RogueKiller V10.6.5.0 (x64) [May 20 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : koryt_000 [Práva správce]
Started from : C:\Users\koryt_000.ROMCA-PC\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 05/24/2015 10:27:17
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 13 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Smazáno
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Smazáno
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : ->
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 212.80.70.2 212.80.66.7 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 212.80.70.2 212.80.66.7 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E90C8D31-48F9-4616-9D3D-6DE6AD9AC1C4} | DhcpNameServer : 212.80.70.2 212.80.66.7 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E90C8D31-48F9-4616-9D3D-6DE6AD9AC1C4} | DhcpNameServer : 212.80.70.2 212.80.66.7 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 59ad4b678f2a99323db1dfd807292081
[BSP] 1c12862f62961117fd352e6a8dfd4f2e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 695042 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1425143808 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1426065408 | Size: 19083 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_05232015_225147.log - RKreport_SCN_05242015_102549.log
AdBlocker Vyřešeno
Re: AdBlocker
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by koryt_000 on ne 24. 05. 2015 at 10:30:21,76.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\koryt_000.ROMCA-PC\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
24. 5. 2015 10:31:58 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\LighterSystem deleted successfully
C:\PROGRA~2\Symantec deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\GHISLER deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\LighterSystem not found
C:\PROGRA~3\16802787919982900277 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\93238.msi" deleted
==== Chromium Look ======================
Facebook Unseen - koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof
Bookmark Manager - koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Solitaire - Romana S\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkelcbhdkpcdiiancfjhjcpdinbbfolp
Bookmark Manager DEV - Romana S\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Patr - Pats Flickr App - Romana S\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplbmjolljikncjboeofgmjoaacheemi
Facebook Unseen - KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof
Bookmark Manager - KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
==== Chromium Startpages ======================
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
ime":"8F10E57FFB925E3C6E9AC7ED5B12713E164781B1BA616D9A53261B667E31E287"},"profile":{"reset_prompt_memento":"8EFCCCD584EA3ECB14246C21510C1F1825DDDA3687B1AF94F07C80314A6D0F65"},"safebrowsing":{"incidents_sent":"0CE5383487A9195476E043D530AB2C4D99D51CDEABD4DC7C26EBA63D631BCE1E"},"search_provider_overrides":"737FA4A02AE5B03A01EC126F2F18A2575EB8518A283BD858C2DF8DF5C2B646A6","session":{"restore_on_startup":"3C75569CF987FFEFF356245E06F83662CF6CCA33950D924249A13B039931BC97","startup_urls":"CF7100F9CE60A2EF78B806637E921A1BD7C1D4E27C862B70918F01B9D9C1B6CB"},"software_reporter":{"prompt_reason":"80F871337DBADDBE0AB824EFA86FBECD06B13B0FB0C7B02F6944F504A235C7DE","prompt_seed":"2D95A6D4B930515FE468F98F05A5C9CBFF50D68D0FC929389F867A13FEFBC5E9","prompt_version":"C82CB94BD9DF3D4C2212E82C7E15999F402B75782B071E7D5D3D2FC442793827"},"sync":{"remaining_rollback_tries":"650A64944DD0C82AE2B2B5268E69CDE5A72E2845DE0EFCC0A8B73C963DAE5F1D"}},"super_mac":"FFE9D5929F3EB9CF7B7E0E72BB14EC1869C644C69256FF2D8C5EC5D9C048667A"},"session":{"restore_on_startup":5,"startup_urls":["http://istart.webssearches.com/?type=hp&ts=1417869283&from=cvs&uid=WDCXWD1600JS-55NCB1_WD-WCANMA40221602216","http://istart.webssearches.com/?type=hppp&ts=1417869312&from=cvs&uid=WDCXWD1600JS","http://start.atarata.cz/"]},"sync":{"remaining_rollback_tries":0}}
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Preferences
ime":"8F10E57FFB925E3C6E9AC7ED5B12713E164781B1BA616D9A53261B667E31E287"},"profile":{"reset_prompt_memento":"8EFCCCD584EA3ECB14246C21510C1F1825DDDA3687B1AF94F07C80314A6D0F65"},"safebrowsing":{"incidents_sent":"0CE5383487A9195476E043D530AB2C4D99D51CDEABD4DC7C26EBA63D631BCE1E"},"search_provider_overrides":"737FA4A02AE5B03A01EC126F2F18A2575EB8518A283BD858C2DF8DF5C2B646A6","session":{"restore_on_startup":"3C75569CF987FFEFF356245E06F83662CF6CCA33950D924249A13B039931BC97","startup_urls":"CF7100F9CE60A2EF78B806637E921A1BD7C1D4E27C862B70918F01B9D9C1B6CB"},"software_reporter":{"prompt_reason":"80F871337DBADDBE0AB824EFA86FBECD06B13B0FB0C7B02F6944F504A235C7DE","prompt_seed":"2D95A6D4B930515FE468F98F05A5C9CBFF50D68D0FC929389F867A13FEFBC5E9","prompt_version":"C82CB94BD9DF3D4C2212E82C7E15999F402B75782B071E7D5D3D2FC442793827"},"sync":{"remaining_rollback_tries":"650A64944DD0C82AE2B2B5268E69CDE5A72E2845DE0EFCC0A8B73C963DAE5F1D"}},"super_mac":"FFE9D5929F3EB9CF7B7E0E72BB14EC1869C644C69256FF2D8C5EC5D9C048667A"},"session":{"restore_on_startup":5,"startup_urls":["http://istart.webssearches.com/?type=hp&ts=1417869283&from=cvs&uid=WDCXWD1600JS-55NCB1_WD-WCANMA40221602216","http://istart.webssearches.com/?type=hppp&ts=1417869312&from=cvs&uid=WDCXWD1600JS","http://start.atarata.cz/"]},"sync":{"remaining_rollback_tries":0}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSE1"
"Old Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSE1"
"Old Start Page"="http://www.msn.com/?pc=MSE1"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0B0895E0-84C5-4347-B38E-4723121138BD} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0B0895E0-84C5-4347-B38E-4723121138BD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0B0895E0-84C5-4347-B38E-4723121138BD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B0895E0-84C5-4347-B38E-4723121138BD} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=10 folders=2 3969032 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\Romana S\AppData\Local\Temp emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\KORYT_~1.ROM\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on ne 24. 05. 2015 at 10:51:16,84 ======================
Tool run by koryt_000 on ne 24. 05. 2015 at 10:30:21,76.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\koryt_000.ROMCA-PC\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
24. 5. 2015 10:31:58 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\LighterSystem deleted successfully
C:\PROGRA~2\Symantec deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\GHISLER deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\LighterSystem not found
C:\PROGRA~3\16802787919982900277 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\93238.msi" deleted
==== Chromium Look ======================
Facebook Unseen - koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof
Bookmark Manager - koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Solitaire - Romana S\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkelcbhdkpcdiiancfjhjcpdinbbfolp
Bookmark Manager DEV - Romana S\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Patr - Pats Flickr App - Romana S\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplbmjolljikncjboeofgmjoaacheemi
Facebook Unseen - KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof
Bookmark Manager - KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
==== Chromium Startpages ======================
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
ime":"8F10E57FFB925E3C6E9AC7ED5B12713E164781B1BA616D9A53261B667E31E287"},"profile":{"reset_prompt_memento":"8EFCCCD584EA3ECB14246C21510C1F1825DDDA3687B1AF94F07C80314A6D0F65"},"safebrowsing":{"incidents_sent":"0CE5383487A9195476E043D530AB2C4D99D51CDEABD4DC7C26EBA63D631BCE1E"},"search_provider_overrides":"737FA4A02AE5B03A01EC126F2F18A2575EB8518A283BD858C2DF8DF5C2B646A6","session":{"restore_on_startup":"3C75569CF987FFEFF356245E06F83662CF6CCA33950D924249A13B039931BC97","startup_urls":"CF7100F9CE60A2EF78B806637E921A1BD7C1D4E27C862B70918F01B9D9C1B6CB"},"software_reporter":{"prompt_reason":"80F871337DBADDBE0AB824EFA86FBECD06B13B0FB0C7B02F6944F504A235C7DE","prompt_seed":"2D95A6D4B930515FE468F98F05A5C9CBFF50D68D0FC929389F867A13FEFBC5E9","prompt_version":"C82CB94BD9DF3D4C2212E82C7E15999F402B75782B071E7D5D3D2FC442793827"},"sync":{"remaining_rollback_tries":"650A64944DD0C82AE2B2B5268E69CDE5A72E2845DE0EFCC0A8B73C963DAE5F1D"}},"super_mac":"FFE9D5929F3EB9CF7B7E0E72BB14EC1869C644C69256FF2D8C5EC5D9C048667A"},"session":{"restore_on_startup":5,"startup_urls":["http://istart.webssearches.com/?type=hp&ts=1417869283&from=cvs&uid=WDCXWD1600JS-55NCB1_WD-WCANMA40221602216","http://istart.webssearches.com/?type=hppp&ts=1417869312&from=cvs&uid=WDCXWD1600JS","http://start.atarata.cz/"]},"sync":{"remaining_rollback_tries":0}}
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Preferences
ime":"8F10E57FFB925E3C6E9AC7ED5B12713E164781B1BA616D9A53261B667E31E287"},"profile":{"reset_prompt_memento":"8EFCCCD584EA3ECB14246C21510C1F1825DDDA3687B1AF94F07C80314A6D0F65"},"safebrowsing":{"incidents_sent":"0CE5383487A9195476E043D530AB2C4D99D51CDEABD4DC7C26EBA63D631BCE1E"},"search_provider_overrides":"737FA4A02AE5B03A01EC126F2F18A2575EB8518A283BD858C2DF8DF5C2B646A6","session":{"restore_on_startup":"3C75569CF987FFEFF356245E06F83662CF6CCA33950D924249A13B039931BC97","startup_urls":"CF7100F9CE60A2EF78B806637E921A1BD7C1D4E27C862B70918F01B9D9C1B6CB"},"software_reporter":{"prompt_reason":"80F871337DBADDBE0AB824EFA86FBECD06B13B0FB0C7B02F6944F504A235C7DE","prompt_seed":"2D95A6D4B930515FE468F98F05A5C9CBFF50D68D0FC929389F867A13FEFBC5E9","prompt_version":"C82CB94BD9DF3D4C2212E82C7E15999F402B75782B071E7D5D3D2FC442793827"},"sync":{"remaining_rollback_tries":"650A64944DD0C82AE2B2B5268E69CDE5A72E2845DE0EFCC0A8B73C963DAE5F1D"}},"super_mac":"FFE9D5929F3EB9CF7B7E0E72BB14EC1869C644C69256FF2D8C5EC5D9C048667A"},"session":{"restore_on_startup":5,"startup_urls":["http://istart.webssearches.com/?type=hp&ts=1417869283&from=cvs&uid=WDCXWD1600JS-55NCB1_WD-WCANMA40221602216","http://istart.webssearches.com/?type=hppp&ts=1417869312&from=cvs&uid=WDCXWD1600JS","http://start.atarata.cz/"]},"sync":{"remaining_rollback_tries":0}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSE1"
"Old Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSE1"
"Old Start Page"="http://www.msn.com/?pc=MSE1"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0B0895E0-84C5-4347-B38E-4723121138BD} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0B0895E0-84C5-4347-B38E-4723121138BD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0B0895E0-84C5-4347-B38E-4723121138BD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B0895E0-84C5-4347-B38E-4723121138BD} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Romana S\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=10 folders=2 3969032 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\koryt_000.ROMCA-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\Romana S\AppData\Local\Temp emptied successfully
C:\Users\KORYT_~1.ROM\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\KORYT_~1.ROM\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on ne 24. 05. 2015 at 10:51:16,84 ======================
Re: AdBlocker
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:25, on 24. 5. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Emsa Save My Work\SaveMyWork.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\koryt_000.ROMCA-PC\Downloads\hijackthis.exe
C:\Users\koryt_000.ROMCA-PC\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [mncoftomSrv] C:\WINDOWS\system32\mncoftom.vbe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SaveMyWork] C:\Program Files (x86)\Emsa Save My Work\SaveMyWork.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_CE08E836974801279FBA0FAA2E6B7887] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7077 bytes
Scan saved at 10:57:25, on 24. 5. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Emsa Save My Work\SaveMyWork.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\koryt_000.ROMCA-PC\Downloads\hijackthis.exe
C:\Users\koryt_000.ROMCA-PC\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [mncoftomSrv] C:\WINDOWS\system32\mncoftom.vbe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SaveMyWork] C:\Program Files (x86)\Emsa Save My Work\SaveMyWork.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_CE08E836974801279FBA0FAA2E6B7887] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7077 bytes
Re: AdBlocker
A co se mě týče, tak je asi vše v naprostém pořádku. Díky.
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: AdBlocker
Otestuj prosím na Virustotal tento soubor:
Odkaz na výsledek analýzy sem vlož
Kód: Vybrat vše
C:\WINDOWS\system32\mncoftom.vbeOdkaz na výsledek analýzy sem vlož
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: AdBlocker
Mám tento soubor umístěn jinde, výsledek analýzy by měl být zde:
https://www.virustotal.com/cs/file/6d12 ... 432490334/
snad to je správně.
https://www.virustotal.com/cs/file/6d12 ... 432490334/
snad to je správně.
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: AdBlocker
A v jakém umístění ho máš?
Ještě vypadá, že to OK není, takže pokračujeme:
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Ještě vypadá, že to OK není, takže pokračujeme:
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: AdBlocker
umístění je C:\Windows\sysWOW64\
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: AdBlocker
Dobře. Udělej teda ComboFix
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: AdBlocker
Combofix neudělám, mám Win8.1 a s touto verzí systému zatím neumí [Stream][/Stream]pracovat.
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: AdBlocker
Omlouvám se, moje chyba :/
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: AdBlocker
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by koryt_000 (administrator) on ROMCA-PC on 24-05-2015 22:04:04
Running from C:\Users\koryt_000.ROMCA-PC\Desktop
Loaded Profiles: koryt_000 (Available Profiles: Romana S & koryt_000)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(EMSA Systems) C:\Program Files (x86)\Emsa Save My Work\SaveMyWork.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2015-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [mncoftomSrv] => C:\WINDOWS\SysWOW64\mncoftom.vbe [7670 2014-03-05] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\...\Run: [uTorrent] => C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\uTorrent\utorrent.exe [416168 2015-02-22] (BitTorrent, Inc.)
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\...\Run: [SaveMyWork] => C:\Program Files (x86)\Emsa Save My Work\SaveMyWork.exe [471040 2004-12-12] (EMSA Systems)
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\...\Run: [GoogleChromeAutoLaunch_CE08E836974801279FBA0FAA2E6B7887] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.msn.com/?pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.80.70.2 212.80.66.7
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-24]
CHR Extension: (Google Wallet) - C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-05] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-11] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-05] (Dritek System Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-11] (Microsoft Corporation)
S1 icfsegiu; \??\C:\WINDOWS\system32\drivers\icfsegiu.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 22:04 - 2015-05-24 22:04 - 00009842 _____ () C:\Users\koryt_000.ROMCA-PC\Desktop\FRST.txt
2015-05-24 22:03 - 2015-05-24 22:04 - 00000000 ____D () C:\FRST
2015-05-24 22:03 - 2015-05-24 22:03 - 02108416 _____ (Farbar) C:\Users\koryt_000.ROMCA-PC\Downloads\FRST64.exe
2015-05-24 22:03 - 2015-05-24 22:03 - 02108416 _____ (Farbar) C:\Users\koryt_000.ROMCA-PC\Desktop\FRST64.exe
2015-05-24 21:17 - 2015-05-24 21:16 - 05627500 _____ (Swearware) C:\Users\koryt_000.ROMCA-PC\Desktop\ComboFix.exe
2015-05-24 21:15 - 2015-05-24 21:16 - 05627500 _____ (Swearware) C:\Users\koryt_000.ROMCA-PC\Downloads\ComboFix.exe
2015-05-24 20:55 - 2015-05-24 20:55 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Local\GHISLER
2015-05-24 20:49 - 2015-05-24 20:49 - 00000000 ____D () C:\ProgramData\Baidu
2015-05-24 11:30 - 2015-05-24 11:30 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1560035657-911311260-1851593216-1001
2015-05-24 10:57 - 2015-05-24 10:57 - 00007078 _____ () C:\Users\koryt_000.ROMCA-PC\Documents\hijackthis.log
2015-05-24 10:49 - 2015-05-24 10:30 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-05-24 10:31 - 2015-05-24 10:51 - 00012262 _____ () C:\zoek-results.log
2015-05-24 10:30 - 2015-05-24 10:50 - 00000000 ____D () C:\zoek_backup
2015-05-24 07:23 - 2015-05-24 07:23 - 00002287 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 07:23 - 2015-05-24 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-24 07:22 - 2015-05-24 21:39 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 07:22 - 2015-05-24 07:27 - 00003950 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 07:22 - 2015-05-24 07:27 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 07:22 - 2015-05-24 07:22 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Local\Deployment
2015-05-24 07:22 - 2015-05-24 07:22 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Local\Apps\2.0
2015-05-23 22:43 - 2015-05-24 10:19 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-23 22:43 - 2015-05-23 22:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-23 22:21 - 2015-05-23 22:31 - 00100374 _____ () C:\2v ypis.txt
2015-05-23 22:16 - 2015-05-24 21:44 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1560035657-911311260-1851593216-1003
2015-05-23 22:15 - 2015-05-23 22:15 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-ROMCA-PC-Windows-8.1-(64-bit).dat
2015-05-23 22:15 - 2015-05-23 22:15 - 00000000 ____D () C:\RegBackup
2015-05-23 21:13 - 2015-05-23 21:13 - 00100615 _____ () C:\vypis.txt
2015-05-23 20:30 - 2015-05-23 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 20:22 - 2015-05-23 21:28 - 00000000 ____D () C:\AdwCleaner
2015-05-23 19:25 - 2015-05-23 19:25 - 00001105 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-05-23 17:44 - 2015-05-23 17:44 - 00000000 _____ () C:\Users\koryt_000.ROMCA-PC\AppData\Local\Temp.dat
2015-05-23 17:20 - 2015-05-23 17:20 - 00000024 _____ () C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\appdataFr25.bin
2015-05-23 08:49 - 2015-05-23 08:49 - 00000024 _____ () C:\Users\Romana S\AppData\Roaming\appdataFr25.bin
2015-05-22 09:16 - 2015-05-22 09:16 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\Downloads\GSpot270a
2015-05-22 05:28 - 2015-05-22 05:28 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-05-16 16:56 - 2015-05-16 16:56 - 00284776 _____ () C:\WINDOWS\Minidump\051615-35046-01.dmp
2015-05-16 16:56 - 2015-05-16 16:56 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-16 16:55 - 2015-05-16 16:55 - 514616911 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-16 16:42 - 2015-05-16 16:52 - 00000000 ____D () C:\Program Files (x86)\Emsa Save My Work
2015-05-16 11:43 - 2015-05-16 11:43 - 00001158 _____ () C:\Users\Romana S\Desktop\kolotoč – zástupce.lnk
2015-05-16 11:42 - 2015-05-16 11:42 - 00451485 _____ () C:\Users\Romana S\Downloads\kolotoč.htm
2015-05-16 07:32 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 07:32 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 07:02 - 2015-05-16 07:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-05-16 07:02 - 2015-05-16 07:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-05-16 07:01 - 2015-05-16 07:01 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-05-14 19:46 - 2015-05-14 19:46 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Local\VS Revo Group
2015-05-13 14:48 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 14:48 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 06:29 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 06:29 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 06:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-05-13 06:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-05-13 06:26 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 06:26 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-05-13 06:26 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-05-13 06:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 06:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 06:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 06:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 06:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 06:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 06:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 06:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 06:24 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 06:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 06:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 06:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 06:24 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 06:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 06:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 06:24 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 06:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 06:24 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 06:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 06:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 06:24 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 06:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 06:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 06:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 06:24 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 06:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 06:24 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 06:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 06:24 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 06:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 06:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 06:24 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 06:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 06:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 06:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 06:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 06:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 06:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 06:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 06:22 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 06:22 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 06:22 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 06:22 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 06:22 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 21:05 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 21:04 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-05-12 21:04 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-05-12 21:01 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 21:01 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 21:01 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 21:01 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 21:01 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 21:01 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 21:01 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 21:01 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 21:01 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 21:00 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 21:00 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 21:00 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 21:00 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 20:58 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 20:57 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 20:57 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 20:57 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 20:56 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 20:56 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 20:56 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 20:56 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 20:56 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 20:56 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 20:56 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 20:56 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 20:56 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 20:55 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-05-12 20:55 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-05-12 20:55 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-05-12 19:48 - 2015-05-12 19:48 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-05-11 21:38 - 2015-05-11 21:38 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\WinRAR
2015-05-11 20:23 - 2015-05-24 19:44 - 00003982 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A7580D82-3B31-4A09-8B98-764EC8B2E8A1}
2015-05-11 20:23 - 2015-05-11 20:23 - 00000000 __SHD () C:\Users\Romana S\AppData\Local\EmieUserList
2015-05-11 20:23 - 2015-05-11 20:23 - 00000000 __SHD () C:\Users\Romana S\AppData\Local\EmieSiteList
2015-05-11 20:23 - 2015-05-11 20:23 - 00000000 __SHD () C:\Users\Romana S\AppData\Local\EmieBrowserModeList
2015-05-11 20:22 - 2015-05-11 20:22 - 00001434 _____ () C:\Users\Romana S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-11 20:22 - 2015-05-11 20:22 - 00000020 ___SH () C:\Users\Romana S\ntuser.ini
2015-05-11 18:30 - 2015-05-13 06:21 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-11 18:30 - 2015-05-11 18:30 - 00000000 __SHD () C:\Recovery
2015-05-11 18:28 - 2015-05-11 18:28 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-05-11 18:28 - 2015-05-11 18:28 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-05-11 18:26 - 2015-05-11 18:26 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-05-11 18:26 - 2015-05-11 18:26 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-05-11 18:26 - 2015-05-11 18:26 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-11 18:25 - 2015-05-11 18:25 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-05-11 18:25 - 2015-05-11 18:25 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-05-11 18:25 - 2015-05-11 18:25 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-11 18:25 - 2015-05-11 18:25 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-11 18:20 - 2015-05-24 21:40 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\OneDrive
2015-05-11 18:18 - 2015-05-24 19:44 - 00003986 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{61F012DB-754A-42CA-8E7A-BE0C2E0E5988}
2015-05-11 18:18 - 2015-05-11 18:18 - 00000000 __SHD () C:\Users\koryt_000.ROMCA-PC\AppData\Local\EmieUserList
2015-05-11 18:18 - 2015-05-11 18:18 - 00000000 __SHD () C:\Users\koryt_000.ROMCA-PC\AppData\Local\EmieSiteList
2015-05-11 18:18 - 2015-05-11 18:18 - 00000000 __SHD () C:\Users\koryt_000.ROMCA-PC\AppData\Local\EmieBrowserModeList
2015-05-11 18:14 - 2015-05-11 18:14 - 00001434 _____ () C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-11 18:14 - 2015-05-11 18:14 - 00000020 ___SH () C:\Users\koryt_000.ROMCA-PC\ntuser.ini
2015-05-11 18:12 - 2015-05-11 18:12 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-05-11 18:12 - 2015-05-11 18:12 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-05-11 18:12 - 2015-05-11 18:12 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-05-11 18:12 - 2015-05-11 18:12 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-05-11 18:11 - 2015-05-20 07:43 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-11 18:11 - 2015-05-20 07:43 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-11 18:11 - 2015-05-11 18:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-05-11 18:11 - 2015-05-11 18:11 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-05-11 18:11 - 2015-05-11 18:11 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-05-11 18:11 - 2015-05-11 18:11 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-05-11 18:10 - 2015-05-11 18:10 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-05-11 18:10 - 2015-05-11 18:10 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-05-11 18:10 - 2015-05-11 18:10 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-05-11 18:10 - 2015-05-11 18:10 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-05-11 18:10 - 2015-05-11 18:10 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-05-11 18:10 - 2015-05-11 18:10 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-05-11 18:10 - 2015-05-11 18:10 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-05-11 18:10 - 2015-05-11 18:10 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-05-11 18:10 - 2015-05-11 18:10 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-05-11 18:09 - 2015-05-24 21:15 - 01162048 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-11 18:09 - 2015-05-11 18:09 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-05-11 18:09 - 2015-05-11 18:09 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Public\Documents\Obrázky
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Public\Documents\Hudba
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Public\Documents\Filmy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Šablony
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Soubory cookie
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Poslední
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Okolní tiskárny
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Okolní síť
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Nabídka Start
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Dokumenty
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Documents\Obrázky
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Documents\Hudba
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Documents\Filmy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Data aplikací
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Data aplikací
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Obrázky
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Hudba
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Filmy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Data aplikací
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Šablony
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Plocha
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Nabídka Start
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Dokumenty
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Data aplikací
Ran by koryt_000 (administrator) on ROMCA-PC on 24-05-2015 22:04:04
Running from C:\Users\koryt_000.ROMCA-PC\Desktop
Loaded Profiles: koryt_000 (Available Profiles: Romana S & koryt_000)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(EMSA Systems) C:\Program Files (x86)\Emsa Save My Work\SaveMyWork.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2015-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [mncoftomSrv] => C:\WINDOWS\SysWOW64\mncoftom.vbe [7670 2014-03-05] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\...\Run: [uTorrent] => C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\uTorrent\utorrent.exe [416168 2015-02-22] (BitTorrent, Inc.)
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\...\Run: [SaveMyWork] => C:\Program Files (x86)\Emsa Save My Work\SaveMyWork.exe [471040 2004-12-12] (EMSA Systems)
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\...\Run: [GoogleChromeAutoLaunch_CE08E836974801279FBA0FAA2E6B7887] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1560035657-911311260-1851593216-1003\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.msn.com/?pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.80.70.2 212.80.66.7
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-24]
CHR Extension: (Google Wallet) - C:\Users\koryt_000.ROMCA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-05] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-11] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-05] (Dritek System Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-11] (Microsoft Corporation)
S1 icfsegiu; \??\C:\WINDOWS\system32\drivers\icfsegiu.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 22:04 - 2015-05-24 22:04 - 00009842 _____ () C:\Users\koryt_000.ROMCA-PC\Desktop\FRST.txt
2015-05-24 22:03 - 2015-05-24 22:04 - 00000000 ____D () C:\FRST
2015-05-24 22:03 - 2015-05-24 22:03 - 02108416 _____ (Farbar) C:\Users\koryt_000.ROMCA-PC\Downloads\FRST64.exe
2015-05-24 22:03 - 2015-05-24 22:03 - 02108416 _____ (Farbar) C:\Users\koryt_000.ROMCA-PC\Desktop\FRST64.exe
2015-05-24 21:17 - 2015-05-24 21:16 - 05627500 _____ (Swearware) C:\Users\koryt_000.ROMCA-PC\Desktop\ComboFix.exe
2015-05-24 21:15 - 2015-05-24 21:16 - 05627500 _____ (Swearware) C:\Users\koryt_000.ROMCA-PC\Downloads\ComboFix.exe
2015-05-24 20:55 - 2015-05-24 20:55 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Local\GHISLER
2015-05-24 20:49 - 2015-05-24 20:49 - 00000000 ____D () C:\ProgramData\Baidu
2015-05-24 11:30 - 2015-05-24 11:30 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1560035657-911311260-1851593216-1001
2015-05-24 10:57 - 2015-05-24 10:57 - 00007078 _____ () C:\Users\koryt_000.ROMCA-PC\Documents\hijackthis.log
2015-05-24 10:49 - 2015-05-24 10:30 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-05-24 10:31 - 2015-05-24 10:51 - 00012262 _____ () C:\zoek-results.log
2015-05-24 10:30 - 2015-05-24 10:50 - 00000000 ____D () C:\zoek_backup
2015-05-24 07:23 - 2015-05-24 07:23 - 00002287 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 07:23 - 2015-05-24 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-24 07:22 - 2015-05-24 21:39 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 07:22 - 2015-05-24 07:27 - 00003950 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 07:22 - 2015-05-24 07:27 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 07:22 - 2015-05-24 07:22 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Local\Deployment
2015-05-24 07:22 - 2015-05-24 07:22 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Local\Apps\2.0
2015-05-23 22:43 - 2015-05-24 10:19 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-23 22:43 - 2015-05-23 22:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-23 22:21 - 2015-05-23 22:31 - 00100374 _____ () C:\2v ypis.txt
2015-05-23 22:16 - 2015-05-24 21:44 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1560035657-911311260-1851593216-1003
2015-05-23 22:15 - 2015-05-23 22:15 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-ROMCA-PC-Windows-8.1-(64-bit).dat
2015-05-23 22:15 - 2015-05-23 22:15 - 00000000 ____D () C:\RegBackup
2015-05-23 21:13 - 2015-05-23 21:13 - 00100615 _____ () C:\vypis.txt
2015-05-23 20:30 - 2015-05-23 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 20:22 - 2015-05-23 21:28 - 00000000 ____D () C:\AdwCleaner
2015-05-23 19:25 - 2015-05-23 19:25 - 00001105 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-05-23 17:44 - 2015-05-23 17:44 - 00000000 _____ () C:\Users\koryt_000.ROMCA-PC\AppData\Local\Temp.dat
2015-05-23 17:20 - 2015-05-23 17:20 - 00000024 _____ () C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\appdataFr25.bin
2015-05-23 08:49 - 2015-05-23 08:49 - 00000024 _____ () C:\Users\Romana S\AppData\Roaming\appdataFr25.bin
2015-05-22 09:16 - 2015-05-22 09:16 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\Downloads\GSpot270a
2015-05-22 05:28 - 2015-05-22 05:28 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-05-16 16:56 - 2015-05-16 16:56 - 00284776 _____ () C:\WINDOWS\Minidump\051615-35046-01.dmp
2015-05-16 16:56 - 2015-05-16 16:56 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-16 16:55 - 2015-05-16 16:55 - 514616911 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-16 16:42 - 2015-05-16 16:52 - 00000000 ____D () C:\Program Files (x86)\Emsa Save My Work
2015-05-16 11:43 - 2015-05-16 11:43 - 00001158 _____ () C:\Users\Romana S\Desktop\kolotoč – zástupce.lnk
2015-05-16 11:42 - 2015-05-16 11:42 - 00451485 _____ () C:\Users\Romana S\Downloads\kolotoč.htm
2015-05-16 07:32 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 07:32 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 07:02 - 2015-05-16 07:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-05-16 07:02 - 2015-05-16 07:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-05-16 07:01 - 2015-05-16 07:01 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-05-14 19:46 - 2015-05-14 19:46 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Local\VS Revo Group
2015-05-13 14:48 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 14:48 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 06:29 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 06:29 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 06:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-05-13 06:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-05-13 06:26 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 06:26 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-05-13 06:26 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-05-13 06:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 06:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 06:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 06:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 06:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 06:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 06:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 06:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 06:24 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 06:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 06:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 06:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 06:24 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 06:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 06:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 06:24 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 06:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 06:24 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 06:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 06:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 06:24 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 06:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 06:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 06:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 06:24 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 06:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 06:24 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 06:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 06:24 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 06:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 06:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 06:24 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 06:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 06:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 06:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 06:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 06:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 06:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 06:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 06:22 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 06:22 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 06:22 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 06:22 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 06:22 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 21:05 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 21:04 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-05-12 21:04 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-05-12 21:01 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 21:01 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 21:01 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 21:01 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 21:01 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 21:01 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 21:01 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 21:01 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 21:01 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 21:00 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 21:00 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 21:00 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 21:00 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 20:58 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 20:57 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 20:57 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 20:57 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 20:56 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 20:56 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 20:56 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 20:56 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 20:56 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 20:56 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 20:56 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 20:56 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 20:56 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 20:55 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-05-12 20:55 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-05-12 20:55 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-05-12 20:55 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-05-12 19:48 - 2015-05-12 19:48 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-05-11 21:38 - 2015-05-11 21:38 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\WinRAR
2015-05-11 20:23 - 2015-05-24 19:44 - 00003982 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A7580D82-3B31-4A09-8B98-764EC8B2E8A1}
2015-05-11 20:23 - 2015-05-11 20:23 - 00000000 __SHD () C:\Users\Romana S\AppData\Local\EmieUserList
2015-05-11 20:23 - 2015-05-11 20:23 - 00000000 __SHD () C:\Users\Romana S\AppData\Local\EmieSiteList
2015-05-11 20:23 - 2015-05-11 20:23 - 00000000 __SHD () C:\Users\Romana S\AppData\Local\EmieBrowserModeList
2015-05-11 20:22 - 2015-05-11 20:22 - 00001434 _____ () C:\Users\Romana S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-11 20:22 - 2015-05-11 20:22 - 00000020 ___SH () C:\Users\Romana S\ntuser.ini
2015-05-11 18:30 - 2015-05-13 06:21 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-11 18:30 - 2015-05-11 18:30 - 00000000 __SHD () C:\Recovery
2015-05-11 18:28 - 2015-05-11 18:28 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-05-11 18:28 - 2015-05-11 18:28 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-05-11 18:28 - 2015-05-11 18:28 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-05-11 18:26 - 2015-05-11 18:26 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-05-11 18:26 - 2015-05-11 18:26 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-05-11 18:26 - 2015-05-11 18:26 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-05-11 18:26 - 2015-05-11 18:26 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-11 18:25 - 2015-05-11 18:25 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-05-11 18:25 - 2015-05-11 18:25 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-05-11 18:25 - 2015-05-11 18:25 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-11 18:25 - 2015-05-11 18:25 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-11 18:20 - 2015-05-24 21:40 - 00000000 ____D () C:\Users\koryt_000.ROMCA-PC\OneDrive
2015-05-11 18:18 - 2015-05-24 19:44 - 00003986 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{61F012DB-754A-42CA-8E7A-BE0C2E0E5988}
2015-05-11 18:18 - 2015-05-11 18:18 - 00000000 __SHD () C:\Users\koryt_000.ROMCA-PC\AppData\Local\EmieUserList
2015-05-11 18:18 - 2015-05-11 18:18 - 00000000 __SHD () C:\Users\koryt_000.ROMCA-PC\AppData\Local\EmieSiteList
2015-05-11 18:18 - 2015-05-11 18:18 - 00000000 __SHD () C:\Users\koryt_000.ROMCA-PC\AppData\Local\EmieBrowserModeList
2015-05-11 18:14 - 2015-05-11 18:14 - 00001434 _____ () C:\Users\koryt_000.ROMCA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-11 18:14 - 2015-05-11 18:14 - 00000020 ___SH () C:\Users\koryt_000.ROMCA-PC\ntuser.ini
2015-05-11 18:12 - 2015-05-11 18:12 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-05-11 18:12 - 2015-05-11 18:12 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-05-11 18:12 - 2015-05-11 18:12 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-05-11 18:12 - 2015-05-11 18:12 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-05-11 18:11 - 2015-05-20 07:43 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-11 18:11 - 2015-05-20 07:43 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-11 18:11 - 2015-05-11 18:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-05-11 18:11 - 2015-05-11 18:11 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-05-11 18:11 - 2015-05-11 18:11 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-05-11 18:11 - 2015-05-11 18:11 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-05-11 18:11 - 2015-05-11 18:11 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-05-11 18:10 - 2015-05-11 18:10 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-05-11 18:10 - 2015-05-11 18:10 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-05-11 18:10 - 2015-05-11 18:10 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-05-11 18:10 - 2015-05-11 18:10 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-05-11 18:10 - 2015-05-11 18:10 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-05-11 18:10 - 2015-05-11 18:10 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-05-11 18:10 - 2015-05-11 18:10 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-05-11 18:10 - 2015-05-11 18:10 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-05-11 18:10 - 2015-05-11 18:10 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-05-11 18:10 - 2015-05-11 18:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-05-11 18:09 - 2015-05-24 21:15 - 01162048 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-11 18:09 - 2015-05-11 18:09 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-05-11 18:09 - 2015-05-11 18:09 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Public\Documents\Obrázky
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Public\Documents\Hudba
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Public\Documents\Filmy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Šablony
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Soubory cookie
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Poslední
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Okolní tiskárny
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Okolní síť
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Nabídka Start
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Dokumenty
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Documents\Obrázky
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Documents\Hudba
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Documents\Filmy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\Data aplikací
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Data aplikací
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Obrázky
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Hudba
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Filmy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Data aplikací
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Šablony
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Plocha
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Nabídka Start
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Dokumenty
2015-05-11 18:09 - 2015-05-11 18:09 - 00000000 _SHDL () C:\ProgramData\Data aplikací
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 60 hostů