kontrola logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
Varg
Level 3.5
Level 3.5
Příspěvky: 701
Registrován: leden 07
Bydliště: Lamí hnízdo
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod Varg » 14 lis 2015 10:40

Zoek.exe v5.0.0.1 Updated 12-November-2015
Tool run by Petr on 14.11.2015 at 10:18:59,13.
Microsoft Windows 10 Home 10.0.10240 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Petr\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14.11.2015 10:20:37 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Auslogics deleted successfully
C:\Users\Petr\AppData\Local\Adobe deleted successfully
C:\Users\Petr\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3832753693-3646972138-179110667-1004\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF1FF83-D72B-46DC-AC26-DEE8D1BD8B3F} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iq10j0za.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iq10j0za.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Auslogics not found
C:\PROGRA~2\Free Download Manager deleted
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iq10j0za.default\searchplugins\seznam-avast.xml deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iq10j0za.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21.09.2015 13:21]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29.03.2015 18:33]

SparkChess 6 - oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem
Bungalow - oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkdmggpdfpodahejeckklcncacambmo
Avast Online Security - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\oem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\oem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Petr\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=1 7317 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Petr\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 14.11.2015 at 10:38:48,19 ======================

Reklama
Uživatelský avatar
Varg
Level 3.5
Level 3.5
Příspěvky: 701
Registrován: leden 07
Bydliště: Lamí hnízdo
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod Varg » 14 lis 2015 10:41

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:53, on 14.11.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Petr\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Petr\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - C:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8237 bytes

Uživatelský avatar
Varg
Level 3.5
Level 3.5
Příspěvky: 701
Registrován: leden 07
Bydliště: Lamí hnízdo
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod Varg » 14 lis 2015 10:42

Zatím to vypadá že se chování zlepšilo.
Hra se neseká a taky prohlížeč zrychlil.
Počkám ještě do večera zda se bude pc chovat lépe delší dobu.

Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod jerabina » 14 lis 2015 18:31

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR



Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku" ;)
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.

Uživatelský avatar
Varg
Level 3.5
Level 3.5
Příspěvky: 701
Registrován: leden 07
Bydliště: Lamí hnízdo
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod Varg » 14 lis 2015 19:20

Ahoj.

Objevil se mi problém.
Při startu systému se mi objevila kritická chyba.
Start a Cortena nefungují restartujte svůj systém.

Nevíš čím to může být?

Uživatelský avatar
Varg
Level 3.5
Level 3.5
Příspěvky: 701
Registrován: leden 07
Bydliště: Lamí hnízdo
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod Varg » 14 lis 2015 19:28

# DelFix v1.011 - Logfile created 14/11/2015 at 19:25:16
# Updated 18/08/2015 by Xplode
# Username : Petr - PETRMALENKA
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Petr\Desktop\adwcleaner_5.020.exe
Deleted : C:\Users\Petr\Desktop\JRT.exe
Deleted : C:\Users\Petr\Desktop\JRT.txt
Deleted : C:\Users\Petr\Desktop\HijackThis.exe
Deleted : C:\Users\Petr\Desktop\hijackthis.log
Deleted : C:\Users\Petr\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Petr\Desktop\TFC.exe
Deleted : C:\Users\Petr\Desktop\zoek.exe
Deleted : C:\Users\Petr\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Petr\Downloads\RogueKillerX64.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #22 [Naplánovaný kontrolní bod | 11/05/2015 14:03:46]
Deleted : RP #23 [Windows Update | 11/11/2015 17:43:55]
Deleted : RP #24 [JRT Pre-Junkware Removal | 11/13/2015 16:46:23]

New restore point created !

########## - EOF - ##########

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod Orcus » 14 lis 2015 20:05

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

Uživatelský avatar
Varg
Level 3.5
Level 3.5
Příspěvky: 701
Registrován: leden 07
Bydliště: Lamí hnízdo
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod Varg » 14 lis 2015 20:46

Mám na ploše,vypnu antivir a combo mně hlásí že jede jen na xp...až do win 8.
Já mám 10 jak tedy na to?

Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod jerabina » 14 lis 2015 23:58

Omlouváme se, chybička se vloudila.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.

Uživatelský avatar
Varg
Level 3.5
Level 3.5
Příspěvky: 701
Registrován: leden 07
Bydliště: Lamí hnízdo
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod Varg » 15 lis 2015 09:53

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Petr (administrator) on PETRMALENKA (15-11-2015 09:50:21)
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Users\Petr\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll [2013-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll [2013-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll [2013-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-21] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll [2013-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll [2013-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll [2013-09-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 83.240.0.135 192.168.0.1
Tcpip\..\Interfaces\{ee0c896d-1f39-4a43-969b-4ff4c7f00d2c}: [DhcpNameServer] 83.240.0.135 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.tsbohemia.cz
SearchScopes: HKU\S-1-5-21-3832753693-3646972138-179110667-1004 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3832753693-3646972138-179110667-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-19] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-19] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iq10j0za.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-19] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-19] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\Free Media Player\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3832753693-3646972138-179110667-1004: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-14] ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (Avast Online Security) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-29]

Opera:
=======
OPR Extension: (Přeložit) - C:\Users\Petr\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2015-09-25]
OPR Extension: (Gladiatus Crazy Add On) - C:\Users\Petr\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggbidmjnmplnobkkjiinjmbnhccpkbj [2015-08-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-21] (AVAST Software)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
R2 PnkBstrA; C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-15] ()
S3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-09-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-21] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2015-08-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-15 09:50 - 2015-11-15 09:50 - 00013885 _____ C:\Users\Petr\Desktop\FRST.txt
2015-11-15 09:50 - 2015-11-15 09:50 - 00000000 ____D C:\FRST
2015-11-15 09:49 - 2015-11-15 09:50 - 02198528 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2015-11-15 08:55 - 2015-11-15 08:55 - 00016148 _____ C:\WINDOWS\system32\PETRMALENKA_Petr_HistoryPrediction.bin
2015-11-14 20:43 - 2015-11-14 20:43 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-14 19:25 - 2015-11-14 19:25 - 00001190 _____ C:\DelFix.txt
2015-11-14 10:35 - 2015-11-14 10:18 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-11-14 10:18 - 2015-11-14 19:24 - 00000613 _____ C:\Users\Petr\Desktop\Nový textový dokument (3).txt
2015-11-14 09:50 - 2015-11-14 09:50 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-11-13 12:47 - 2015-11-13 12:47 - 00883372 _____ C:\Users\Petr\Downloads\PLÁN VÝROBY 2015 (20).xlsx
2015-11-12 18:05 - 2015-11-12 18:08 - 794800128 _____ C:\Users\Petr\Downloads\Tali-Ihantala 1944.avi
2015-11-12 18:03 - 2015-11-12 18:10 - 2010634458 _____ C:\Users\Petr\Downloads\1944.(2015).DVDRip.avi
2015-11-12 14:43 - 2015-11-13 17:13 - 00001088 _____ C:\Users\Petr\AppData\Local\FSDownloader.nast
2015-11-12 14:40 - 2015-11-12 14:40 - 00935936 _____ (File-share.top) C:\Users\Petr\Downloads\FSDownloader.exe
2015-11-11 18:49 - 2015-11-03 19:20 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-11 18:49 - 2015-11-03 19:20 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 14:39 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 14:39 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 14:39 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 14:39 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 14:39 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 14:39 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 14:39 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 14:39 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 14:39 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 14:39 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 14:39 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 14:39 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 14:39 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 14:39 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 14:39 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 14:39 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 14:39 