VIRY.CZ

Dobrý den, prosím o kontrolu RSIT, mám obavu že mám opět zavirované PC.
Při přeinstalaci mi nenainstalovali žádný antivir, nyní je PC pomalý, vyskakují různé reklamy, vzkazy atd
Díky předem za pomoc Jitka

Logfile of random's system information tool 1.10 (written by random/random)
Run by uživatel at 2016-05-14 14:22:11
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 8 GB (8%) free of 100 GB
Total RAM: 4094 MB (68% free)


======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\GWX\GWX.exe"
szndesktop.exe default start
"C:\Users\uživatel\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "1852246212-620685124-5834488461788985125-934267109-1862540832-1063942490-315615668
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
taskeng.exe {AA170804-D9A0-47BF-95A4-18DD66923194}
"C:\Program Files (x86)\OLBPre\OLBPre.exe" signup
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "http://trustedsurf.com/?ssid=1462300772 ... 704fccd219"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe

"C:\Program Files\trend micro\uživatel.exe" /silentautolog
C:\Windows\System32\svchost.exe -k WerSvcGroup
"D:\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\6ktn20pq.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\6ktn20pq.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2016-01-29 1340192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\uživatel\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\uživatel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-02-04 3014224]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-06-08 334896]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MyPC Backup.lnk - C:\Program Files (x86)\OLBPre\OLBPre.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-05-14 14:20:43 ----D---- C:\rsit
2016-05-14 14:20:43 ----D---- C:\Program Files\trend micro
2016-05-14 08:27:25 ----D---- C:\Windows\rescache
2016-05-11 20:31:45 ----A---- C:\Windows\system32\win32k.sys
2016-05-11 20:31:42 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-05-11 20:31:42 ----A---- C:\Windows\system32\tzres.dll
2016-05-11 20:31:39 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2016-05-11 20:31:39 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-05-11 20:31:39 ----A---- C:\Windows\system32\cdd.dll
2016-05-11 20:31:37 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2016-05-11 20:31:36 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-05-11 20:31:36 ----A---- C:\Windows\system32\gdi32.dll
2016-05-11 20:31:36 ----A---- C:\Windows\system32\d3d10level9.dll
2016-05-11 20:31:34 ----A---- C:\Windows\system32\jnwmon.dll
2016-05-11 20:31:32 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2016-05-11 20:31:32 ----A---- C:\Windows\system32\InkEd.dll
2016-05-11 20:31:25 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-05-11 20:31:24 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-05-11 20:31:24 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-05-11 20:31:24 ----A---- C:\Windows\system32\iernonce.dll
2016-05-11 20:31:24 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-05-11 20:31:23 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-05-11 20:31:23 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-05-11 20:31:22 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-05-11 20:31:22 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-05-11 20:31:22 ----A---- C:\Windows\system32\ie4uinit.exe
2016-05-11 20:31:21 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-05-11 20:31:21 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-05-11 20:31:21 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-05-11 20:31:21 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-05-11 20:31:21 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-05-11 20:31:21 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-05-11 20:31:21 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-05-11 20:31:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 20:31:21 ----A---- C:\Windows\system32\inseng.dll
2016-05-11 20:31:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-05-11 20:31:19 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-05-11 20:31:19 ----A---- C:\Windows\system32\urlmon.dll
2016-05-11 20:31:19 ----A---- C:\Windows\system32\occache.dll
2016-05-11 20:31:19 ----A---- C:\Windows\system32\iedkcs32.dll
2016-05-11 20:31:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-05-11 20:31:18 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-05-11 20:31:18 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-05-11 20:31:18 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-05-11 20:31:18 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 20:31:17 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-05-11 20:31:17 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-05-11 20:31:17 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-05-11 20:31:17 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 20:31:17 ----A---- C:\Windows\system32\msfeeds.dll
2016-05-11 20:31:17 ----A---- C:\Windows\system32\dxtrans.dll
2016-05-11 20:31:16 ----A---- C:\Windows\system32\iesetup.dll
2016-05-11 20:31:16 ----A---- C:\Windows\system32\ieapfltr.dll
2016-05-11 20:31:15 ----A---- C:\Windows\system32\iertutil.dll
2016-05-11 20:31:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-05-11 20:31:14 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-05-11 20:31:14 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-05-11 20:31:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-05-11 20:31:14 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-05-11 20:31:14 ----A---- C:\Windows\system32\vbscript.dll
2016-05-11 20:31:13 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-05-11 20:31:13 ----A---- C:\Windows\system32\jsproxy.dll
2016-05-11 20:31:11 ----A---- C:\Windows\system32\dxtmsft.dll
2016-05-11 20:31:10 ----A---- C:\Windows\system32\ieui.dll
2016-05-11 20:31:08 ----A---- C:\Windows\system32\mshtmled.dll
2016-05-11 20:31:08 ----A---- C:\Windows\system32\ieframe.dll
2016-05-11 20:31:07 ----A---- C:\Windows\system32\webcheck.dll
2016-05-11 20:31:07 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-05-11 20:31:07 ----A---- C:\Windows\system32\jscript.dll
2016-05-11 20:31:07 ----A---- C:\Windows\system32\ieUnatt.exe
2016-05-11 20:31:06 ----A---- C:\Windows\system32\wininet.dll
2016-05-11 20:31:06 ----A---- C:\Windows\system32\jscript9diag.dll
2016-05-11 20:31:06 ----A---- C:\Windows\system32\jscript9.dll
2016-05-11 20:31:04 ----A---- C:\Windows\system32\msrating.dll
2016-05-11 20:31:04 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-05-11 20:31:03 ----A---- C:\Windows\system32\mshtml.dll
2016-05-11 20:29:31 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-05-11 20:29:31 ----A---- C:\Windows\system32\rpcrt4.dll
2016-05-11 20:29:31 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-05-11 20:29:31 ----A---- C:\Windows\system32\lsasrv.dll
2016-05-11 20:29:31 ----A---- C:\Windows\system32\kerberos.dll
2016-05-11 20:29:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-05-11 20:29:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-05-11 20:29:30 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-05-11 20:29:30 ----A---- C:\Windows\system32\ntdll.dll
2016-05-11 20:29:30 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-05-11 20:29:29 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-05-11 20:29:29 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-05-11 20:29:29 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-05-11 20:29:29 ----A---- C:\Windows\system32\certcli.dll
2016-05-11 20:29:28 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-05-11 20:29:28 ----A---- C:\Windows\system32\smss.exe
2016-05-11 20:29:28 ----A---- C:\Windows\system32\kernel32.dll
2016-05-11 20:29:28 ----A---- C:\Windows\system32\advapi32.dll
2016-05-11 20:29:27 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-05-11 20:29:27 ----A---- C:\Windows\system32\wow64win.dll
2016-05-11 20:29:27 ----A---- C:\Windows\system32\schannel.dll
2016-05-11 20:29:27 ----A---- C:\Windows\system32\msv1_0.dll
2016-05-11 20:29:27 ----A---- C:\Windows\system32\KernelBase.dll
2016-05-11 20:29:27 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-05-11 20:29:26 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-05-11 20:29:25 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-05-11 20:29:25 ----A---- C:\Windows\system32\wow64.dll
2016-05-11 20:29:25 ----A---- C:\Windows\system32\winsrv.dll
2016-05-11 20:29:25 ----A---- C:\Windows\system32\wdigest.dll
2016-05-11 20:29:25 ----A---- C:\Windows\system32\TSpkg.dll
2016-05-11 20:29:25 ----A---- C:\Windows\system32\sspicli.dll
2016-05-11 20:29:25 ----A---- C:\Windows\system32\srcore.dll
2016-05-11 20:29:25 ----A---- C:\Windows\system32\ncrypt.dll
2016-05-11 20:29:25 ----A---- C:\Windows\system32\conhost.exe
2016-05-11 20:29:24 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-05-11 20:29:24 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-05-11 20:29:24 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-05-11 20:29:24 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-05-11 20:29:24 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-05-11 20:29:24 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\wow64cpu.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\sspisrv.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\srclient.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\secur32.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\rpchttp.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\lsass.exe
2016-05-11 20:29:24 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-05-11 20:29:24 ----A---- C:\Windows\system32\drivers\appid.sys
2016-05-11 20:29:24 ----A---- C:\Windows\system32\csrsrv.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\cryptbase.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\appidsvc.dll
2016-05-11 20:29:24 ----A---- C:\Windows\system32\appidapi.dll
2016-05-11 20:29:23 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-05-11 20:29:23 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-05-11 20:29:23 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-05-11 20:29:23 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-05-11 20:29:23 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-05-11 20:29:23 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-05-11 20:29:23 ----A---- C:\Windows\system32\rstrui.exe
2016-05-11 20:29:23 ----A---- C:\Windows\system32\ntvdm64.dll
2016-05-11 20:29:23 ----A---- C:\Windows\system32\credssp.dll
2016-05-11 20:29:23 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 20:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 20:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 20:29:22 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-05-11 20:29:22 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-05-11 20:29:22 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-05-11 20:29:22 ----A---- C:\Windows\system32\auditpol.exe
2016-05-11 20:29:22 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 20:29:21 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 20:29:21 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-05-11 20:29:21 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-05-11 20:29:21 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-05-11 20:29:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-05-11 20:29:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 20:29:20 ----A---- C:\Windows\SYSWOW64\user.exe
2016-05-11 20:29:20 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-05-11 20:29:20 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-05-11 20:29:20 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-05-11 20:29:20 ----A---- C:\Windows\system32\msobjs.dll
2016-05-11 20:29:20 ----A---- C:\Windows\system32\msaudite.dll
2016-05-11 20:29:20 ----A---- C:\Windows\system32\adtschema.dll
2016-05-11 20:29:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2016-05-11 20:29:12 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-05-06 16:18:59 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-05-01 12:33:16 ----ASH---- C:\pagefile.sys
2016-04-29 21:46:46 ----D---- C:\Program Files (x86)\OLBPre
2016-04-28 20:32:14 ----HD---- C:\$WINDOWS.~BT
2016-04-17 18:22:38 ----D---- C:\Users\uživatel\AppData\Roaming\Ancestry

======List of files/folders modified in the last 1 month======

2016-05-14 14:22:01 ----D---- C:\Windows\Prefetch
2016-05-14 14:20:43 ----RD---- C:\Program Files
2016-05-14 13:17:17 ----D---- C:\Windows\Temp
2016-05-14 09:00:34 ----D---- C:\Program Files (x86)\Steam
2016-05-14 08:27:25 ----D---- C:\Windows
2016-05-14 03:26:51 ----D---- C:\Users\uživatel\AppData\Roaming\Seznam.cz
2016-05-14 03:26:38 ----D---- C:\Windows\System32
2016-05-14 03:26:38 ----D---- C:\Windows\inf
2016-05-14 03:26:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-05-14 03:21:40 ----D---- C:\Windows\winsxs
2016-05-14 03:21:28 ----D---- C:\Windows\system32\config
2016-05-14 03:20:05 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-05-14 03:20:05 ----D---- C:\Windows\SysWOW64
2016-05-14 03:20:05 ----D---- C:\Windows\system32\drivers
2016-05-14 03:20:05 ----D---- C:\Windows\system32\cs-CZ
2016-05-14 03:17:19 ----D---- C:\Windows\Microsoft.NET
2016-05-14 03:04:54 ----SHD---- C:\Windows\Installer
2016-05-14 03:04:52 ----D---- C:\ProgramData\Microsoft Help
2016-05-14 03:00:43 ----SHD---- C:\System Volume Information
2016-05-12 13:50:07 ----RSD---- C:\Windows\assembly
2016-05-12 13:17:18 ----D---- C:\Program Files (x86)\Opera
2016-05-12 13:17:17 ----D---- C:\Windows\system32\Tasks
2016-05-12 13:08:39 ----D---- C:\Windows\system32\appraiser
2016-05-12 13:08:38 ----D---- C:\Windows\ehome
2016-05-12 13:08:38 ----D---- C:\Program Files\Windows Journal
2016-05-12 13:08:36 ----D---- C:\Windows\SYSWOW64\en-US
2016-05-12 13:08:36 ----D---- C:\Program Files\Internet Explorer
2016-05-12 13:08:35 ----D---- C:\Windows\system32\en-US
2016-05-12 13:08:34 ----D---- C:\Program Files (x86)\Internet Explorer
2016-05-12 13:08:30 ----D---- C:\Windows\AppPatch
2016-05-12 13:08:29 ----D---- C:\Windows\system32\Boot
2016-05-11 20:29:04 ----D---- C:\Windows\system32\catroot2
2016-05-11 19:04:28 ----RD---- C:\Program Files (x86)
2016-05-11 19:04:24 ----D---- C:\Windows\Tasks
2016-05-07 17:39:20 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 21:45:36 ----SD---- C:\Windows\SYSWOW64\GWX
2016-05-06 21:45:36 ----SD---- C:\Windows\system32\GWX
2016-04-28 20:37:32 ----D---- C:\Windows\Panther
2016-04-22 09:57:45 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-11-13 289120]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-11-13 133816]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-04-22 82128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-01-29 23808]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-01-29 374344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25 144200]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-04-23 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-05-06 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-04 835152]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-08-25 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

AdwCleaner v5.117 - Log soubor vytvořen 16/05/2016 o 17:14:32
# Aktualizováno 15/05/2016 by Xplode
# Databáze : 2016-05-15.2 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Jméno uživatele : uživatel - UŽIVATEL-PC
# Spuštěno z : C:\Users\uživatel\Desktop\adwcleaner_5.117.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****

[-] Složka smazáno : C:\Program Files (x86)\OLBPre
[-] Složka smazáno : C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\6ktn20pq.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

***** [ Soubory ] *****

[-] Soubor smazáno : C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[-] Soubor smazáno : C:\Users\uživatel\Desktop\MyPC Backup.lnk

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****

[-] Zástupce odvirováno : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotoGP2\MotoGP2.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\Desktop\WarThunder.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Naplánované úkoly ] *****

[-] Úkol smazáno : LaunchPreSignup
[-] Úkol smazáno : WarThunder sun
[-] Úkol smazáno : WarThunder sat
[-] Úkol smazáno : WarThunder24

***** [ Registr ] *****

[-] Klávesa smazáno : HKCU\Software\ICSW1.17
[-] Klávesa smazáno : HKCU\Software\PRODUCTSETUP
[-] Klávesa smazáno : HKCU\Software\csastats
[-] Klávesa smazáno : HKLM\SOFTWARE\SrpnFiles
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre

***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3336 bytes] - [16/05/2016 17:14:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [5182 bytes] - [16/05/2016 17:12:30]
C:\AdwCleaner\AdwCleaner[S2].txt - [5183 bytes] - [16/05/2016 17:13:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3555 bytes] ##########

Malware scan:

AdwCleaner v5.117 - Log soubor vytvořen 16/05/2016 o 17:14:32
# Aktualizováno 15/05/2016 by Xplode
# Databáze : 2016-05-15.2 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Jméno uživatele : uživatel - UŽIVATEL-PC
# Spuštěno z : C:\Users\uživatel\Desktop\adwcleaner_5.117.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****

[-] Složka smazáno : C:\Program Files (x86)\OLBPre
[-] Složka smazáno : C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\6ktn20pq.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

***** [ Soubory ] *****

[-] Soubor smazáno : C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[-] Soubor smazáno : C:\Users\uživatel\Desktop\MyPC Backup.lnk

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****

[-] Zástupce odvirováno : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotoGP2\MotoGP2.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\Desktop\WarThunder.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Naplánované úkoly ] *****

[-] Úkol smazáno : LaunchPreSignup
[-] Úkol smazáno : WarThunder sun
[-] Úkol smazáno : WarThunder sat
[-] Úkol smazáno : WarThunder24

***** [ Registr ] *****

[-] Klávesa smazáno : HKCU\Software\ICSW1.17
[-] Klávesa smazáno : HKCU\Software\PRODUCTSETUP
[-] Klávesa smazáno : HKCU\Software\csastats
[-] Klávesa smazáno : HKLM\SOFTWARE\SrpnFiles
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre

***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3336 bytes] - [16/05/2016 17:14:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [5182 bytes] - [16/05/2016 17:12:30]
C:\AdwCleaner\AdwCleaner[S2].txt - [5183 bytes] - [16/05/2016 17:13:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3555 bytes] ##########

Fajn, pokracijte s MBAM

Omlouvám se, omylem jsem vložila 2 x ADW cleaner. Tady je malware:

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 17.5.2016
Čas skenování: 16:29
Protokol: maware.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.05.16.04
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: uživatel

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 295227
Uplynulý čas: 7 min, 15 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 1
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder05, , [a4f06d6906933bfb89b4b0009a6837c9],

Hodnoty registru: 2
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://unstops.net/wpad.dat?dca0e172648fdf2fce4c1bf33a6c91a99714784, , [aaea3f977a1f56e0f2fe597d17ec9967]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://unstops.net/wpad.dat?dca0e172648 ... 1a99714784, , [5f35cc0aa4f560d6f3fcb52163a0b749]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
PUP.Optional.InstallCore, C:\Users\uživatel\AppData\Local\Temp\ICReinstall_watership-down-cze-116795.exe, , [dabaa432c1d8dd5930794fee956b31cf],
PUP.Optional.Amonetize, C:\Users\uživatel\AppData\Local\Temp\aff.conf, , [256fe3f30c8db581ec8c5019758fa35d],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Vsechny nalezy MBAM nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte (ale tentokrat opravdu se spravnym nastavenim - tohle byl jen Sken hrozeb, ten nekontroluje cely pocitac, ja chtel Vlastni sken), at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

tak tady to je:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 18.5.2016
Čas skenování: 15:51
Protokol: maware.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.05.18.05
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: uživatel

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 452283
Uplynulý čas: 1 hod, 36 min, 41 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
PUP.Optional.MyPCBackup, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\OLBPre\OLBPre.exe.vir, , [6fee00d70891b87e23bc7415639e17e9],
PUP.Optional.MyPCBackup, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\OLBPre\uninst.exe.vir, , [9fbebc1bb6e38fa74aef6abc0ff5758b],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Super, nalezy uz jsou neskodne v karantene ADWCleaneru, takze je neni potrea resit.

MBAM odinstalujte.


Postupujte podle navodu kolegy

vyosek píše: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64
Ran by u§ivatel (Administrator) on źt 19.05.2016 at 19:32:29,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 33

Successfully deleted: C:\Users\u§ivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal (File)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage (File)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage-journal (File)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage-journal (File)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage (File)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K7HY9LR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZQ70ZOG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BP758VTV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9JJJFGJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXNLD472 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKREJNJG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6LJIMO6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\u§ivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O82I51TP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K7HY9LR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZQ70ZOG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BP758VTV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9JJJFGJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXNLD472 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKREJNJG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6LJIMO6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O82I51TP (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{46E44CAB-CADE-4E0F-BD0C-620582C55C86} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 19.05.2016 at 19:34:38,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek log - omlouvám se, nechala jsem aplikaci proběhnout dle návodu, PC se restartovalo, ale než jsem pak stihla log zkopírovat a vložit sem, syn jej zavřel a log se na plochu neuložil. vše jsem zopakovala, ale tentokrát už to proběhlo jinak, mám jen výjezd níže - PC už se podruhé nerestartoval a log se neobjevil.


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by u§ivatel on źt 19.05.2016 at 20:18:54,63.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\UIVATE~1\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 20:19:16,98 =====

--- Create Environment Variables 20:19:18,57
--- Checking Input 20:19:27,61
--- Reset Hosts File 20:19:54,70
--- AU AppData Check 20:19:55,55
--- Remove From Windows Installer 20:19:58,28
--- Registry HKLM Software Check 20:21:10,52
--- IE Startpage Check 20:21:35,57
--- Program Files DB Check 20:22:53,01
--- C:\Users\Default\AppData\ DB Check 20:23:45,29
--- C:\Users\Default User\AppData\ DB Check 20:23:45,29
--- C:\Users\UIVATE~2\AppData\ DB Check 20:23:45,29
--- C:\Users\UIVATE~1\AppData\ DB Check 20:23:45,29
--- C:\Windows\SysNative\config\systemprofile\AppData\ DB Check 20:23:45,29
--- C:\Windows\sysWoW64\config\systemprofile\AppData\ DB Check 20:23:45,29
--- C:\Windows\serviceprofiles\networkservice\AppData\ DB Check 20:23:45,29
--- C:\Windows\serviceprofiles\Localservice\AppData\ DB Check 20:23:45,29
--- C:\Users\UIVATE~1 DB Check 20:26:46,90
--- C:\PROGRA~3 DB Check 20:27:06,28
--- C:\Users\Default\AppData\Local DB Check 20:27:18,26
--- C:\Users\Default User\AppData\Local DB Check 20:27:18,26
--- C:\Users\UIVATE~2\AppData\Local DB Check 20:27:18,26
--- C:\Users\UIVATE~1\AppData\Local DB Check 20:27:18,26
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 20:27:18,26
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 20:27:18,26
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 20:27:18,26
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 20:27:18,26
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 20:29:22,39
--- C:\Users\UIVATE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs DB Check 20:29:34,21
--- Tasks DB Check 20:29:41,72
--- Downloads DB Check 20:29:46,79
--- C:\Users\UIVATE~1\AppData\LocalLow DB Check 20:29:51,33
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 20:29:51,33
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 20:29:51,33
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 20:29:51,33
--- Tasks2 DB Check 20:30:34,74
--- Documents DB Check 20:31:17,97
--- C:\Users\UIVATE~1\AppData\Roaming\Mozilla\Firefox\Profiles\6ktn20pq.default DB Check 20:31:27,94
--- C:\Users\Public\Desktop DB Check 20:31:30,82
--- C:\Users\UIVATE~1\Desktop DB Check 20:31:37,59
--- Services DB Check 20:31:48,76
--- FF prefs.js DB Check 20:32:19,84
--- Emptyclsid 20:33:13,12
--- Del by CLSID 20:33:15,90
--- Delete Services 20:33:58,30
--- Firefox Fix 20:34:01,86
--- Firefox Extensions 20:34:06,96

Nevadi. Nastala zatim nejaka zmena? Vyskakuji stale reklamy?

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Reklamy na netu přestaly vyskakovat. Tady je log + Addition.rar v příloze:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
Ran by uživatel (administrator) on UŽIVATEL-PC (21-05-2016 15:16:44)
Running from C:\Users\uživatel\Desktop
Loaded Profiles: uživatel (Available Profiles: uživatel)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Users\uživatel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\uživatel\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(forum.viry.cz) C:\Users\uživatel\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\uživatel\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\uživatel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 10.1.1.2
Tcpip\..\Interfaces\{B91D527B-B134-4992-A3C8-237BEA3FD226}: [DhcpNameServer] 10.1.1.1 10.1.1.2

Internet Explorer:
==================
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-3141529800-1370788988-1554017704-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3141529800-1370788988-1554017704-1000 -> {07A42511-5CDC-4D1B-8C72-8784CEED4EA3} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3141529800-1370788988-1554017704-1000 -> {0A5AD8CB-8B5C-4142-B10E-39F007680052} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3141529800-1370788988-1554017704-1000 -> {2D6C60D8-972E-4C1E-9ADC-C576C7244A33} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3141529800-1370788988-1554017704-1000 -> {3B84E107-EA55-4A23-A625-C8FAC5DAE0DF} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3141529800-1370788988-1554017704-1000 -> {5273A3B2-63B7-4379-B9F5-72FB7756C4EB} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3141529800-1370788988-1554017704-1000 -> {54203D8F-6A11-47CF-9E55-1E13B6CBCEEE} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3141529800-1370788988-1554017704-1000 -> {6557E863-71C9-48D2-805A-6A4366CD15E2} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3141529800-1370788988-1554017704-1000 -> {767961FE-4283-4631-B3FF-A341C99B8223} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\6ktn20pq.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-25]
CHR Extension: (Google Docs) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-25]
CHR Extension: (Google Drive) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Gmail) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2015-12-24] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-21 15:16 - 2016-05-21 15:17 - 00009356 _____ C:\Users\uživatel\Desktop\FRST.txt
2016-05-21 15:14 - 2016-05-21 15:16 - 00000000 ____D C:\FRST
2016-05-21 15:12 - 2016-05-21 15:13 - 00112640 _____ (forum.viry.cz) C:\Users\uživatel\Desktop\FRSTLauncher.exe
2016-05-21 11:28 - 2016-05-21 11:28 - 02382336 _____ (Farbar) C:\Users\uživatel\Desktop\FRST64.exe
2016-05-19 20:33 - 2016-05-19 20:33 - 00000000 ____D C:\zoek
2016-05-19 20:18 - 2016-05-19 20:34 - 00002914 _____ C:\runcheck.txt
2016-05-19 19:39 - 2016-05-19 19:54 - 00000000 ____D C:\zoek_backup
2016-05-19 19:39 - 2016-05-19 19:39 - 04186040 _____ C:\Users\uživatel\Desktop\zoek.zip
2016-05-19 19:38 - 2016-05-19 19:38 - 01309184 _____ C:\Users\uživatel\Desktop\zoek.exe
2016-05-19 19:34 - 2016-05-19 19:34 - 00006159 _____ C:\Users\uživatel\Desktop\JRT.txt
2016-05-19 19:31 - 2016-05-19 19:31 - 01610816 _____ (Malwarebytes) C:\Users\uživatel\Desktop\JRT.exe
2016-05-17 16:43 - 2016-05-18 18:04 - 00001402 _____ C:\Users\uživatel\Desktop\maware.txt
2016-05-16 18:19 - 2016-05-17 16:30 - 00003538 _____ C:\Users\uživatel\Desktop\ADW log.txt
2016-05-16 17:49 - 2016-05-16 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-16 17:47 - 2016-05-16 17:47 - 22851472 _____ (Malwarebytes ) C:\Users\uživatel\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-16 17:12 - 2016-05-18 18:07 - 00000000 ____D C:\AdwCleaner
2016-05-16 17:11 - 2016-05-16 17:11 - 03651136 _____ C:\Users\uživatel\Desktop\adwcleaner_5.117.exe
2016-05-14 14:20 - 2016-05-14 14:22 - 00000000 ____D C:\rsit
2016-05-14 14:20 - 2016-05-14 14:22 - 00000000 ____D C:\Program Files\trend micro
2016-05-14 08:27 - 2016-05-14 08:28 - 00000000 ____D C:\Windows\rescache
2016-05-13 15:00 - 2016-05-13 15:21 - 363806720 _____ C:\Users\uživatel\Downloads\The-Originals-s01e17-cz-titulky.avi
2016-05-11 20:31 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 20:31 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 20:31 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 20:31 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 20:31 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 20:31 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 20:31 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 20:31 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 20:31 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 20:31 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 20:31 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 20:31 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 20:31 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 20:31 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 20:31 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 20:31 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 20:31 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 20:31 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 20:31 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 20:31 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 20:31 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 20:31 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 20:31 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 20:31 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 20:31 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 20:31 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 20:31 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 20:31 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 20:31 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 20:31 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 20:31 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 20:31 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 20:31 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 20:31 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 20:31 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 20:31 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 20:31 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 20:31 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 20:31 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 20:31 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 20:31 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 20:31 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 20:31 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 20:31 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 20:31 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 20:31 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 20:31 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 20:31 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 20:31 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 20:31 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 20:31 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 20:31 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 20:31 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 20:31 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 20:31 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 20:31 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 20:31 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 20:31 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 20:31 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 20:31 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 20:31 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 20:31 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 20:31 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 20:31 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 20:31 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 20:31 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 20:31 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 20:31 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 20:31 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 20:31 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 20:31 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 20:31 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 20:31 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 20:31 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 20:31 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 20:31 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 20:31 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 20:31 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 20:31 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 20:29 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 20:29 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 20:29 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 20:29 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 20:29 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 20:29 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 20:29 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 20:29 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 20:29 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 20:29 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 20:29 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 20:29 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 20:29 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 20:29 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 20:29 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 20:29 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 20:29 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 20:29 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 20:29 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 20:29 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 20:29 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 20:29 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 20:29 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 20:29 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 20:29 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 20:29 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 20:29 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 20:29 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-06 16:34 - 2016-05-06 17:44 - 1269825321 _____ C:\Users\uživatel\Downloads\'Akční+Životopisný+Drama..rychlost+adrenalin+děvčata-a-RIVALOVÉ-J.Hunt-&-N.Lauda..'-Rush-(2013)-DabCz.mp4
2016-05-06 16:18 - 2016-05-07 17:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-28 20:32 - 2016-04-28 20:32 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-26 21:18 - 2016-04-27 21:25 - 00000000 ____D C:\Users\uživatel\Desktop\písničky

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-21 15:09 - 2015-08-25 14:21 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 15:07 - 2009-07-14 06:45 - 00024768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 15:07 - 2009-07-14 06:45 - 00024768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 11:59 - 2015-07-20 11:05 - 00003994 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3AE42B9-5D84-4F99-A36C-A231DA747F1D}
2016-05-21 11:05 - 2015-12-26 11:55 - 00000000 ____D C:\Users\uživatel\AppData\Roaming\Seznam.cz
2016-05-21 11:01 - 2015-12-28 17:53 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-21 11:00 - 2015-08-25 14:21 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-21 10:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-19 16:30 - 2016-02-23 22:24 - 00000000 ____D C:\Users\uživatel\Desktop\Naruto
2016-05-18 12:58 - 2011-04-12 10:34 - 00668542 _____ C:\Windows\system32\perfh005.dat
2016-05-18 12:58 - 2011-04-12 10:34 - 00141202 _____ C:\Windows\system32\perfc005.dat
2016-05-18 12:58 - 2009-07-14 07:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-18 12:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-17 19:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\ModemLogs
2016-05-17 17:10 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-05-17 17:09 - 2015-09-29 18:43 - 00000000 ____D C:\Users\uživatel\Documents\Word
2016-05-16 17:14 - 2016-01-30 17:59 - 00001085 _____ C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
2016-05-16 17:14 - 2016-01-30 17:59 - 00001055 _____ C:\Users\uživatel\Desktop\WarThunder.lnk
2016-05-16 17:14 - 2016-01-30 17:58 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-05-16 17:14 - 2015-12-21 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotoGP2
2016-05-16 17:14 - 2015-08-25 14:21 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-16 17:14 - 2015-08-25 14:21 - 00001290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-16 17:14 - 2015-07-20 11:06 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-16 17:14 - 2015-07-17 17:13 - 00000975 _____ C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-14 03:21 - 2009-07-14 06:45 - 00410408 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 13:25 - 2015-07-20 11:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-12 13:17 - 2016-01-30 17:58 - 00003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454169508
2016-05-12 13:17 - 2016-01-30 17:57 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-12 13:08 - 2015-08-26 06:28 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 13:08 - 2011-04-12 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 19:04 - 2015-08-25 14:21 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 19:04 - 2015-08-25 14:21 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-11 19:03 - 2015-08-25 18:13 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-07 17:39 - 2015-07-20 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 21:45 - 2015-08-27 04:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 21:45 - 2015-08-27 04:33 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-28 20:37 - 2011-06-03 11:33 - 00000000 ____D C:\Windows\Panther
2016-04-22 09:57 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======


Some files in TEMP:
====================
C:\Users\uživatel\AppData\Local\Temp\7za.exe
C:\Users\uživatel\AppData\Local\Temp\DaS_21.exe
C:\Users\uživatel\AppData\Local\Temp\hijackthis.exe
C:\Users\uživatel\AppData\Local\Temp\NirCmd.exe
C:\Users\uživatel\AppData\Local\Temp\PEVZ.EXE
C:\Users\uživatel\AppData\Local\Temp\remove.exe
C:\Users\uživatel\AppData\Local\Temp\sed.exe
C:\Users\uživatel\AppData\Local\Temp\shortcut.exe
C:\Users\uživatel\AppData\Local\Temp\swreg.exe
C:\Users\uživatel\AppData\Local\Temp\swxcacls.exe
C:\Users\uživatel\AppData\Local\Temp\wget.exe
C:\Users\uživatel\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-08 11:22

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:97.88 GB) (Free:33.47 GB) NTFS
Drive d: (DATA) (Fixed) (Total:200.11 GB) (Free:146.53 GB) NTFS

Available physical RAM: 3070.3 MB
Total physical RAM: 4094.49 MB
Percentage of memory in use: 25%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6488C353)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.1 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\u�ivatel\Desktop" je 4030 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\u�ivatel\Desktop" je 4030 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku





Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Prosím tě, je možné že nemám poznámkový blok nainstalovaný? Přes Start, Spustit mi nenajde ani notepad ani pozn. blok. Mám stáhnout? Na Slunečnici mají pouze pro 32 bit PC. Díky - promiň jsem prostý uživatel - laik

Poznamkovy blok byva soucasti systemu, takze by tam mel byt. Kdyz se klikne na plose pravym mysidlem a kurzorem se najede na Novy, je tam moznost textovy dokument?

Ano to tam je. Díky.....
Tady je log:

Fix result of Farbar Recovery Scan Tool (x64) Version:22-05-2016
Ran by uživatel (2016-05-22 14:33:45) Run:1
Running from C:\Users\uživatel\Desktop
Loaded Profiles: uživatel (Available Profiles: uživatel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\uživatel\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\uživatel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25 144200]

2016-05-16 17:49 - 2016-05-16 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-16 17:47 - 2016-05-16 17:47 - 22851472 _____ (Malwarebytes ) C:\Users\uživatel\Desktop\mbam-setup-2.2.1.1043.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value removed successfully
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value removed successfully
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value removed successfully
HKU\S-1-5-21-3141529800-1370788988-1554017704-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value removed successfully
MBAMSwissArmy => service removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
C:\ProgramData\Malwarebytes => moved successfully
C:\Users\uživatel\Desktop\mbam-setup-2.2.1.1043.exe => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 967 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:34:57 ====