Zdravím, prosím o kontrolu logu. V PC jsem nedávno objevil Amazon Assistant, tak jsem ho odinstaloval. Jenže po každém spuštění/restartování PC se mi otevře Internet Explorer a tam je napsáno, že Amazon Assistant byl úspěšně nainstalován a v PC je znovu.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:25:16, on 21.01.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\dalib\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Bloody2] "C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe" Minimum
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Action! service (ACTION_SVC) - Unknown owner - C:\Program Files (x86)\Mirillis\Action!\action_svc.exe
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Amazon 1Button App Service - Amazon Inc. - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
O23 - Service: Amazon Assistant Service - Unknown owner - C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7130 bytes
Prosím o kontrolu logu
Re: Prosím o kontrolu logu
# AdwCleaner v6.042 - Log vytvořen 21/01/2017 v 10:29:27
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-20.2 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Dalibor - DEKSTOP-PC
# Spuštěno z : C:\Users\dalib\Desktop\adwcleaner_6.042.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Služba nalezena: Amazon 1Button App Service
***** [ Složky ] *****
Složka nalezena: C:\Program Files (x86)\Amazon\Amazon1ButtonApp
***** [ Soubory ] *****
Nebyly nalezeny žádné škodlivé soubory.
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Klíč nalezen: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\distromatic
Klíč nalezen: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Safer Technologies
Klíč nalezen: HKCU\Software\distromatic
Klíč nalezen: HKCU\Software\Safer Technologies
Klíč nalezen: HKLM\SOFTWARE\Safer Technologies
Klíč nalezen: [x64] HKCU\Software\distromatic
Klíč nalezen: [x64] HKCU\Software\Safer Technologies
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [2675 Bajty] - [21/01/2017 10:29:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2748 Bajty] ##########
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-20.2 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Dalibor - DEKSTOP-PC
# Spuštěno z : C:\Users\dalib\Desktop\adwcleaner_6.042.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Služba nalezena: Amazon 1Button App Service
***** [ Složky ] *****
Složka nalezena: C:\Program Files (x86)\Amazon\Amazon1ButtonApp
***** [ Soubory ] *****
Nebyly nalezeny žádné škodlivé soubory.
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Klíč nalezen: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\distromatic
Klíč nalezen: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Safer Technologies
Klíč nalezen: HKCU\Software\distromatic
Klíč nalezen: HKCU\Software\Safer Technologies
Klíč nalezen: HKLM\SOFTWARE\Safer Technologies
Klíč nalezen: [x64] HKCU\Software\distromatic
Klíč nalezen: [x64] HKCU\Software\Safer Technologies
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [2675 Bajty] - [21/01/2017 10:29:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2748 Bajty] ##########
Re: Prosím o kontrolu logu
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 21.01.17
Čas skenování: 10:31
Logovací soubor: MB.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.1068
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DEKSTOP-PC\Dalibor
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 392044
Uplynulý čas: 1 min, 17 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 2
PUP.Optional.Amazon1Button, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Amazon 1Button App Service, Žádná uživatelská akce, [1762], [334107],1.0.1068
PUP.Optional.Distromatic, HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\SOFTWARE\Distromatic, Žádná uživatelská akce, [2840], [359638],1.0.1068
Hodnota v registru: 2
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [1749], [-1],0.0.0
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [1749], [-1],0.0.0
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 1
PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP, Žádná uživatelská akce, [1749], [333344],1.0.1068
Soubor: 1
PUP.Optional.Amazon1Button, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP\AMAZON1BUTTONSERVICE64.EXE, Žádná uživatelská akce, [1762], [334107],1.0.1068
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 21.01.17
Čas skenování: 10:31
Logovací soubor: MB.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.1068
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DEKSTOP-PC\Dalibor
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 392044
Uplynulý čas: 1 min, 17 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 2
PUP.Optional.Amazon1Button, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Amazon 1Button App Service, Žádná uživatelská akce, [1762], [334107],1.0.1068