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 14:39 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 14:39 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 14:39 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 14:39 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 14:39 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 14:39 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 14:39 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 14:39 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 14:39 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 14:39 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 14:39 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 14:39 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 14:39 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 14:39 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 14:39 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 14:39 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 14:39 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 14:39 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 14:39 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 14:39 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 14:39 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 14:39 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 14:39 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 14:39 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 14:39 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 14:39 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 14:39 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 14:39 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 14:39 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 14:39 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 14:39 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 14:39 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 14:39 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 14:39 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 14:39 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 14:39 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 11:27 - 2015-11-05 16:08 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-11-10 11:27 - 2015-11-05 15:41 - 00102520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-11-10 11:26 - 2015-11-07 04:19 - 11227280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-11-10 11:26 - 2015-11-05 18:00 - 42914096 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 37882160 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 22343800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 18487552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 18389112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 16561320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 15933912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 15839200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 14844304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 13533608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 12870192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 12040952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 03540360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 03126800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 02876720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 02496632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 01905456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435891.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435891.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 01016360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00877688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00823232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00689784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00674096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00539648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00503416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00500872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00446768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00445216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00422568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00414000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00369456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00177416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00155792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-11-10 11:26 - 2015-11-05 18:00 - 00034493 _____ C:\WINDOWS\system32\nvinfo.pb
2015-11-09 11:18 - 2015-11-09 11:19 - 101541048 _____ C:\Users\Petr\Downloads\2014 The Committee - Power Through Unity.rar
2015-11-08 17:20 - 2015-11-08 17:35 - 999180569 _____ C:\Users\Petr\Downloads\h118.rar
2015-11-08 17:20 - 2015-11-08 17:33 - 683350208 _____ C:\Users\Petr\Downloads\d121.rar
2015-11-07 16:04 - 2015-11-07 16:04 - 74172356 _____ C:\Users\Petr\Downloads\LIMBO.rar
2015-11-07 09:40 - 2015-11-07 09:40 - 48232380 _____ C:\Users\Petr\Downloads\Tank Genocide - La Victoire Ou La Mort (2015).rar
