Spotify
2016-02-09 21:45 - 2014-03-06 15:00 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-09 21:45 - 2014-03-06 15:00 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-09 19:00 - 2009-11-27 21:32 - 00000000 ____D C:\ProgramData\Temp
2016-02-09 10:05 - 2014-04-18 15:08 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-09 10:05 - 2013-12-18 17:31 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-09 10:05 - 2013-03-01 14:47 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-09 10:05 - 2012-02-24 14:42 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-09 10:05 - 2010-05-11 16:30 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-09 10:05 - 2010-05-11 16:30 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-09 10:04 - 2011-03-26 22:32 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-05 14:17 - 2010-10-31 11:59 - 00000000 ____D C:\Users\Karolina\Desktop\blbosti,filmy.hry
2016-02-05 13:04 - 2016-01-04 10:47 - 00002256 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-02-04 20:38 - 2014-07-26 11:55 - 00000000 ____D C:\Program Files (x86)\Origin
2016-02-04 18:13 - 2014-05-15 06:15 - 00000000 ___RD C:\Users\Karolina\Virtual Machines
2016-02-04 18:06 - 2016-01-13 09:48 - 131317760 _____ C:\Windows\system32\config\software.iodefrag.bak
2016-02-04 18:06 - 2016-01-13 09:48 - 131317760 _____ C:\Windows\system32\config\software.iodefrag
2016-02-04 18:06 - 2016-01-13 09:48 - 00397312 _____ C:\Windows\system32\config\default.iodefrag.bak
2016-02-04 18:06 - 2016-01-13 09:48 - 00397312 _____ C:\Windows\system32\config\default.iodefrag
2016-02-04 18:06 - 2016-01-13 09:48 - 00061440 _____ C:\Windows\system32\config\sam.iodefrag.bak
2016-02-04 18:06 - 2016-01-13 09:48 - 00061440 _____ C:\Windows\system32\config\sam.iodefrag
2016-02-04 18:06 - 2016-01-13 09:48 - 00028672 _____ C:\Windows\system32\config\security.iodefrag.bak
2016-02-04 18:06 - 2016-01-13 09:48 - 00028672 _____ C:\Windows\system32\config\security.iodefrag
2016-02-03 22:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-03 14:21 - 2015-05-23 20:18 - 00003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1432408718
2016-02-03 14:21 - 2015-05-23 20:18 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-03 11:27 - 2013-07-28 21:15 - 01564008 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-03 10:16 - 2014-12-22 13:29 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\MPC-HC
2016-02-03 10:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2016-01-31 19:25 - 2010-05-29 14:00 - 00196608 _____ C:\Windows\system32\Ikeext.etl
2016-01-31 17:17 - 2016-01-07 18:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-31 17:14 - 2014-05-14 21:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-31 17:14 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-31 17:12 - 2011-05-14 13:52 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-22 13:11 - 2015-11-24 18:58 - 00000000 ____D C:\Users\Karolina\AppData\Local\Microsoft_Corporation
2016-01-21 19:49 - 2015-09-24 19:54 - 00000000 ____D C:\Users\Karolina\AppData\Local\Battle.net
2016-01-21 19:40 - 2015-09-24 19:53 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-20 13:23 - 2015-09-09 17:21 - 00000000 ____D C:\Program Files (x86)\Steam