PUP.Optional.Distromatic, HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\SOFTWARE\Distromatic, Žádná uživatelská akce, [2840], [359638],1.0.1068
Hodnota v registru: 2
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [1749], [-1],0.0.0
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [1749], [-1],0.0.0
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 1
PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP, Žádná uživatelská akce, [1749], [333344],1.0.1068
Soubor: 1
PUP.Optional.Amazon1Button, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP\AMAZON1BUTTONSERVICE64.EXE, Žádná uživatelská akce, [1762], [334107],1.0.1068
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Scan“, po prohledání klikni na „ Clean“
Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
klikni na „Scan“, po prohledání klikni na „ Clean“
Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
# AdwCleaner v6.042 - Log vytvořen 21/01/2017 v 11:21:37
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-20.2 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Dalibor - DEKSTOP-PC
# Spuštěno z : C:\Users\dalib\Desktop\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: Amazon 1Button App Service
***** [ Složky ] *****
[-] Složka smazána: C:\Program Files (x86)\Amazon\Amazon1ButtonApp
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
[-] Klíč smazán: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\distromatic
[-] Klíč smazán: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Safer Technologies
[#] Klíč smazán po restartu: HKCU\Software\distromatic
[#] Klíč smazán po restartu: HKCU\Software\Safer Technologies
[-] Klíč smazán: HKLM\SOFTWARE\Safer Technologies
[#] Klíč smazán po restartu: [x64] HKCU\Software\distromatic
[#] Klíč smazán po restartu: [x64] HKCU\Software\Safer Technologies
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2566 Bajty] - [21/01/2017 11:21:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [2851 Bajty] - [21/01/2017 10:29:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [2926 Bajty] - [21/01/2017 11:17:24]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2785 Bajty] ##########
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-20.2 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Dalibor - DEKSTOP-PC
# Spuštěno z : C:\Users\dalib\Desktop\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: Amazon 1Button App Service
***** [ Složky ] *****
[-] Složka smazána: C:\Program Files (x86)\Amazon\Amazon1ButtonApp
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
[-] Klíč smazán: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\distromatic
[-] Klíč smazán: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Safer Technologies
[#] Klíč smazán po restartu: HKCU\Software\distromatic
[#] Klíč smazán po restartu: HKCU\Software\Safer Technologies
[-] Klíč smazán: HKLM\SOFTWARE\Safer Technologies
[#] Klíč smazán po restartu: [x64] HKCU\Software\distromatic
[#] Klíč smazán po restartu: [x64] HKCU\Software\Safer Technologies
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2566 Bajty] - [21/01/2017 11:21:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [2851 Bajty] - [21/01/2017 10:29:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [2926 Bajty] - [21/01/2017 11:17:24]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2785 Bajty] ##########
Re: Prosím o kontrolu logu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by Dalibor (Administrator) on 21.01.2017 at 11:25:17,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Successfully deleted: C:\Program Files (x86)\safer technologies (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2017 at 11:26:36,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by Dalibor (Administrator) on 21.01.2017 at 11:25:17,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Successfully deleted: C:\Program Files (x86)\safer technologies (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2017 at 11:26:36,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Prosím o kontrolu logu
Malwarebytes
http://www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 21.01.17
Čas skenování: 11:28
Logovací soubor: MB.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.1068
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DEKSTOP-PC\Dalibor
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 392800
Uplynulý čas: 1 min, 13 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
http://www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 21.01.17
Čas skenování: 11:28
Logovací soubor: MB.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.1068
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DEKSTOP-PC\Dalibor
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 392800
Uplynulý čas: 1 min, 13 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Re: Prosím o kontrolu logu
Sophos nic nenašel.
RogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Dalibor [Práva správce]
Started from : C:\Users\dalib\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 01/21/2017 14:27:55 (Duration : 00:20:00)
¤¤¤ Procesy : 4 ¤¤¤
[Proc.Svchost] svchost.exe(5908) -- C:\Windows\System32\svchost.exe[7] -> Nalezeno
[Proc.Svchost] svchost.exe(3412) -- C:\Windows\System32\svchost.exe[7] -> Nalezeno
[Proc.Svchost] svchost.exe(5940) -- C:\Windows\System32\svchost.exe[7] -> Nalezeno
[Proc.Svchost] svchost.exe(4980) -- C:\Windows\System32\svchost.exe[7] -> Nalezeno
¤¤¤ Registry : 6 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Win -> Nalezeno
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Win -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 10.0.0.10 ([-][]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{98028755-8020-4169-a811-2f5f1f850a95} | DhcpNameServer : 10.0.0.1 10.0.0.10 ([-][]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] e651b643d692139199a958e6c3b0f187
[BSP] 1ac66bae1e0374abf129c9c883271ff5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 113970 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD7501AALS-00E3A0 ATA Device +++++
--- User ---
[MBR] 18702a1a7371ce5a6dc6e3e21025808e
[BSP] 862d9d3820ee94fc3738d867ba3a86c9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 307500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 629762048 | Size: 407903 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
RogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Dalibor [Práva správce]
Started from : C:\Users\dalib\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 01/21/2017 14:27:55 (Duration : 00:20:00)
¤¤¤ Procesy : 4 ¤¤¤
[Proc.Svchost] svchost.exe(5908) -- C:\Windows\System32\svchost.exe[7] -> Nalezeno
[Proc.Svchost] svchost.exe(3412) -- C:\Windows\System32\svchost.exe[7] -> Nalezeno
[Proc.Svchost] svchost.exe(5940) -- C:\Windows\System32\svchost.exe[7] -> Nalezeno
[Proc.Svchost] svchost.exe(4980) -- C:\Windows\System32\svchost.exe[7] -> Nalezeno
¤¤¤ Registry : 6 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Win -> Nalezeno
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Win -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 10.0.0.10 ([-][]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{98028755-8020-4169-a811-2f5f1f850a95} | DhcpNameServer : 10.0.0.1 10.0.0.10 ([-][]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] e651b643d692139199a958e6c3b0f187
[BSP] 1ac66bae1e0374abf129c9c883271ff5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 113970 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD7501AALS-00E3A0 ATA Device +++++
--- User ---
[MBR] 18702a1a7371ce5a6dc6e3e21025808e
[BSP] 862d9d3820ee94fc3738d867ba3a86c9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 307500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 629762048 | Size: 407903 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše. Prosím zkopíruj sem celý jejich obsah.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše. Prosím zkopíruj sem celý jejich obsah.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Prosím o kontrolu logu
RogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Dalibor [Práva správce]
Started from : C:\Users\dalib\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 01/25/2017 22:16:46 (Duration : 00:19:43)
¤¤¤ Procesy : 4 ¤¤¤
[Proc.Svchost] svchost.exe(5908) -- C:\Windows\System32\svchost.exe[7] -> Zastaveno [TermProc]
[Proc.Svchost] svchost.exe(3412) -- C:\Windows\System32\svchost.exe[7] -> Zastaveno [TermProc]
[Proc.Svchost] svchost.exe(5940) -- C:\Windows\System32\svchost.exe[7] -> Zastaveno [TermProc]
[Proc.Svchost] svchost.exe(4980) -- C:\Windows\System32\svchost.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 6 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Win -> Smazáno
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Win -> Smazáno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 10.0.0.10 ([-][]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{98028755-8020-4169-a811-2f5f1f850a95} | DhcpNameServer : 10.0.0.1 10.0.0.10 ([-][]) -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] e651b643d692139199a958e6c3b0f187
[BSP] 1ac66bae1e0374abf129c9c883271ff5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 113970 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD7501AALS-00E3A0 ATA Device +++++
--- User ---
[MBR] 18702a1a7371ce5a6dc6e3e21025808e
[BSP] 862d9d3820ee94fc3738d867ba3a86c9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 307500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 629762048 | Size: 407903 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Dalibor [Práva správce]
Started from : C:\Users\dalib\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 01/25/2017 22:16:46 (Duration : 00:19:43)
¤¤¤ Procesy : 4 ¤¤¤
[Proc.Svchost] svchost.exe(5908) -- C:\Windows\System32\svchost.exe[7] -> Zastaveno [TermProc]
[Proc.Svchost] svchost.exe(3412) -- C:\Windows\System32\svchost.exe[7] -> Zastaveno [TermProc]
[Proc.Svchost] svchost.exe(5940) -- C:\Windows\System32\svchost.exe[7] -> Zastaveno [TermProc]
[Proc.Svchost] svchost.exe(4980) -- C:\Windows\System32\svchost.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 6 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Win -> Smazáno
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Win -> Smazáno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 10.0.0.10 ([-][]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{98028755-8020-4169-a811-2f5f1f850a95} | DhcpNameServer : 10.0.0.1 10.0.0.10 ([-][]) -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] e651b643d692139199a958e6c3b0f187
[BSP] 1ac66bae1e0374abf129c9c883271ff5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 113970 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD7501AALS-00E3A0 ATA Device +++++
--- User ---
[MBR] 18702a1a7371ce5a6dc6e3e21025808e
[BSP] 862d9d3820ee94fc3738d867ba3a86c9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 307500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 629762048 | Size: 407903 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
Re: Prosím o kontrolu logu
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Dalibor on 25.01.2017 at 22:48:16,88.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dalib\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
25.01.2017 22:50:26 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Freemake deleted successfully
C:\PROGRA~2\Intel deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\Shared Space deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\dalib\AppData\Local\CrashDumps deleted successfully
C:\Users\dalib\AppData\Local\PackageStaging deleted successfully
C:\Users\dalib\AppData\Local\PeerDistRepub deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Freemake not found
C:\PROGRA~2\Intel not found
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dalib\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\dalib\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\dalib\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\dalib\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\dalib\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=25 folders=31 28110906 bytes)
==== Empty Temp Folders ======================
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\dalib\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 25.01.2017 at 23:48:21,74 ======================
Tool run by Dalibor on 25.01.2017 at 22:48:16,88.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dalib\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
25.01.2017 22:50:26 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Freemake deleted successfully
C:\PROGRA~2\Intel deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\Shared Space deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\dalib\AppData\Local\CrashDumps deleted successfully
C:\Users\dalib\AppData\Local\PackageStaging deleted successfully
C:\Users\dalib\AppData\Local\PeerDistRepub deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Freemake not found
C:\PROGRA~2\Intel not found
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dalib\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\dalib\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\dalib\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\dalib\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\dalib\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=25 folders=31 28110906 bytes)
==== Empty Temp Folders ======================
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\dalib\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 25.01.2017 at 23:48:21,74 ======================
Re: Prosím o kontrolu logu
FRST.txt je moc velký rozděluju ho na 2 častí.
1. část:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Dalibor (administrator) on DEKSTOP-PC (26-01-2017 22:07:41)
Running from C:\Users\dalib\Desktop
Loaded Profiles: Dalibor (Available Profiles: defaultuser0 & Dalibor)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1519800 2016-12-28] (COMODO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [19335680 2016-12-29] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.0.10
Tcpip\..\Interfaces\{98028755-8020-4169-a811-2f5f1f850a95}: [DhcpNameServer] 10.0.0.1 10.0.0.10
Internet Explorer:
==================
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [16064 2014-10-25] ()
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] ()
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [99000 2016-12-16] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6758568 2016-12-28] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876088 2016-12-28] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmdag.sys [26568856 2016-10-26] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmpag.sys [536592 2016-10-26] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [40952 2016-12-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828360 2016-12-16] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [50288 2016-12-16] (COMODO)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127144 2016-12-16] (COMODO)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-01-26] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-26 22:07 - 2017-01-26 22:07 - 00008816 _____ C:\Users\dalib\Desktop\FRST.txt
2017-01-26 22:06 - 2017-01-26 22:07 - 00000000 ____D C:\FRST
2017-01-26 19:48 - 2017-01-26 19:48 - 00000000 ____D C:\Users\dalib\AppData\Local\PeerDistRepub
2017-01-26 12:40 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-26 12:40 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-25 23:48 - 2017-01-25 23:48 - 00005602 _____ C:\Users\dalib\Desktop\zoek-results.txt
2017-01-25 23:47 - 2017-01-25 22:47 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-01-25 22:47 - 2017-01-25 23:38 - 00000000 ____D C:\zoek_backup
2017-01-25 22:47 - 2017-01-25 22:47 - 00007862 _____ C:\Users\dalib\Desktop\rog.txt
2017-01-25 22:15 - 2017-01-26 22:06 - 02420736 _____ (Farbar) C:\Users\dalib\Desktop\FRST64.exe
2017-01-25 22:15 - 2017-01-25 22:47 - 01309184 _____ C:\Users\dalib\Desktop\zoek.exe
2017-01-25 22:15 - 2017-01-25 22:15 - 00000091 _____ C:\Users\dalib\Desktop\Nový textový dokument (3).txt
2017-01-21 15:35 - 2017-01-21 15:35 - 00007740 _____ C:\Users\dalib\Desktop\Rogue.txt
2017-01-21 14:27 - 2017-01-25 22:16 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-21 14:26 - 2017-01-21 15:35 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-21 11:31 - 2017-01-21 11:31 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-21 11:31 - 2017-01-21 11:31 - 00000000 ____D C:\ProgramData\Sophos
2017-01-21 11:31 - 2017-01-21 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-21 11:30 - 2017-01-21 11:30 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-21 11:26 - 2017-01-21 11:26 - 00000623 _____ C:\Users\dalib\Desktop\JRT.txt
2017-01-21 11:22 - 2017-01-21 11:22 - 00002891 _____ C:\Users\dalib\Desktop\AdwCleaner[C0].txt
2017-01-21 11:19 - 2017-01-21 11:19 - 00000000 ___HD C:\VTRoot
2017-01-21 11:17 - 2017-01-26 22:06 - 00006322 _____ C:\Windows\system32\Drivers\fvstore.dat
2017-01-21 11:01 - 2017-01-22 09:45 - 00000009 _____ C:\Users\dalib\Desktop\Nový textový dokument.txt
2017-01-21 11:01 - 2017-01-21 12:40 - 25947720 _____ C:\Users\dalib\Desktop\RogueKillerX64.exe
2017-01-21 11:01 - 2017-01-21 11:30 - 155417832 _____ (Sophos Limited) C:\Users\dalib\Desktop\Sophos Virus Removal Tool.exe
2017-01-21 11:00 - 2017-01-21 11:23 - 01663040 _____ (Malwarebytes) C:\Users\dalib\Desktop\JRT.exe
2017-01-21 10:40 - 2017-01-26 22:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2017-01-21 10:40 - 2017-01-21 10:40 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\Program Files\COMODO
2017-01-21 10:39 - 2017-01-21 10:39 - 00000000 ____D C:\ProgramData\Comodo
2017-01-21 10:33 - 2017-01-21 11:30 - 00001405 _____ C:\Users\dalib\Desktop\MB.txt
2017-01-21 10:31 - 2017-01-21 10:31 - 00002854 _____ C:\Users\dalib\Desktop\AdwCleaner[S0].txt
2017-01-21 10:25 - 2017-01-21 11:21 - 00000000 ____D C:\AdwCleaner
2017-01-21 10:24 - 2017-01-21 10:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\dalib\Desktop\HijackThis.exe
2017-01-21 10:21 - 2017-01-26 21:45 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-21 10:21 - 2017-01-25 23:48 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 10:21 - 2017-01-25 23:48 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-21 10:21 - 2017-01-25 23:48 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-21 10:21 - 2017-01-21 10:21 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-21 10:21 - 2017-01-21 10:21 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-21 10:21 - 2017-01-21 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-21 10:20 - 2017-01-21 10:24 - 03988944 _____ C:\Users\dalib\Desktop\adwcleaner_6.042.exe
2017-01-21 10:20 - 2017-01-21 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 10:20 - 2017-01-21 10:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-21 10:20 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-21 10:17 - 2017-01-21 10:21 - 00050688 _____ (Atribune.org) C:\Users\dalib\Desktop\ATF-Cleaner.exe
2017-01-21 10:17 - 2017-01-21 10:20 - 00448512 _____ (OldTimer Tools) C:\Users\dalib\Desktop\TFC.exe
2017-01-20 21:12 - 2017-01-20 21:12 - 02160656 _____ C:\Users\dalib\Downloads\wrar540cz.exe
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\Users\dalib\AppData\Roaming\WinRAR
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\Users\dalib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-01-20 21:07 - 2017-01-20 21:10 - 18814198 _____ C:\Users\dalib\Downloads\Mirillis.Action.2.1.0.0.rar
2017-01-20 21:01 - 2017-01-20 21:04 - 19167064 _____ (Mirillis Ltd.) C:\Users\dalib\Downloads\action_2_1_0_setup.exe
2017-01-20 20:55 - 2017-01-20 21:06 - 00002114 _____ C:\Users\Public\Desktop\Action!.lnk
2017-01-20 20:55 - 2017-01-20 21:06 - 00000000 ____D C:\Program Files (x86)\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\Users\dalib\AppData\Roaming\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\Users\dalib\AppData\Local\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\ProgramData\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\Action!