2015-11-06 21:42 - 2015-11-06 21:42 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-11-06 21:42 - 2015-11-06 21:42 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-11-06 13:16 - 2015-11-06 13:16 - 00001789 _____ C:\Users\Public\Desktop\Webium's Modpack.lnk
2015-11-06 13:12 - 2015-11-06 13:13 - 72149796 _____ (myWOTmods.com ) C:\Users\Petr\Downloads\webium-WOT-0.9.10-modpack-installer-v9.10.18.exe
2015-11-06 12:00 - 2015-11-06 12:00 - 85591380 _____ C:\Users\Petr\Downloads\Hid.rar
2015-11-05 17:46 - 2015-11-02 23:49 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-11-05 17:46 - 2015-11-02 23:49 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-11-05 17:46 - 2015-11-02 23:49 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-11-05 17:46 - 2015-11-02 18:03 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435887.dll
2015-11-05 17:46 - 2015-11-02 18:03 - 01564976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435887.dll
2015-11-05 14:55 - 2015-11-05 14:55 - 00003946 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1397060391
2015-11-03 20:22 - 2015-11-03 20:28 - 1047527424 _____ C:\Users\Petr\Downloads\G1757.part2.rar
2015-11-03 20:22 - 2015-11-03 20:28 - 1047527424 _____ C:\Users\Petr\Downloads\G1757.part1.rar
2015-11-03 20:22 - 2015-11-03 20:22 - 69861073 _____ C:\Users\Petr\Downloads\G1757.part3.rar
2015-11-03 20:21 - 2015-11-03 20:23 - 523335796 _____ C:\Users\Petr\Downloads\sdazvmd.rar
2015-11-01 17:07 - 2015-11-01 17:07 - 00000000 ____D C:\Users\Public\Documents\SEGA Rally
2015-11-01 12:47 - 2015-11-01 12:47 - 00000000 ____D C:\Users\Petr\Documents\SEGA Rally
2015-10-29 15:37 - 2015-11-06 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webium's modpack
2015-10-29 15:02 - 2015-10-29 18:52 - 00000000 ____D C:\Users\Petr\AppData\Local\ESL Wire Game Client
2015-10-29 15:02 - 2015-10-29 15:02 - 00000820 _____ C:\Users\Public\Desktop\ESL Wire.lnk
2015-10-29 15:02 - 2015-10-29 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2015-10-29 15:02 - 2015-10-29 15:02 - 00000000 ____D C:\ProgramData\ESL Wire
2015-10-29 15:02 - 2015-10-29 15:02 - 00000000 ____D C:\Program Files\EslWire
2015-10-29 15:00 - 2015-10-29 15:00 - 00939656 _____ (Turtle Entertainment GmbH) C:\Users\Petr\Downloads\ESLWireSetup-1.18.0.8101.exe
2015-10-29 14:39 - 2015-10-29 14:39 - 08206600 _____ (TeamViewer GmbH) C:\Users\Petr\Downloads\TeamViewer_Setup_cs.exe
2015-10-26 17:57 - 2015-10-12 04:04 - 01710752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-10-26 16:55 - 2015-10-26 16:58 - 00000000 ____D C:\Users\Petr\Documents\BFH
2015-10-26 16:52 - 2015-10-26 16:52 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-10-26 14:01 - 2015-10-26 14:54 - 214300522 _____ C:\Users\Petr\Desktop\Pán Prstenů - Navrat krale.mkv
2015-10-26 12:03 - 2015-11-01 12:33 - 00000000 ____D C:\Users\Petr\Downloads\Tomáš 6
2015-10-26 09:03 - 2015-10-26 09:03 - 00001959 _____ C:\Users\Petr\Desktop\Webshare Klient.lnk
2015-10-26 09:03 - 2015-10-26 09:03 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webshare
2015-10-26 08:58 - 2015-10-26 08:59 - 17403694 _____ C:\Users\Petr\Downloads\FreeRapid-0.9u4.zip
2015-10-26 08:52 - 2015-10-26 09:56 - 2064831428 _____ C:\Users\Petr\Desktop\Pán Prstenů - Dvě věže.mkv
2015-10-26 06:54 - 2015-10-26 07:46 - 4043921194 _____ C:\Users\Petr\Desktop\Pán Prstenů - Společenstvo prstenu.mkv
2015-10-24 17:43 - 2015-10-26 11:23 - 00000000 ____D C:\Users\Petr\Downloads\doktoři bez hranic
2015-10-24 17:43 - 2015-10-26 09:21 - 00000000 ____D C:\Users\Petr\Downloads\přístav
2015-10-24 16:18 - 2015-10-24 16:18 - 00000279 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koš.lnk
2015-10-23 15:18 - 2015-11-12 18:03 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Webshare
2015-10-23 15:17 - 2015-10-23 15:17 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-10-23 15:16 - 2015-10-26 09:03 - 00000000 ____D C:\Program Files (x86)\Webshare
2015-10-23 15:16 - 2015-10-26 09:03 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-10-21 13:42 - 2015-10-21 13:37 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-10-21 13:33 - 2015-10-21 15:15 - 00000000 ____D C:\WINDOWS\SysWOW64\15102101_stream
2015-10-21 13:33 - 2015-10-21 13:33 - 00000000 ____D C:\WINDOWS\SysWOW64\15102100_stream
2015-10-20 18:43 - 2015-10-20 18:43 - 00000000 ____D C:\Users\Petr\AppData\Local\CEF
2015-10-18 17:23 - 2015-10-18 17:23 - 00000000 ____D C:\Users\Petr\Documents\Codemasters
2015-10-18 17:22 - 2015-10-18 17:22 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Codemasters
2015-10-18 17:20 - 2015-10-18 17:20 - 00000000 ____D C:\Users\Petr\AppData\Roaming\InstallShield
2015-10-18 17:20 - 2015-10-18 17:20 - 00000000 ____D C:\ProgramData\InstallShield
2015-10-18 17:03 - 2015-10-18 17:03 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2015-10-18 17:00 - 2015-10-18 17:00 - 00000866 _____ C:\Users\Public\Desktop\F.E.A.R..lnk
2015-10-18 17:00 - 2015-10-18 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2015-10-18 16:59 - 2015-10-18 16:59 - 00000000 ____D C:\Program Files (x86)\Sierra