==================== Files in the root of some directories =======

2011-01-10 18:56 - 2011-07-11 17:00 - 0001854 _____ () C:\Users\Karolina\AppData\Roaming\GhostObjGAFix.xml
2016-02-10 22:27 - 2016-02-10 22:27 - 0005120 _____ () C:\Users\Karolina\AppData\Roaming\GiftBag.db
2002-08-29 16:33 - 2002-08-29 16:33 - 0319488 ____R () C:\Users\Karolina\AppData\Roaming\MafiaSetup.exe
2011-07-20 22:29 - 2013-11-09 22:52 - 0045270 _____ () C:\Users\Karolina\AppData\Roaming\room_v3.dat
2010-05-10 17:36 - 2010-05-10 17:36 - 0000000 _____ () C:\Users\Karolina\AppData\Local\AtStart.txt
2015-12-30 16:05 - 2015-12-30 16:05 - 0000000 ____H () C:\Users\Karolina\AppData\Local\BITF621.tmp
2015-03-17 17:55 - 2015-03-17 17:55 - 0004608 _____ () C:\Users\Karolina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-10 17:36 - 2010-05-10 17:36 - 0000000 _____ () C:\Users\Karolina\AppData\Local\DSwitch.txt
2010-05-10 17:36 - 2010-05-10 17:36 - 0000000 _____ () C:\Users\Karolina\AppData\Local\QSwitch.txt
2014-02-12 16:07 - 2014-02-12 16:07 - 0004821 _____ () C:\Users\Karolina\AppData\Local\recently-used.xbel
2011-07-07 18:12 - 2015-04-05 17:00 - 0001232 _____ () C:\Users\Karolina\AppData\Local\SRDownloader (1).nast
2011-05-14 21:50 - 2011-12-23 23:16 - 0001032 _____ () C:\Users\Karolina\AppData\Local\SRDownloader.nast
2010-05-30 17:15 - 2010-05-30 17:15 - 0055960 _____ () C:\Users\Karolina\AppData\Local\tmpSLUNECNI-SKVRNA.0
2010-05-30 17:15 - 2010-05-30 17:15 - 0041789 _____ () C:\Users\Karolina\AppData\Local\tmpSLUNECNI-SKVRNA.1
2010-05-30 17:15 - 2010-05-30 17:15 - 0042521 _____ () C:\Users\Karolina\AppData\Local\tmpSLUNECNI-SKVRNA.2
2010-05-30 17:15 - 2010-05-30 17:15 - 0043051 _____ () C:\Users\Karolina\AppData\Local\tmpSLUNECNI-SKVRNA.JPG
2015-12-30 15:58 - 2015-12-30 16:04 - 0000000 _____ () C:\Users\Karolina\AppData\Local\{16A196FC-73D3-4BC0-B254-57EB2410A2C9}
2012-09-02 10:39 - 2015-01-31 18:19 - 0003304 _____ () C:\ProgramData\HPWALog.txt

Files to move or delete:
====================
C:\Users\Karolina\ABC_cheater.exe
C:\Users\Karolina\asc-setup-pro.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Karolina\Desktop" je 52347 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
C:\Windows\AutoKMS.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
cmd /c(@attrib -h -r -s c:\windows\system32\grouppolicy\machine\registry.pol >nul)&(@copy/b/y c:\windows\system32\grouppolicy\machine\r c:\windows\system32\grouppolicy\machine\registry.pol >nul)&(@attrib +r c:\windows\system32\grouppolicy\machine\registry.pol >nul)&(@start/b gpupdate.exe /force >l) [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent
C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR
C:\Genius\ioCentre\gTaskBar.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant
Re§im ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Karolina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk
C:\PROGRA~2\COMMON~1\LINGEA~1\luc.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001


==================== End Of Log ==============================

Re: čínská aplikace nejde odinstalovat

Napsal: 14 úno 2016 12:37
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Karolina\AppData\Local\BITF621.tmp
C:\Users\Karolina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Karolina\ABC_cheater.exe
C:\Users\Karolina\asc-setup-pro.exe
ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy-x32: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-417890151-1962072562-667573049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {CCDE0922-CEA4-46A7-A315-9DEF7285248A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {CCDE0922-CEA4-46A7-A315-9DEF7285248A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> DefaultScope {CCDE0922-CEA4-46A7-A315-9DEF7285248A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> search13 URL = hxxp://search13.net/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> {CCDE0922-CEA4-46A7-A315-9DEF7285248A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\.DEFAULT -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-417890151-1962072562-667573049-1000 -> No Name - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (电脑管家上网防护) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-02-12]
S3 GGSAFERDriver; no ImagePath
U3 a8b0q2v5; C:\Windows\System32\Drivers\a8b0q2v5.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 aghqxgvw; C:\Windows\System32\Drivers\aghqxgvw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\system32\Drivers\TFsFltX64.sys
C:\Users\Karolina\Downloads\A78A.tmp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:
Velikost slozky "C:\Users\Karolina\Desktop" je 52347 MB.
To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\Karolina novou složku, přesuňte do ní všechna data z plochy (kromě zástupců) a na plochu si dejte zástupce té složky pro snazší přístup.

Re: čínská aplikace nejde odinstalovat

Napsal: 14 úno 2016 18:36
od skorpo
Problém vyřešen. Děkuji mockrát :)

Re: čínská aplikace nejde odinstalovat

Napsal: 14 úno 2016 19:07
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz