Kontrola logu - zasekaný počítač a vyskakující reklamy

DrummTekk · Příspěvekod **DrummTekk** » 14 zář 2015 22:56

Zdravím všechny :), prosím mohl by mi někdo překontrolovat log z HiJacku? :) Při načtení stránky v prohlížečích se mi hned poté načte nějaká reklama a nebo při kliknutí kamkoliv ve stránce mi vyskočí okno s další už si s tím nevím rady... :/ předem moc děkuji :).

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:41:43, on 14. 9. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera_crashreporter.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Users\Jan\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: SecureWebBHO - {D3C24E2B-C820-4492-9B69-11BF7163F998} - C:\Program Files (x86)\Jelbruss Secure Web\jswie.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files (x86)\Daemon\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [InetStat] C:\Users\Jan\AppData\Roaming\InetStat\inetstat.exe
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files (x86)\Daemon\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @oem13.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Úložná technologie Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Malware Protection - SecureSoft - C:\Windows\mlwps.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Privoxy (PrivoxyService) (PrivoxyService) - The Privoxy team - www.privoxy.org - C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9738 bytes

Reklama

Příspěvekod **jaro3** » 14 zář 2015 23:18

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

DrummTekk · Příspěvekod **DrummTekk** » 14 zář 2015 23:41

Malware Bytes pořád skenuje a ráno brzo vstávám tak log z toho přidám zítra ráno.
Tady je log z Awd Cleaneru # AdwCleaner v5.007 - Logfile created 14/09/2015 at 23:34:50
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Jan - HPPRBOOK
# Running from : C:\Users\Jan\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : Live Malware Protection
Service Found : PrivoxyService

***** [ Folders ] *****

Folder Found : C:\IQIYI Video
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\ytd video downloader
Folder Found : C:\ProgramData\IQIYI Video
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\Users\Jan\AppData\Local\globalUpdate
Folder Found : C:\Users\Jan\AppData\Local\torch
Folder Found : C:\Users\Jan\AppData\Local\SysassistByHotWheel
Folder Found : C:\Users\Jan\AppData\Roaming\DriverCure
Folder Found : C:\Users\Jan\AppData\Roaming\InetStat
Folder Found : C:\Users\Jan\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\Jan\AppData\Roaming\IQIYI Video
Folder Found : C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat

***** [ Files ] *****

File Found : C:\Windows\mlwps.exe
File Found : C:\Windows\Sysnative\roboot64.exe

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : Malware Cleaner
Task Found : amiupdaterExd
Task Found : amiupdaterExi

***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Found : HKCU\Software\Classes\Applications\inetstat.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Found : HKCU\Software\MozillaPlugins\@iqiyi.com/npWebPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\Crossbrowse
Key Found : HKLM\SOFTWARE\SecureWebChannel
Key Found : HKLM\SOFTWARE\SecureWeb
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : [x64] HKCU\Software\InetStat
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\Crossbrowse
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Key Found : [x64] HKLM\SOFTWARE\HighDefAction
Key Found : [x64] HKLM\SOFTWARE\ArenaHD
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpuminer
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5320 bytes] #########

DrummTekk · Příspěvekod **DrummTekk** » 15 zář 2015 09:01

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14. 9. 2015
Čas skenování: 23:43
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.14.06
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Jan

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 500020
Uplynulý čas: 9 hod, 16 min, 16 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe, 2032, , [f7d7c86757341e18320b8578b34fc838]

Moduly: 1
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\mgwz.dll, , [f7d7c86757341e18320b8578b34fc838],

Klíče registru: 39
PUP.Optional.SecureWeb, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKLM\SOFTWARE\CLASSES\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKU\S-1-5-21-2359608370-521826302-2152580262-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.SecureWeb, HKU\S-1-5-21-2359608370-521826302-2152580262-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, , [85494de26724f93d3b108b5910f27090],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, , [b816c36c503b71c5160af3eaeb17c13f],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, , [b816c36c503b71c5160af3eaeb17c13f],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, , [b816c36c503b71c5160af3eaeb17c13f],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, , [b816c36c503b71c5160af3eaeb17c13f],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, , [b816c36c503b71c5160af3eaeb17c13f],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, , [b816c36c503b71c5160af3eaeb17c13f],
PUP.Optional.HighDefAction, HKLM\SOFTWARE\HighDefAction, , [08c661ce216ad26499cf4d4b94704db3],
PUP.Optional.YorkNewCin, HKLM\SOFTWARE\YorkNewCin, , [2da1f13e8209b97d27edf1d15ca85da3],
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\ARENAHD, , [7955f8377f0ce056b4c90f778a7a37c9],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\GLOBALUPDATE.EXE, , [37974fe0cebd76c0bdacb0e62dd7b44c],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\GLOBALUPDATE.EXE, , [6d61e847e7a436008edbdfb7d62e0000],
PUP.Optional.CrossRider, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [2ba350df94f79b9b74e15538d4308e72],
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, , [448aa08f068587afe33cc0bff60ed42c],
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, , [16b858d7404b8bab79a64e31b3518779],
PUP.Optional.SecureWeb, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Jelbruss Secure Web Task, , [38962c033d4eae88ec26d8da36ce619f],
PUP.Optional.IQIYIVideo, HKLM\SOFTWARE\MOZILLAPLUGINS\@iqiyi.com/npWebPlayer, , [4787f13e4744300657889ffc14f05ca4],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV06.09, , [913d3bf46c1f93a33bb80c79cb396e92],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV06.09-nv-ie, , [547a0e2159329f97be3590f51ee6e719],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\Crossbrowse, , [527ca788b2d9f244cf8271198c78a35d],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\GLOBALUPDATE.EXE, , [834b5ed1107b76c0a2c75a3c2fd5fc04],
PUP.Software.Updater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, , [943a5bd438530a2c96df4c037390817f],
PUP.Optional.IQIYIVideo, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@iqiyi.com/npWebPlayer, , [9836d95683086fc728b7415afd07c63a],
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [567851de8efdd75fc93e0983c93b7c84],
PUP.Optional.Cinema, HKU\S-1-5-21-2359608370-521826302-2152580262-1001\SOFTWARE\CinemaP-1.9cV06.09, , [08c6f53a6922c5713fab0e77917327d9],
PUP.Optional.Cinema, HKU\S-1-5-21-2359608370-521826302-2152580262-1001\SOFTWARE\CinemaP-1.9cV06.09-nv-ie, , [ffcffe3192f99d997e6c295c8a7a28d8],
PUP.Optional.CrossBrowse, HKU\S-1-5-21-2359608370-521826302-2152580262-1001\SOFTWARE\Crossbrowse, , [c00ed8573d4e1026d379cbbf07fd6997],
PUP.Optional.IQIYIVideo, HKU\S-1-5-21-2359608370-521826302-2152580262-1001\SOFTWARE\MOZILLAPLUGINS\@iqiyi.com/npWebPlayer, , [27a70728ddaedc5a7e60d0cbc341a65a],
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, , [f7d7c86757341e18320b8578b34fc838],

Hodnoty registru: 6
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\ARENAHD|value, 1, , [7955f8377f0ce056b4c90f778a7a37c9]
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\GLOBALUPDATE.EXE|AppID, {3278F5CF-48F3-4253-A6BB-004CE84AF492}, , [37974fe0cebd76c0bdacb0e62dd7b44c]
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\GLOBALUPDATE.EXE|AppID, {3278F5CF-48F3-4253-A6BB-004CE84AF492}, , [6d61e847e7a436008edbdfb7d62e0000]
PUP.Optional.PCTuner, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, , [6c626dc2018a1521733dfdac37cd7789]
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\GLOBALUPDATE.EXE|AppID, {3278F5CF-48F3-4253-A6BB-004CE84AF492}, , [834b5ed1107b76c0a2c75a3c2fd5fc04]
PUM.Bad.Proxy, HKU\S-1-5-21-2359608370-521826302-2152580262-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [7e503df2fe8d0531f72e30408c7845bb]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 8
PUP.Optional.InetStat, C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat, , [3e9065cacdbec86e110a7f1ca064966a],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.GlobalUpdate, C:\Program Files (x86)\globalUpdate\Update, , [e2ec31fe2665d66011825ea09a6852ae],
PUP.Optional.IQIYI, C:\ProgramData\IQIYI Video, , [7e50042bd8b3d56169c619fb6c97cc34],
PUP.Optional.IQIYI, C:\Users\Jan\AppData\Roaming\IQIYI Video, , [d3fbfc336f1c92a47db2967e0300f40c],
PUP.Optional.IQIYI, C:\Users\Jan\AppData\Roaming\IQIYI Video\GeePlayer, , [d3fbfc336f1c92a47db2967e0300f40c],
PUP.Optional.SysAssistByHotWheel, C:\Users\Jan\AppData\Local\SysassistByHotWheel, , [6668d758b3d8310544623fe49370b14f],
PUP.Optional.SysAssistByHotWheel, C:\Users\Jan\AppData\Local\SysassistByHotWheel\log, , [6668d758b3d8310544623fe49370b14f],

Soubory: 22
PUP.Optional.SecureWeb, C:\Program Files (x86)\Jelbruss Secure Web\jswie.dll, , [85494de26724f93d3b108b5910f27090],
Trojan.Agent.W, C:\Users\Jan\Desktop\instalačky\Windows 7\sources\$OEM$\$$\SETUP\SCRIPTS\Windows7Loader.exe, , [7c5298977c0f79bd7b1af41e59aca55b],
PUP.Optional.InetStat, C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat\InetStat.lnk, , [3e9065cacdbec86e110a7f1ca064966a],
PUP.Optional.SecureWeb, C:\Windows\System32\Tasks\Jelbruss Secure Web Task, , [d2fcb07f85060630d638981ab450fb05],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\checkproxy.exe, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\config.txt, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\default.action, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\default.filter, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\jswchromium.exe, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\jsweb.dll, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\jsweb64.dll, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\jswff.exe, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\jswtask.exe, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\mgwz.dll, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\privoxy.log, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\uninstall.exe, , [f7d7c86757341e18320b8578b34fc838],
PUP.Optional.IQIYI, C:\Users\Jan\AppData\Roaming\IQIYI Video\GeePlayer\GeePlayerUninst.exe, , [d3fbfc336f1c92a47db2967e0300f40c],
PUP.Optional.SysAssistByHotWheel, C:\Users\Jan\AppData\Local\SysassistByHotWheel\conditions.xml, , [6668d758b3d8310544623fe49370b14f],
PUP.Optional.SysAssistByHotWheel, C:\Users\Jan\AppData\Local\SysassistByHotWheel\config.ini, , [6668d758b3d8310544623fe49370b14f],
PUP.Optional.SysAssistByHotWheel, C:\Users\Jan\AppData\Local\SysassistByHotWheel\lobby.xml, , [6668d758b3d8310544623fe49370b14f],
PUP.Optional.SysAssistByHotWheel, C:\Users\Jan\AppData\Local\SysassistByHotWheel\log\Opera, , [6668d758b3d8310544623fe49370b14f],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 15 zář 2015 09:32

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

DrummTekk · Příspěvekod **DrummTekk** » 15 zář 2015 18:38

Tak konečně hotovo tady jsou výsledky :)

# AdwCleaner v5.007 - Logfile created 15/09/2015 at 17:46:12
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Jan - HPPRBOOK
# Running from : C:\Users\Jan\Desktop\čištění pc\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : Live Malware Protection

***** [ Folders ] *****

[-] Folder Deleted : C:\IQIYI Video
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Jan\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Jan\AppData\Local\torch
[-] Folder Deleted : C:\Users\Jan\AppData\Roaming\DriverCure
[-] Folder Deleted : C:\Users\Jan\AppData\Roaming\InetStat
[-] Folder Deleted : C:\Users\Jan\AppData\Roaming\ParetoLogic

***** [ Files ] *****

[-] File Deleted : C:\Windows\mlwps.exe
[-] File Deleted : C:\Windows\Sysnative\roboot64.exe

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : Malware Cleaner

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\Applications\inetstat.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\InetStat
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\torch
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\torch
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[!] Key Not Deleted : [x64] HKCU\Software\InetStat
[!] Key Not Deleted : [x64] HKCU\Software\ParetoLogic
[!] Key Not Deleted : [x64] HKCU\Software\torch
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpuminer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3915 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 8.1 x64
Ran by Jan on Łt 15. 09. 2015 at 17:53:36,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Users\Public\qiyi

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 15. 09. 2015 at 17:55:25,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15. 9. 2015
Čas skenování: 17:57
Protokol: MbAM log.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.15.05
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Jan

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 342393
Uplynulý čas: 20 min, 16 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

RogueKiller V10.10.5.0 (x64) [Sep 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Jan [Práva správce]
Started from : C:\Users\Jan\Desktop\?i?t?ní pc\RogueKillerX64.exe
Mód : Prohledat -- Datum : 09/15/2015 18:34:54

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \Win Update -- C:\Users\Jan\AppData\Roaming\Win Update\Win Update.exe -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 2b09b5f6a0e182648f2c3fb4c0b2a891
[BSP] 8ca17f132219e2a51591c5f9cff8d877 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 714875 MB
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **jaro3** » 15 zář 2015 21:13

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

DrummTekk · Příspěvekod **DrummTekk** » 16 zář 2015 00:57

RogueKiller V10.10.5.0 (x64) [Sep 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Jan [Práva správce]
Started from : C:\Users\Jan\Desktop\?i?t?ní pc\RogueKillerX64.exe
Mód : Smazat Přerušeno -- Datum : 09/15/2015 22:28:45

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤

# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\hide.me VPN deleted successfully
C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~3\PDF Architect 3 deleted successfully
C:\Users\Jan\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Jan\AppData\Local\EmieSiteList deleted successfully
C:\Users\Jan\AppData\Local\EmieUserList deleted successfully

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Jan (administrator) on HPPRBOOK (15-09-2015 22:40:26)
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available Profiles: Jan)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Disc Soft Ltd) C:\Program Files (x86)\Daemon\DAEMON Tools Lite\DiscSoftBusService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera_crashreporter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285832 2013-01-02] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2359608370-521826302-2152580262-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\Daemon\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2359608370-521826302-2152580262-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-08-31] (Glarysoft Ltd)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 194.228.41.65
Tcpip\..\Interfaces\{CA704F89-6B29-4F2C-95E3-5F4494D7E21C}: [DhcpNameServer] 192.168.20.1 194.228.41.65

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-2359608370-521826302-2152580262-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2359608370-521826302-2152580262-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\Daemon\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-05] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-09-05] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DrummTekk · Příspěvekod **DrummTekk** » 16 zář 2015 00:57

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 22:40 - 2015-09-15 22:40 - 00011713 _____ C:\Users\Jan\Desktop\FRST.txt
2015-09-15 22:40 - 2015-09-15 22:40 - 00000000 ____D C:\FRST
2015-09-15 22:39 - 2015-09-15 22:39 - 02191360 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2015-09-15 22:31 - 2015-09-15 22:35 - 00001013 _____ C:\runcheck.txt
2015-09-15 22:31 - 2015-09-15 22:33 - 00001572 _____ C:\zoek-results.log
2015-09-15 22:31 - 2015-09-15 22:31 - 00000000 ____D C:\zoek_backup
2015-09-15 18:24 - 2015-09-15 22:26 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-15 18:24 - 2015-09-15 18:36 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-15 08:18 - 2015-09-15 08:18 - 00000000 ____D C:\Users\Jan\AppData\Local\CEF
2015-09-15 08:17 - 2015-09-15 08:18 - 00000000 ____D C:\Users\Jan\AppData\Local\Adobe
2015-09-14 23:50 - 2015-09-15 22:36 - 00000000 ____D C:\Users\Jan\Desktop\čištění pc
2015-09-14 23:39 - 2015-09-14 23:39 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-14 23:34 - 2015-09-15 17:46 - 00000000 ____D C:\AdwCleaner
2015-09-14 23:27 - 2015-09-14 23:27 - 00000000 ____D C:\Users\Jan\AppData\Local\ATI
2015-09-14 23:25 - 2015-09-14 23:25 - 00050688 _____ (Atribune.org) C:\Users\Jan\Downloads\ATF-Cleaner (1).exe
2015-09-14 22:39 - 2015-09-14 22:41 - 00009739 _____ C:\Users\Jan\Downloads\hijackthis.log
2015-09-14 22:35 - 2015-09-14 22:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jan\Downloads\HijackThis (1).exe
2015-09-14 22:11 - 2015-09-15 18:39 - 00000000 ____D C:\Users\Jan\Desktop\Nová složka
2015-09-13 22:40 - 2015-09-13 22:41 - 00000000 ____D C:\Users\Jan\Desktop\řeškystřešky
2015-09-13 21:15 - 2015-09-15 20:07 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-13 21:15 - 2015-09-14 22:21 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-09-13 21:15 - 2015-09-13 21:15 - 00003918 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-09-13 21:15 - 2015-09-13 21:15 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-10 08:19 - 2015-09-10 08:19 - 00000000 ___HD C:\$Windows.~BT
2015-09-10 08:05 - 2015-09-15 22:35 - 00001948 _____ C:\Windows\setupact.log
2015-09-10 08:05 - 2015-09-10 08:05 - 00000000 _____ C:\Windows\setuperr.log
2015-09-10 08:04 - 2015-09-15 22:35 - 00014166 _____ C:\Windows\PFRO.log
2015-09-09 14:44 - 2015-09-12 18:06 - 00000000 ____D C:\Users\Jan\AppData\Roaming\vlc
2015-09-09 13:48 - 2015-09-15 14:07 - 00642928 _____ C:\Windows\WindowsUpdate.log
2015-09-09 12:03 - 2015-09-09 14:10 - 00000000 ____D C:\Program Files (x86)\RegCure Pro v3.1.3 Final
2015-09-09 12:00 - 2015-09-09 12:00 - 00000000 ____D C:\Users\Jan\AppData\Roaming\WinRAR
2015-09-09 11:22 - 2015-09-09 11:22 - 00000000 ____D C:\Users\Jan\AppData\Roaming\ATI
2015-09-09 11:21 - 2015-09-09 20:44 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
2015-09-09 11:14 - 2015-09-09 14:41 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Battle.net
2015-09-09 08:18 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 08:18 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 08:18 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 08:18 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 08:18 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 08:18 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 08:18 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 08:18 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 08:18 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 08:18 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 08:18 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 08:18 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 08:18 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 08:18 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 08:18 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 08:18 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 08:18 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 08:18 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 08:18 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 08:18 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 08:18 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 08:18 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 08:18 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 08:18 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 08:18 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 08:17 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 08:17 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 08:17 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 08:17 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 08:17 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 08:17 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 08:17 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 08:17 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 08:17 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 08:17 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 08:17 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 08:17 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-09 08:17 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 08:17 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-09 08:17 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 08:17 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 08:17 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 08:17 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 08:17 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 08:17 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 08:17 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 08:17 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-09 08:17 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 08:17 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-09 08:17 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 08:17 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 08:17 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 08:17 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 08:17 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 08:17 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 08:17 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 08:17 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 08:17 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 08:17 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 08:17 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 08:17 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-09 08:17 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-09 08:17 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 08:17 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-09 08:17 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-09 08:17 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 08:17 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 08:17 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 08:17 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 08:17 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-09 08:17 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-09 08:17 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-09 08:17 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-09 08:17 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-09 08:17 - 2015-07-13 21:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-09 08:17 - 2015-07-10 21:06 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-09 08:17 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-09 08:17 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-09 08:17 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-09 08:17 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-08 21:18 - 2015-09-09 14:31 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Macromedia
2015-09-08 21:14 - 2015-09-10 09:13 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Adobe
2015-09-08 18:22 - 2015-09-08 18:22 - 00000000 ____D C:\Users\Jan\AppData\Roaming\GlarySoft
2015-09-08 13:37 - 2015-09-08 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-08 09:18 - 2015-09-08 09:18 - 00003594 _____ C:\Windows\System32\Tasks\AV Updater Task
2015-09-08 09:18 - 2015-09-08 09:18 - 00000000 ____D C:\Program Files (x86)\AV Updater
2015-09-06 22:23 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-09-06 22:23 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-09-06 22:23 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-09-06 22:23 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-09-06 22:23 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-09-06 22:23 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-09-06 22:23 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-09-06 22:23 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-09-06 22:23 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-09-06 22:23 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-09-06 22:23 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-09-06 22:23 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-09-06 22:23 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-09-06 22:23 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-09-06 22:23 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-09-06 22:23 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-09-06 22:23 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-09-06 22:23 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-09-06 22:23 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-09-06 22:23 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-09-06 22:23 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-09-06 22:23 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-09-06 22:23 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-09-06 22:23 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-09-06 22:23 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-09-06 22:23 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-09-06 22:23 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-09-06 22:23 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-09-06 22:23 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-09-06 22:23 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-09-06 22:23 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-09-06 22:23 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-09-06 22:23 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-09-06 22:23 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-09-06 22:23 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-09-06 22:23 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-09-06 22:23 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-09-06 22:23 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-09-06 22:23 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-09-06 22:23 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-09-06 22:23 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-09-06 22:23 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-09-06 22:23 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-09-06 22:23 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-09-06 22:23 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-09-06 22:23 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-09-06 22:23 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-09-06 22:23 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-09-06 22:23 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-09-06 22:23 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-09-06 22:23 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-09-06 22:23 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-09-06 22:23 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-09-06 22:23 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-09-06 22:23 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-09-06 22:23 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-09-06 22:23 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-09-06 22:22 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-09-06 22:22 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-09-06 22:22 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-09-06 22:22 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-09-06 22:22 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-09-06 22:22 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-09-06 22:22 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-09-06 22:22 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-09-06 22:22 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-09-06 22:22 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-09-06 22:22 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-09-06 22:22 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-09-06 22:22 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-09-06 22:22 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-09-06 22:22 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-09-06 22:22 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-09-06 22:22 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-09-06 22:22 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-09-06 22:22 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-09-06 22:22 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-09-06 22:22 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-09-06 22:22 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-09-06 22:22 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-09-06 22:22 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-09-06 22:22 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-09-06 22:22 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-09-06 22:22 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-09-06 22:22 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-09-06 22:22 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-09-06 22:22 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-09-06 22:22 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-09-06 22:22 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-09-06 22:22 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-09-06 22:22 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-09-06 22:22 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-09-06 22:22 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-09-06 22:22 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-09-06 22:22 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-09-06 22:22 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-09-06 22:22 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-09-06 22:22 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-09-06 22:22 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-09-06 22:22 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-09-06 22:22 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-09-06 22:22 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-09-06 22:22 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-09-06 22:22 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-09-06 22:22 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-09-06 22:22 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-09-06 22:22 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-09-06 22:22 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-09-06 22:22 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-09-06 22:22 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-09-06 22:22 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-09-06 22:22 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-09-06 22:22 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-09-06 22:22 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-09-06 22:22 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-09-06 22:22 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-09-06 22:22 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-09-06 22:22 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-09-06 22:22 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-09-06 22:22 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-09-06 22:22 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-09-06 22:22 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-09-06 22:22 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-09-06 22:22 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-09-06 22:22 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-09-06 22:22 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-09-06 22:22 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-09-06 22:22 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-09-06 22:22 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-09-06 22:22 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-09-06 22:22 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-09-06 22:22 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-09-06 22:19 - 2015-09-06 22:19 - 00000000 ____D C:\Users\Jan\AppData\Local\Opera Software
2015-09-06 22:18 - 2015-09-06 22:18 - 00003816 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1441570174
2015-09-06 22:18 - 2015-09-06 22:18 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Opera Software
2015-09-06 22:16 - 2015-09-07 00:16 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-06 22:16 - 2015-09-06 22:16 - 00002544 _____ C:\Users\Public\Desktop\The Sims 3.Gold Edition.v 16.0.136 + Store.lnk
2015-09-06 22:16 - 2015-09-06 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx
2015-09-06 22:14 - 2015-09-06 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-06 22:14 - 2015-09-06 22:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-06 22:09 - 2015-09-06 22:09 - 00001147 _____ C:\Users\Public\Desktop\Opera.lnk
2015-09-06 22:09 - 2015-09-06 22:09 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-06 22:08 - 2015-09-06 22:19 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-06 22:05 - 2015-09-06 22:05 - 00000000 ____D C:\Users\Jan\AppData\Local\Unity
2015-09-06 22:05 - 2015-09-06 22:05 - 00000000 ____D C:\ppsfile
2015-09-06 21:54 - 2015-09-06 21:55 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-09-06 21:49 - 2015-09-09 12:01 - 00000509 _____ C:\0
2015-09-06 21:35 - 2015-09-06 22:16 - 00000000 ____D C:\Program Files (x86)\The Sims 3.Gold Edition.v 16.0.136 + Store
2015-09-06 21:21 - 2015-09-06 22:23 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-09-05 23:50 - 2015-09-05 23:50 - 00000000 ____D C:\Users\Public\Documents\EA Games
2015-09-05 23:45 - 2015-09-05 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-09-05 23:44 - 2015-09-05 23:44 - 00000000 ____D C:\Users\Jan\Documents\EA Games
2015-09-05 23:42 - 2015-09-05 23:42 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-09-05 23:35 - 2015-09-05 23:35 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2015-09-05 22:46 - 2015-09-05 22:46 - 00000000 ____D C:\ProgramData\GlarySoft
2015-09-05 22:41 - 2015-09-05 22:41 - 00003768 _____ C:\Windows\System32\Tasks\GlaryOneClickOptimizer 5
2015-09-05 22:39 - 2015-09-15 22:36 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-09-05 22:39 - 2015-09-05 22:42 - 00003304 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-09-05 22:39 - 2015-09-05 22:42 - 00002968 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2015-09-05 22:39 - 2015-09-05 22:42 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-09-05 22:39 - 2015-09-05 22:39 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2015-09-05 22:39 - 2015-09-05 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-09-05 22:02 - 2004-08-18 10:34 - 00442368 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-09-05 22:00 - 2012-03-14 23:10 - 00000000 ____D C:\Users\Jan\Documents\Electronic Arts
2015-09-04 15:00 - 2015-09-05 11:16 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-09-04 14:59 - 2015-09-08 13:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-09-04 14:59 - 2015-09-04 14:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-04 14:50 - 2015-09-14 00:50 - 00000000 ____D C:\Users\Jan\Desktop\Fotky, obrázky
2015-09-04 14:49 - 2015-09-09 20:42 - 00000000 ____D C:\Users\Jan\Desktop\Hry
2015-09-04 14:24 - 2015-09-05 12:16 - 00000000 ____D C:\Users\Jan\Documents\ManiaPlanet
2015-09-04 14:24 - 2015-09-05 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
2015-09-04 14:24 - 2015-09-04 14:24 - 00001293 _____ C:\Users\Public\Desktop\ManiaPlanet.lnk
2015-09-04 14:23 - 2015-09-05 12:03 - 00000000 ____D C:\ProgramData\ManiaPlanet
2015-09-04 14:23 - 2015-09-04 14:23 - 00000000 ____D C:\Program Files (x86)\ManiaPlanet
2015-09-04 09:16 - 2015-09-04 09:16 - 00003276 _____ C:\Windows\System32\Tasks\Win Update
2015-09-04 09:14 - 2015-09-04 09:14 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-04 09:14 - 2015-09-04 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-04 08:56 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-09-04 08:56 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-09-04 08:56 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-09-04 08:56 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-09-04 08:56 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-09-04 08:56 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-09-04 08:56 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-09-04 08:50 - 2015-09-04 14:20 - 00000000 ____D C:\Games
2015-09-04 08:49 - 2015-09-04 11:55 - 00000000 ____D C:\Users\Jan\Downloads\The Sims 4 Digital Deluxe Edition v1.10.57.1020 [+All DLCs] [+All Languages] [+Outdoor Retreat & Get to Work & Luxury Party & Spa Day & Perfect Patio Stuff & Cool Kitchen Stuff] [BuZeR]
2015-09-03 14:08 - 2015-09-15 08:59 - 00000000 ____D C:\Users\Jan\Desktop\instalačky
2015-09-02 15:14 - 2015-09-04 14:49 - 00000000 ____D C:\Users\Jan\Desktop\neura
2015-08-30 01:12 - 2015-09-13 22:40 - 00000000 ____D C:\Users\Jan\Desktop\Filmy
2015-08-18 14:54 - 2015-08-18 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

DrummTekk · Příspěvekod **DrummTekk** » 16 zář 2015 00:58

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 22:36 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-15 22:21 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-15 20:06 - 2015-07-28 10:28 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2359608370-521826302-2152580262-1001
2015-09-15 19:40 - 2015-07-28 10:33 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{558A39E1-F698-4289-86A0-E3B57E77FC6A}
2015-09-15 17:57 - 2015-07-28 16:13 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-15 13:59 - 2014-11-21 06:53 - 01749406 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-15 13:59 - 2014-11-21 06:10 - 00740962 _____ C:\Windows\system32\perfh005.dat
2015-09-15 13:59 - 2014-11-21 06:10 - 00152146 _____ C:\Windows\system32\perfc005.dat
2015-09-15 09:04 - 2013-08-22 16:45 - 00000000 ____D C:\Windows\Setup
2015-09-15 08:31 - 2015-08-03 22:46 - 00000000 ____D C:\Users\Jan\Documents\TmForever
2015-09-14 23:42 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\IME
2015-09-14 23:39 - 2015-07-28 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-14 23:39 - 2015-07-28 16:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 21:08 - 2015-07-28 16:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-09-13 19:06 - 2015-07-28 16:15 - 00000000 ____D C:\Users\Jan\Desktop\Programy
2015-09-12 21:48 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-11 15:44 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-09-11 14:53 - 2015-07-28 23:22 - 00000000 ____D C:\Users\Jan\AppData\Local\Google
2015-09-11 11:49 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-10 12:58 - 2015-08-05 20:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 12:57 - 2015-08-05 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-10 08:20 - 2015-07-28 11:12 - 00000000 ____D C:\Windows\Panther
2015-09-09 20:41 - 2015-07-28 13:55 - 00000000 ____D C:\Users\Jan\Desktop\škola VOŠ
2015-09-09 16:56 - 2015-07-28 16:46 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-09-09 14:37 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-09-09 12:11 - 2015-08-03 22:43 - 00000000 ____D C:\Program Files (x86)\TmNationsForever
2015-09-09 12:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-09 11:21 - 2013-08-22 16:44 - 00487448 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 11:17 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 11:09 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-09 09:40 - 2014-11-21 06:34 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 09:38 - 2015-07-28 11:03 - 00000000 ____D C:\Windows\system32\MRT
2015-09-06 09:20 - 2015-07-28 10:23 - 00001327 _____ C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-05 23:00 - 2015-08-09 15:36 - 00000000 ____D C:\2-click run
2015-09-05 22:02 - 2015-07-28 16:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-04 14:59 - 2015-08-05 18:30 - 00000000 ____D C:\ProgramData\Adobe
2015-09-04 14:53 - 2015-07-28 16:47 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-09-04 09:14 - 2015-07-28 17:42 - 00000000 ____D C:\Program Files (x86)\winrar
2015-08-26 18:37 - 2015-07-28 11:03 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-21 17:06 - 2015-07-28 10:22 - 00000000 ____D C:\Users\Jan

Some files in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\7za.exe
C:\Users\Jan\AppData\Local\Temp\DaS_21.exe
C:\Users\Jan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jan\AppData\Local\Temp\hijackthis.exe
C:\Users\Jan\AppData\Local\Temp\NirCmd.exe
C:\Users\Jan\AppData\Local\Temp\PEVZ.EXE
C:\Users\Jan\AppData\Local\Temp\remove.exe
C:\Users\Jan\AppData\Local\Temp\sed.exe
C:\Users\Jan\AppData\Local\Temp\shortcut.exe
C:\Users\Jan\AppData\Local\Temp\sqlite3.dll
C:\Users\Jan\AppData\Local\Temp\swreg.exe
C:\Users\Jan\AppData\Local\Temp\swxcacls.exe
C:\Users\Jan\AppData\Local\Temp\wget.exe
C:\Users\Jan\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

DrummTekk · Příspěvekod **DrummTekk** » 16 zář 2015 00:59

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Jan (2015-09-15 22:41:33)
Running from C:\Users\Jan\Desktop
Windows 8.1 (X64) (2015-07-28 08:22:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2359608370-521826302-2152580262-500 - Administrator - Disabled)
Guest (S-1-5-21-2359608370-521826302-2152580262-501 - Limited - Disabled)
Jan (S-1-5-21-2359608370-521826302-2152580262-1001 - Administrator - Enabled) => C:\Users\Jan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Balíček ovladače systému Windows - Broadcom Corporation (bcbtums) Bluetooth (08/30/2013 12.0.0.7820) (HKLM\...\387B04B8E8D5C129D6C12DFF084F1554A3AC3D58) (Version: 08/30/2013 12.0.0.7820 - Broadcom Corporation)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Glary Utilities PRO 5.33 (HKLM-x32\...\Glary Utilities 5) (Version: 5.33.0.53 - Glarysoft Ltd)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP 3D DriveGuard (HKLM\...\{EE6D6D5E-539C-44B6-BEF0-AA7C20DE170B}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{9327D2D1-A0F2-4B33-AA57-0EA3D40054E6}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.5.1006 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware verze 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version: - Nadeo)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Opera Stable 31.0.1889.174 (HKLM-x32\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Ralink Bluetooth Stack (HKLM\...\{49AA3AFC-37F9-94C8-BFC6-43E7DCE88C77}) (Version: 11.0.752.0 - Mediatek)
RegCure Pro v3.1.3 Final (Activated) Full (HKLM-x32\...\RegCure Pro v3.1.3 Final (Activated) Full) (Version: (Activated) Full - S.P.D.) <==== ATTENTION
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
The Sims 3.Gold Edition.v 16.0.136 + Store (HKLM-x32\...\The Sims 3.Gold Edition.v 16.0.136 + Store_is1) (Version: The Sims 3.Gold Edition.v 16.0.136 + Store - Repack by Fenixx (17.11.2012))
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
Unity Web Player (HKU\S-1-5-21-2359608370-521826302-2152580262-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
CENZURA Pro YTD 4.8.1.0 Final (HKLM-x32\...\CENZURA Pro YTD 4.8.1.0 Final4.8.1.0) (Version: 4.8.1.0 - Friends in War)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

13-09-2015 17:50:55 Naplánovaný kontrolní bod
15-09-2015 17:53:39 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-09-15 22:32 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E91E2FA-A00D-4F41-A039-17AEC4AA3502} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {10CA8334-5F59-4CA0-B504-319680852AB0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {1AB1CBDE-3730-448D-85A7-C64F73AB360E} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-08-31] (Glarysoft Ltd)
Task: {314C5972-1410-4473-98B6-4C361E88AAAA} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {4942677A-F9E1-4769-9FAD-0E5834BBF36F} - System32\Tasks\AV Updater Task => C:\Program Files (x86)\AV Updater\AVUpdater.exe [2015-09-08] (Secure Updater)
Task: {6A31EBA2-03D3-4095-A55A-3515EE4B8D7D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-09-13] (Adobe Systems Incorporated)
Task: {75BE4853-D71A-468C-8EF1-04A15120158B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {7DAECBC6-9FE6-4906-87D8-EE0C4A35A77F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {82BD5FE2-3036-42A5-9F5C-55C04F922E7A} - \Jelbruss Secure Web Task -> No File <==== ATTENTION
Task: {89ED2796-7D6F-4BBC-943A-5DCC03DA2E32} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-08-31] (Glarysoft Ltd)
Task: {9453A9EE-8396-4057-98ED-792CAF7CEC01} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-08-31] (Glarysoft Ltd)
Task: {9D959261-5715-48F2-8DDB-723E2DDA0135} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-13] (Adobe Systems Incorporated)
Task: {B5F748FC-FAB6-4484-BC21-2259FB599E51} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
Task: {C6233BC6-69E9-4347-AE40-405EB97ED8C7} - System32\Tasks\Opera scheduled Autoupdate 1441570174 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-17] (Opera Software)
Task: {D1537D00-4ACC-41A6-8B21-2F739D78BF53} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {F899794D-BB41-4D34-880B-50E16E431286} - System32\Tasks\Win Update => C:\Users\Jan\AppData\Roaming\Win Update\Win Update.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-08-31 08:17 - 2015-08-31 08:17 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-09-06 22:09 - 2015-08-17 17:01 - 58600568 _____ () C:\Program Files (x86)\Opera\31.0.1889.174\opera.dll
2015-09-06 22:09 - 2015-08-17 17:01 - 01781368 _____ () C:\Program Files (x86)\Opera\31.0.1889.174\libglesv2.dll
2015-09-06 22:09 - 2015-08-17 17:01 - 00081528 _____ () C:\Program Files (x86)\Opera\31.0.1889.174\libegl.dll
2015-08-05 15:55 - 2015-08-05 15:55 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\4a948ae8c1d5d288220edf3f0b4178ee\PSIClient.ni.dll
2015-07-28 10:46 - 2013-01-14 23:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2359608370-521826302-2152580262-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jan\Desktop\Fotky, obrázky\46103_147908518563124_5618584_n.jpg
DNS Servers: 192.168.20.1 - 194.228.41.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2359608370-521826302-2152580262-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F417B041-BB94-4206-8199-5718D084F5BF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F2CDC87D-18BC-469F-BED6-77F1CFD29777}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{059C6258-CC78-4694-8C83-17F0C0835263}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{AF97F1A1-49DD-4DDC-944E-A19061E40338}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0F6B58E8-F6BA-4964-8F8C-B4FB5D25C9C3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{94A7A13A-A86E-41A2-8E2B-FEE989753B72}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E2B5569A-71F0-4B09-917E-101D71E85900}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A74463BD-BA21-45DF-A77B-778C07A8D657}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{86E3EC43-073C-4645-AD54-A12DD3EEA6C8}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{5238CAE5-FA6B-4354-990D-50E24FF649E1}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{1347DB91-327E-4B24-ACB4-D3AFCBC202B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{92F70598-BD17-4839-8CE6-807A16D04823}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5816AF7A-2124-427E-9863-AB9A3064C14C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{71C6414B-D59A-4C4A-BB3F-12F496C10641}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{C3539A1B-74B4-4262-8150-10C6BAB1BFBE}C:\games\trackmania 2\maniaplanet.exe] => (Allow) C:\games\trackmania 2\maniaplanet.exe
FirewallRules: [UDP Query User{FCF35893-CD7B-413E-8882-2708E6E3B693}C:\games\trackmania 2\maniaplanet.exe] => (Allow) C:\games\trackmania 2\maniaplanet.exe
FirewallRules: [TCP Query User{D99F3D7D-2945-4561-8E51-7C4B572A34E8}C:\program files (x86)\maniaplanet\trackmania valley\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\trackmania valley\maniaplanet.exe
FirewallRules: [UDP Query User{B6E22647-1E6A-4D82-B3D1-BE4DF9FFB3F5}C:\program files (x86)\maniaplanet\trackmania valley\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\trackmania valley\maniaplanet.exe
FirewallRules: [{DCDBCFE5-AB08-4105-89DE-6CA7AD1CC16A}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{CBED71F2-BF8F-4B94-A749-CD3AAFF3B94C}] => (Allow) C:\Users\Jan\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{0EB831A9-6264-4953-92FF-1B18FB53A69E}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{78C98484-B0FC-47C3-A6DF-0D51DF12EC0B}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{062BE696-F236-4040-BCE6-7F07066FE1F4}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{508E55AB-8D85-41D3-95F9-136039DCCF94}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [TCP Query User{0032D710-1805-4CCE-A59B-E8AE5C0CC98A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8723FF8F-8783-4647-8502-CB195490A29A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{9BE264CE-0BFE-4BEA-AA52-9C9DD9FF734E}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{D5FBB4E6-E26F-4504-BC6C-8FFA35BE1B79}] => (Allow) C:\Users\Jan\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{4A849D2F-19D9-48BF-8792-0C04A132B814}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{29D12335-90E6-43C4-9D4B-1B1043759312}] => (Allow) C:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{FD7577E9-00AB-4428-B603-BA770F7EEFA1}] => (Allow) C:\IQIYI Video\LStyle\QyMiniPlayer.exe
FirewallRules: [{960638F3-D6A1-43F5-9205-40183A3937AC}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [TCP Query User{0067E5FC-58CF-4509-9DDE-8C24EC32356B}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{DE5D5E5C-72E1-4152-B2A6-BDE17F68734E}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{E97C6802-BD56-4403-9F8E-0A6E7831FBB8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2287F642-3D15-4689-9D46-5422104D00A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{39A8C7F1-CFB2-43D4-8293-45DE85B2E026}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C0C2B2DE-2161-41F0-B642-3591273C9529}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2015 11:02:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GWXUX.exe, verze: 6.3.9600.17924, časové razítko: 0x55959290
Název chybujícího modulu: ntdll.dll, verze: 6.3.9600.17936, časové razítko: 0x55a68e0c
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003d86e
ID chybujícího procesu: 0x1188
Čas spuštění chybující aplikace: 0xGWXUX.exe0
Cesta k chybující aplikaci: GWXUX.exe1
Cesta k chybujícímu modulu: GWXUX.exe2
ID zprávy: GWXUX.exe3
Úplný název chybujícího balíčku: GWXUX.exe4
ID aplikace související s chybujícím balíčkem: GWXUX.exe5

Error: (09/14/2015 04:18:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: jswtask.exe, verze: 1.1.8.6, časové razítko: 0x55f15df5
Název chybujícího modulu: jswtask.exe, verze: 1.1.8.6, časové razítko: 0x55f15df5
Kód výjimky: 0xc0000409
Posun chyby: 0x00028763
ID chybujícího procesu: 0x2324
Čas spuštění chybující aplikace: 0xjswtask.exe0
Cesta k chybující aplikaci: jswtask.exe1
Cesta k chybujícímu modulu: jswtask.exe2
ID zprávy: jswtask.exe3
Úplný název chybujícího balíčku: jswtask.exe4
ID aplikace související s chybujícím balíčkem: jswtask.exe5

Error: (09/14/2015 04:18:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: jswff.exe, verze: 1.1.8.6, časové razítko: 0x55f15dee
Název chybujícího modulu: jswff.exe, verze: 1.1.8.6, časové razítko: 0x55f15dee
Kód výjimky: 0xc0000409
Posun chyby: 0x0001f624
ID chybujícího procesu: 0x1cd4
Čas spuštění chybující aplikace: 0xjswff.exe0
Cesta k chybující aplikaci: jswff.exe1
Cesta k chybujícímu modulu: jswff.exe2
ID zprávy: jswff.exe3
Úplný název chybujícího balíčku: jswff.exe4
ID aplikace související s chybujícím balíčkem: jswff.exe5

Error: (09/13/2015 05:43:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: atieclxx.exe, verze: 6.14.11.1199, časové razítko: 0x55c01e59
Název chybujícího modulu: ntdll.dll, verze: 6.3.9600.17936, časové razítko: 0x55a68e0c
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000f1280
ID chybujícího procesu: 0xed4
Čas spuštění chybující aplikace: 0xatieclxx.exe0
Cesta k chybující aplikaci: atieclxx.exe1
Cesta k chybujícímu modulu: atieclxx.exe2
ID zprávy: atieclxx.exe3
Úplný název chybujícího balíčku: atieclxx.exe4
ID aplikace související s chybujícím balíčkem: atieclxx.exe5

Error: (09/12/2015 10:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TS3W.exe, verze: 0.2.0.190, časové razítko: 0x50653464
Název chybujícího modulu: TS3W.exe, verze: 0.2.0.190, časové razítko: 0x50653464
Kód výjimky: 0xc0000005
Posun chyby: 0x00738c7a
ID chybujícího procesu: 0x860
Čas spuštění chybující aplikace: 0xTS3W.exe0
Cesta k chybující aplikaci: TS3W.exe1
Cesta k chybujícímu modulu: TS3W.exe2
ID zprávy: TS3W.exe3
Úplný název chybujícího balíčku: TS3W.exe4
ID aplikace související s chybujícím balíčkem: TS3W.exe5

Error: (09/12/2015 03:07:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: jswff.exe, verze: 1.1.8.6, časové razítko: 0x55f15dee
Název chybujícího modulu: jswff.exe, verze: 1.1.8.6, časové razítko: 0x55f15dee
Kód výjimky: 0xc0000409
Posun chyby: 0x0001f624
ID chybujícího procesu: 0xd90
Čas spuštění chybující aplikace: 0xjswff.exe0
Cesta k chybující aplikaci: jswff.exe1
Cesta k chybujícímu modulu: jswff.exe2
ID zprávy: jswff.exe3
Úplný název chybujícího balíčku: jswff.exe4
ID aplikace související s chybujícím balíčkem: jswff.exe5

Error: (09/11/2015 11:56:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mlwps.exe, verze: 1.0.8.0, časové razítko: 0x55d830db
Název chybujícího modulu: mlwps.exe, verze: 1.0.8.0, časové razítko: 0x55d830db
Kód výjimky: 0xc0000409
Posun chyby: 0x00026710
ID chybujícího procesu: 0x6bc
Čas spuštění chybující aplikace: 0xmlwps.exe0
Cesta k chybující aplikaci: mlwps.exe1
Cesta k chybujícímu modulu: mlwps.exe2
ID zprávy: mlwps.exe3
Úplný název chybujícího balíčku: mlwps.exe4
ID aplikace související s chybujícím balíčkem: mlwps.exe5

Error: (09/11/2015 02:55:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: jswff.exe, verze: 1.1.8.6, časové razítko: 0x55f15dee
Název chybujícího modulu: jswff.exe, verze: 1.1.8.6, časové razítko: 0x55f15dee
Kód výjimky: 0xc0000409
Posun chyby: 0x0001f624
ID chybujícího procesu: 0x14fc
Čas spuštění chybující aplikace: 0xjswff.exe0
Cesta k chybující aplikaci: jswff.exe1
Cesta k chybujícímu modulu: jswff.exe2
ID zprávy: jswff.exe3
Úplný název chybujícího balíčku: jswff.exe4
ID aplikace související s chybujícím balíčkem: jswff.exe5

Error: (09/10/2015 06:32:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: hp_up_53523222.exe, verze: 1.1.8.6, časové razítko: 0x55f15dfe
Název chybujícího modulu: hp_up_53523222.exe, verze: 1.1.8.6, časové razítko: 0x55f15dfe
Kód výjimky: 0xc0000409
Posun chyby: 0x00052210
ID chybujícího procesu: 0xe20
Čas spuštění chybující aplikace: 0xhp_up_53523222.exe0
Cesta k chybující aplikaci: hp_up_53523222.exe1
Cesta k chybujícímu modulu: hp_up_53523222.exe2
ID zprávy: hp_up_53523222.exe3
Úplný název chybujícího balíčku: hp_up_53523222.exe4
ID aplikace související s chybujícím balíčkem: hp_up_53523222.exe5

Error: (09/10/2015 01:00:26 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

System errors:
=============
Error: (09/15/2015 08:26:00 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/15/2015 08:25:07 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/15/2015 05:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Management and Security Application User Notification Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 05:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) ME Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 05:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Support Solutions Framework Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 05:54:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 05:54:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 05:54:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Capability Licensing Service Interface byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (09/15/2015 05:54:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 05:54:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

CodeIntegrity:
===================================
Date: 2015-09-15 14:03:38.157
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 15:39:07.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-11 09:09:07.839
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:30:31.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-08 08:20:29.196
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-07 15:32:02.829
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-05 11:20:12.339
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-22 14:39:40.600
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-18 19:14:25.698
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-15 12:44:00.540
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B980 @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3979.05 MB
Available physical RAM: 2510.64 MB
Total Virtual: 5451.05 MB
Available Virtual: 3776.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.12 GB) (Free:538.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================

LastRegBack: 2015-09-10 08:27

==================== End of FRST.txt ============================

Příspěvekod **jaro3** » 16 zář 2015 09:10

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\S-1-5-21-2359608370-521826302-2152580262-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
C:\Users\Jan\AppData\Local\Temp\7za.exe
C:\Users\Jan\AppData\Local\Temp\DaS_21.exe
C:\Users\Jan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jan\AppData\Local\Temp\hijackthis.exe
C:\Users\Jan\AppData\Local\Temp\NirCmd.exe
C:\Users\Jan\AppData\Local\Temp\PEVZ.EXE
C:\Users\Jan\AppData\Local\Temp\remove.exe
C:\Users\Jan\AppData\Local\Temp\sed.exe
C:\Users\Jan\AppData\Local\Temp\shortcut.exe
C:\Users\Jan\AppData\Local\Temp\sqlite3.dll
C:\Users\Jan\AppData\Local\Temp\swreg.exe
C:\Users\Jan\AppData\Local\Temp\swxcacls.exe
C:\Users\Jan\AppData\Local\Temp\wget.exe
C:\Users\Jan\AppData\Local\Temp\zoek-delete.exe
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
RegCure Pro v3.1.3 Final (Activated) Full (HKLM-x32\...\RegCure Pro v3.1.3 Final (Activated) Full) (Version: (Activated) Full - S.P.D.) <==== ATTENTION
Task: {82BD5FE2-3036-42A5-9F5C-55C04F922E7A} - \Jelbruss Secure Web Task -> No File <==== ATTENTION
HKU\S-1-5-21-2359608370-521826302-2152580262-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

RegCure Pro asi není legální ne? Odinstaluj .

Odinstaluj:
Jelbrus Secure Web:
http://rescueyourcomputer.blogspot.cz/2 ... b-get.html

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Users\Jan\AppData\Roaming\Win Update\Win Update.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe

SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

a ulož si ho na plochu.

Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:

Kód: Vybrat vše

:filefind
mlwps.exe.*

Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.

Kontrola logu - zasekaný počítač a vyskakující reklamy

Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Re: Kontrola logu - zasekaný počítač a vyskakující reklamy

Kdo je online