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-15 09:17 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-15 09:10 - 2015-09-19 12:05 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 07:14 - 2015-09-19 12:05 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 20:42 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 20:42 - 2014-08-04 18:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-14 20:41 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-14 19:31 - 2014-01-02 13:38 - 00000000 ____D C:\Users\Petr\AppData\Roaming\TS3Client
2015-11-14 19:31 - 2013-09-08 08:53 - 00000000 ____D C:\Users\Petr\AppData\Roaming\AIMP3
2015-11-14 19:30 - 2014-08-01 19:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-14 19:29 - 2015-01-11 09:48 - 00000000 ____D C:\Users\Petr\Downloads\backups
2015-11-13 18:05 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-13 17:08 - 2015-08-06 19:07 - 01787952 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-13 17:08 - 2015-07-10 17:02 - 00753718 _____ C:\WINDOWS\system32\perfh005.dat
2015-11-13 17:08 - 2015-07-10 17:02 - 00153934 _____ C:\WINDOWS\system32\perfc005.dat
2015-11-13 13:49 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-11 18:50 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 18:49 - 2013-07-19 11:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 18:45 - 2013-05-29 06:02 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-11 15:11 - 2015-03-29 18:40 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 11:28 - 2015-08-06 18:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-10 11:28 - 2015-02-28 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-10 11:27 - 2015-08-06 18:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-09 18:29 - 2015-05-31 17:26 - 00000000 ____D C:\Users\Petr\Desktop\špidla
2015-11-09 17:30 - 2015-09-21 13:34 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-09 13:24 - 2014-02-02 12:37 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-08 10:52 - 2015-08-30 08:39 - 00000000 ____D C:\Users\Petr\Desktop\Hudba 1
2015-11-05 16:08 - 2014-08-04 18:34 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-11-05 16:08 - 2014-08-04 18:34 - 02983216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-11-05 16:08 - 2014-08-04 18:34 - 02554672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-11-05 16:08 - 2014-08-04 18:34 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-11-05 16:08 - 2014-08-04 18:34 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-11-05 15:10 - 2014-02-02 12:37 - 00003902 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-05 14:55 - 2014-04-09 17:19 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-03 16:41 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-01 12:31 - 2014-09-28 08:16 - 00000000 ____D C:\The KMPlayer
2015-10-29 16:12 - 2015-08-06 18:51 - 00000000 ____D C:\Users\Petr
2015-10-29 14:40 - 2014-10-12 18:39 - 00000000 ____D C:\Users\Petr\AppData\Roaming\TeamViewer
2015-10-29 13:44 - 2015-07-10 13:20 - 00382960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-29 10:32 - 2014-01-02 13:38 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2015-10-28 14:49 - 2014-08-04 18:34 - 06027430 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-10-26 18:16 - 2013-05-28 12:00 - 00000000 ____D C:\Users\Petr\AppData\Local\Packages
2015-10-26 18:16 - 2012-10-16 10:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-26 18:12 - 2013-05-28 14:11 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-26 17:57 - 2015-02-28 18:57 - 00001476 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-10-26 17:04 - 2015-09-27 09:23 - 00000000 ____D C:\Users\Petr\Downloads\filmy
2015-10-21 13:42 - 2015-04-04 20:18 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 13:42 - 2014-07-06 15:51 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-21 13:41 - 2015-04-04 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 13:37 - 2015-08-19 20:09 - 00000000 ____D C:\Users\Petr\.oracle_jre_usage
2015-10-17 18:21 - 2015-07-10 12:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-17 18:21 - 2015-07-10 12:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-17 18:21 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-17 18:21 - 2015-07-10 12:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-17 18:21 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-17 18:21 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-17 18:21 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-17 18:21 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\L2Schemas

==================== Files in the root of some directories =======

2013-07-08 13:32 - 2013-07-08 13:32 - 0093696 _____ () C:\Users\Petr\AppData\Roaming\ezpinst.exe
2013-07-08 13:16 - 2013-08-02 15:04 - 0007859 _____ () C:\Users\Petr\AppData\Roaming\pcouffin.cat
2013-07-08 13:16 - 2013-08-02 15:04 - 0001167 _____ () C:\Users\Petr\AppData\Roaming\pcouffin.inf
2013-07-08 13:16 - 2013-08-02 15:04 - 0082816 _____ (VSO Software) C:\Users\Petr\AppData\Roaming\pcouffin.sys
2013-07-08 14:14 - 2013-08-02 15:04 - 0001057 _____ () C:\Users\Petr\AppData\Roaming\vso_ts_preview.xml
2015-11-12 14:43 - 2015-11-13 17:13 - 0001088 _____ () C:\Users\Petr\AppData\Local\FSDownloader.nast
2013-05-31 14:28 - 2013-05-31 14:28 - 0000017 _____ () C:\Users\Petr\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-08 20:11

==================== End of FRST.txt ============================

Uživatelský avatar
Varg
Level 3.5
Level 3.5
Příspěvky: 701
Registrován: leden 07
Bydliště: Lamí hnízdo
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod Varg » 15 lis 2015 09:53

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Petr (2015-11-15 09:51:02)
Running from C:\Users\Petr\Desktop
Windows 10 Home (X64) (2015-08-06 18:12:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3832753693-3646972138-179110667-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3832753693-3646972138-179110667-503 - Limited - Disabled)
Guest (S-1-5-21-3832753693-3646972138-179110667-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3832753693-3646972138-179110667-1270 - Limited - Enabled)
Petr (S-1-5-21-3832753693-3646972138-179110667-1004 - Administrator - Enabled) => C:\Users\Petr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
Aktualizace NVIDIA 2.5.15.54 (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed(R) III v1.04 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.04 - Ubisoft)
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
ESL Wire 1.18.0 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH)
FastShare.cz verze 2.3.1 (HKLM-x32\...\FastShare.cz_is1) (Version: 2.3.1 - )
FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
Free Video Editor version 1.4.12.415 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.12.415 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Johny_Bafak's Vertical Techtree verze 0.72 (HKLM-x32\...\{EFCA3CAE-86A1-4A6B-B703-6C2FF5EFD6EF}_is1) (Version: 0.72 - Johny_Bafak)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.138 - PandoraTV)
Medal of Honor Airborne (HKLM-x32\...\{25F28E39-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 CSY (HKLM\...\{0A8A841B-29C4-4947-BF59-241216B4D904}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Virtuální audio Miracast 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{220C463A-2890-4C7F-B97C-C49FE175B849}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 33.0.1990.58 (HKLM-x32\...\Opera 33.0.1990.58) (Version: 33.0.1990.58 - Opera Software)
Ovládací panel NVIDIA 358.91 (Version: 358.91 - NVIDIA Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Sniper Elite (HKLM-x32\...\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}) (Version: - )
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
webiums modpack 0.9.10 v9.10.18 (HKLM-x32\...\{B64D8CE9-11B2-469D-A347-9A13C2BCA423}_is1) (Version: 9.10.18 - myWOTmods.com)
Webshare uploader (HKLM-x32\...\WebshareDLC) (Version: - Webshare)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks - Common Test (HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ct}_is1) (Version: - Wargaming.net)
World of Tanks (HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)
XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