2017-01-20 20:41 - 2017-01-25 23:35 - 00004206 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{98951693-2B9B-4DA2-8C5E-F74ED5F78423}
2017-01-12 18:53 - 2017-01-12 18:53 - 00000661 _____ C:\Users\dalib\Downloads\userconfig.cfg
2017-01-12 18:37 - 2017-01-12 18:37 - 00000218 _____ C:\Users\dalib\Desktop\Counter-Strike.url
2017-01-11 18:49 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-11 18:49 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-11 18:49 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-11 18:49 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-11 18:49 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-11 18:49 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-11 18:49 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-11 18:49 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-11 18:49 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-11 18:49 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-11 18:49 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-11 18:49 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-11 18:49 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-11 18:49 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-11 18:49 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-11 18:49 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-11 18:49 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-11 18:49 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-11 18:49 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-11 18:49 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-11 18:49 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-11 18:49 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-11 18:49 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-11 18:49 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-11 18:49 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-11 18:49 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-11 18:49 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-11 18:49 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-11 18:49 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-11 18:49 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-11 18:49 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-11 18:49 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-11 18:49 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-11 18:49 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-11 18:49 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-11 18:49 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-11 18:49 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 18:49 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-11 18:49 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-11 18:49 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-11 18:49 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 18:49 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-11 18:49 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-11 18:49 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-11 18:49 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-11 18:49 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-11 18:49 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-11 18:49 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-11 18:49 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-11 18:49 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 18:49 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 18:49 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-11 18:49 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-11 18:49 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 18:49 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-11 18:49 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-11 18:49 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-11 18:49 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-11 18:49 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-11 18:49 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-11 18:49 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-11 18:49 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 18:49 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-11 18:49 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-11 18:49 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-11 18:49 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-11 18:49 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-11 18:49 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-11 18:49 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-11 18:49 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-11 18:49 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-11 18:49 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-01-11 18:49 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2017-01-11 18:49 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2017-01-11 18:49 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 18:49 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-11 18:49 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-11 18:49 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-11 18:49 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-11 18:49 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-11 18:49 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-11 18:49 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-11 18:49 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-11 18:49 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-11 18:49 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-11 18:49 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-11 18:49 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 18:49 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 18:49 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-11 18:49 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-11 18:49 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-11 18:49 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-11 18:49 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-11 18:49 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-11 18:49 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
1. část:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Dalibor (administrator) on DEKSTOP-PC (26-01-2017 22:07:41)
Running from C:\Users\dalib\Desktop
Loaded Profiles: Dalibor (Available Profiles: defaultuser0 & Dalibor)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1519800 2016-12-28] (COMODO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [19335680 2016-12-29] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.0.10
Tcpip\..\Interfaces\{98028755-8020-4169-a811-2f5f1f850a95}: [DhcpNameServer] 10.0.0.1 10.0.0.10
Internet Explorer:
==================
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [16064 2014-10-25] ()
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] ()
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [99000 2016-12-16] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6758568 2016-12-28] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876088 2016-12-28] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmdag.sys [26568856 2016-10-26] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmpag.sys [536592 2016-10-26] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [40952 2016-12-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828360 2016-12-16] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [50288 2016-12-16] (COMODO)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127144 2016-12-16] (COMODO)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-01-26] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-26 22:07 - 2017-01-26 22:07 - 00008816 _____ C:\Users\dalib\Desktop\FRST.txt
2017-01-26 22:06 - 2017-01-26 22:07 - 00000000 ____D C:\FRST
2017-01-26 19:48 - 2017-01-26 19:48 - 00000000 ____D C:\Users\dalib\AppData\Local\PeerDistRepub
2017-01-26 12:40 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-26 12:40 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-25 23:48 - 2017-01-25 23:48 - 00005602 _____ C:\Users\dalib\Desktop\zoek-results.txt
2017-01-25 23:47 - 2017-01-25 22:47 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-01-25 22:47 - 2017-01-25 23:38 - 00000000 ____D C:\zoek_backup
2017-01-25 22:47 - 2017-01-25 22:47 - 00007862 _____ C:\Users\dalib\Desktop\rog.txt
2017-01-25 22:15 - 2017-01-26 22:06 - 02420736 _____ (Farbar) C:\Users\dalib\Desktop\FRST64.exe
2017-01-25 22:15 - 2017-01-25 22:47 - 01309184 _____ C:\Users\dalib\Desktop\zoek.exe
2017-01-25 22:15 - 2017-01-25 22:15 - 00000091 _____ C:\Users\dalib\Desktop\Nový textový dokument (3).txt
2017-01-21 15:35 - 2017-01-21 15:35 - 00007740 _____ C:\Users\dalib\Desktop\Rogue.txt
2017-01-21 14:27 - 2017-01-25 22:16 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-21 14:26 - 2017-01-21 15:35 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-21 11:31 - 2017-01-21 11:31 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-21 11:31 - 2017-01-21 11:31 - 00000000 ____D C:\ProgramData\Sophos
2017-01-21 11:31 - 2017-01-21 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-21 11:30 - 2017-01-21 11:30 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-21 11:26 - 2017-01-21 11:26 - 00000623 _____ C:\Users\dalib\Desktop\JRT.txt
2017-01-21 11:22 - 2017-01-21 11:22 - 00002891 _____ C:\Users\dalib\Desktop\AdwCleaner[C0].txt
2017-01-21 11:19 - 2017-01-21 11:19 - 00000000 ___HD C:\VTRoot
2017-01-21 11:17 - 2017-01-26 22:06 - 00006322 _____ C:\Windows\system32\Drivers\fvstore.dat
2017-01-21 11:01 - 2017-01-22 09:45 - 00000009 _____ C:\Users\dalib\Desktop\Nový textový dokument.txt
2017-01-21 11:01 - 2017-01-21 12:40 - 25947720 _____ C:\Users\dalib\Desktop\RogueKillerX64.exe
2017-01-21 11:01 - 2017-01-21 11:30 - 155417832 _____ (Sophos Limited) C:\Users\dalib\Desktop\Sophos Virus Removal Tool.exe
2017-01-21 11:00 - 2017-01-21 11:23 - 01663040 _____ (Malwarebytes) C:\Users\dalib\Desktop\JRT.exe
2017-01-21 10:40 - 2017-01-26 22:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2017-01-21 10:40 - 2017-01-21 10:40 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\Program Files\COMODO
2017-01-21 10:39 - 2017-01-21 10:39 - 00000000 ____D C:\ProgramData\Comodo
2017-01-21 10:33 - 2017-01-21 11:30 - 00001405 _____ C:\Users\dalib\Desktop\MB.txt
2017-01-21 10:31 - 2017-01-21 10:31 - 00002854 _____ C:\Users\dalib\Desktop\AdwCleaner[S0].txt
2017-01-21 10:25 - 2017-01-21 11:21 - 00000000 ____D C:\AdwCleaner
2017-01-21 10:24 - 2017-01-21 10:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\dalib\Desktop\HijackThis.exe
2017-01-21 10:21 - 2017-01-26 21:45 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-21 10:21 - 2017-01-25 23:48 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 10:21 - 2017-01-25 23:48 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-21 10:21 - 2017-01-25 23:48 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-21 10:21 - 2017-01-21 10:21 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-21 10:21 - 2017-01-21 10:21 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-21 10:21 - 2017-01-21 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-21 10:20 - 2017-01-21 10:24 - 03988944 _____ C:\Users\dalib\Desktop\adwcleaner_6.042.exe
2017-01-21 10:20 - 2017-01-21 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 10:20 - 2017-01-21 10:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-21 10:20 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-21 10:17 - 2017-01-21 10:21 - 00050688 _____ (Atribune.org) C:\Users\dalib\Desktop\ATF-Cleaner.exe
2017-01-21 10:17 - 2017-01-21 10:20 - 00448512 _____ (OldTimer Tools) C:\Users\dalib\Desktop\TFC.exe
2017-01-20 21:12 - 2017-01-20 21:12 - 02160656 _____ C:\Users\dalib\Downloads\wrar540cz.exe
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\Users\dalib\AppData\Roaming\WinRAR
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\Users\dalib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-01-20 21:07 - 2017-01-20 21:10 - 18814198 _____ C:\Users\dalib\Downloads\Mirillis.Action.2.1.0.0.rar
2017-01-20 21:01 - 2017-01-20 21:04 - 19167064 _____ (Mirillis Ltd.) C:\Users\dalib\Downloads\action_2_1_0_setup.exe
2017-01-20 20:55 - 2017-01-20 21:06 - 00002114 _____ C:\Users\Public\Desktop\Action!.lnk
2017-01-20 20:55 - 2017-01-20 21:06 - 00000000 ____D C:\Program Files (x86)\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\Users\dalib\AppData\Roaming\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\Users\dalib\AppData\Local\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\ProgramData\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\Action!
2017-01-20 20:41 - 2017-01-25 23:35 - 00004206 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{98951693-2B9B-4DA2-8C5E-F74ED5F78423}
2017-01-12 18:53 - 2017-01-12 18:53 - 00000661 _____ C:\Users\dalib\Downloads\userconfig.cfg
2017-01-12 18:37 - 2017-01-12 18:37 - 00000218 _____ C:\Users\dalib\Desktop\Counter-Strike.url
2017-01-11 18:49 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-11 18:49 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-11 18:49 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-11 18:49 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-11 18:49 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-11 18:49 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-11 18:49 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-11 18:49 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-11 18:49 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-11 18:49 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-11 18:49 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-11 18:49 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-11 18:49 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-11 18:49 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-11 18:49 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-11 18:49 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-11 18:49 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-11 18:49 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-11 18:49 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-11 18:49 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-11 18:49 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-11 18:49 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-11 18:49 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-11 18:49 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-11 18:49 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-11 18:49 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-11 18:49 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-11 18:49 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-11 18:49 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-11 18:49 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-11 18:49 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-11 18:49 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-11 18:49 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-11 18:49 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-11 18:49 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-11 18:49 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-11 18:49 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 18:49 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-11 18:49 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-11 18:49 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-11 18:49 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 18:49 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-11 18:49 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-11 18:49 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-11 18:49 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-11 18:49 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-11 18:49 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-11 18:49 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-11 18:49 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-11 18:49 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 18:49 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 18:49 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-11 18:49 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-11 18:49 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 18:49 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-11 18:49 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-11 18:49 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-11 18:49 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-11 18:49 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-11 18:49 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-11 18:49 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-11 18:49 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 18:49 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-11 18:49 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-11 18:49 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-11 18:49 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-11 18:49 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-11 18:49 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-11 18:49 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-11 18:49 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-11 18:49 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-11 18:49 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-01-11 18:49 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2017-01-11 18:49 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2017-01-11 18:49 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 18:49 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-11 18:49 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-11 18:49 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-11 18:49 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-11 18:49 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-11 18:49 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-11 18:49 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-11 18:49 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-11 18:49 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-11 18:49 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-11 18:49 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-11 18:49 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 18:49 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 18:49 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-11 18:49 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-11 18:49 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-11 18:49 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-11 18:49 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-11 18:49 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-11 18:49 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 12 hostů