14-11-2015 19:25:30 End of disinfection

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-11-14 10:21 - 2015-11-14 10:21 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05639E6A-F8BD-4289-AF4A-8FD0292DC87E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2A3B9A33-FC34-4825-94B0-9D5F5CF6D925} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2B5F2724-20D4-4E67-B7BC-A2B15303DC76} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {2EE9B358-588B-44FB-8415-9211B537EBAB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {372C44EF-B85F-4A9E-AD98-3389F078FAD1} - System32\Tasks\{76ED66D3-EC50-47F4-919A-06935A6D2627} => pcalua.exe -a "C:\Users\Petr\Desktop\Medal of Honor-Pacific Assault\CZ\mohpacificassaultcz.exe" -d "C:\Users\Petr\Desktop\Medal of Honor-Pacific Assault\CZ"
Task: {3C7A66F9-7B1C-4B76-AFFF-C611B04CC031} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3D4E88C9-7666-4C97-ADC9-B1990BADF374} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3DA351F1-E913-46C2-A9F4-B2B7E1216366} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-21] (AVAST Software)
Task: {5415A7AE-3483-42F4-A5AE-AAF1BB52CF43} - System32\Tasks\{971B0503-70CC-43FD-8A22-42982980216C} => pcalua.exe -a "C:\Users\Petr\Desktop\Wolfenstein (2009) .by kobra.CZ\Čeština do hry Wolfenstein - 2009\WolfensteinBetaCz.exe" -d "C:\Users\Petr\Desktop\Wolfenstein (2009) .by kobra.CZ\Čeština do hry Wolfenstein - 2009"
Task: {5A9F7E8D-6083-4E55-AC34-840E678A47B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5D81C6F4-D0FA-47A4-8D01-AB18897DF0C4} - System32\Tasks\Opera scheduled Autoupdate 1397060391 => C:\Program Files (x86)\Opera\launcher.exe [2015-10-30] (Opera Software)
Task: {878FC9E0-BB81-4372-814E-C579818BB785} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9FA3D604-B948-4A1C-A7A8-2510B3B0DC6B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-05] (Adobe Systems Incorporated)
Task: {B114E92F-7603-47FA-898C-B587E4196C5E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BB31753D-C688-4DAA-BDE2-869572E36585} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BC1E005D-166D-4B5C-BE07-52935BD2D66E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C570D6EB-6F4F-442D-9F09-FAE68EE36A48} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CAFEBF1F-F82F-4A9D-8AAC-8B8F448A0FF8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DC2F4754-F31A-4141-99BF-34EF4BA8E1AC} - System32\Tasks\{74B2946B-5177-4EAC-A333-11289300C3F3} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" -d "C:\Program Files (x86)\EA GAMES\Medal of Honor Pacific Assault(tm)"
Task: {E48B5E1F-32DA-499B-AA19-99CD5560C786} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF40356E-D95D-4F6C-BA9C-306807478AD7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F0799976-53FD-4B24-9B5F-46F5F929B5F2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-06 19:35 - 2015-08-06 19:35 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 19:23 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-29 15:02 - 2014-01-28 11:40 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2015-10-29 15:02 - 2014-10-09 15:22 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2007-08-15 08:49 - 2007-08-15 08:49 - 00063040 _____ () C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
2014-08-04 18:34 - 2015-11-05 16:08 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-14 16:03 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-14 16:03 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-14 16:03 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-14 16:03 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-14 16:02 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-14 16:02 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-14 16:03 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 17:05 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-21 13:21 - 2015-09-21 13:21 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-21 13:21 - 2015-09-21 13:21 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-14 19:14 - 2015-11-14 19:14 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111401\algo.dll
2015-03-31 16:26 - 2015-10-12 04:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-21 13:21 - 2015-09-21 13:21 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\12don.info -> 12don.info
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\17gamo.com -> 17gamo.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\17webplace.com -> 17webplace.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1autocity.com -> 1autocity.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1ive.net -> 1ive.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1traff.us -> 1traff.us
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1ze.net -> 1ze.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\2-antispyware.com -> 2-antispyware.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\2004search.cc -> 2004search.cc

There are 4768 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\304549.jpg
DNS Servers: 83.240.0.135 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "Advanced SystemCare 6"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "GUDelayStartup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{3FB7BB9A-DE26-49F0-B1CF-02522A6B80E7}C:\games\world_of_warships\wowslauncher.exe] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{CDB2FE86-1F41-43F3-B5D4-F159F8ED17D5}C:\games\world_of_warships\wowslauncher.exe] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{6968135D-8929-4FEE-B466-84BC44714C26}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DD59AC3C-DBBF-4A26-956C-BA9F3ED843AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{9AD730A9-8D49-4CD7-87A8-C2D8DB1B9E5C}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{E9289F72-0B16-4649-AC44-7BF126312E5F}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{67022AB5-14EB-4D51-A5ED-3B9B6098C1AC}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe
FirewallRules: [TCP Query User{8722C005-1282-41DB-A504-9575FA89E56D}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe
FirewallRules: [UDP Query User{50A5986C-EFC6-44E9-831E-3746A1BFCCD4}C:\program files (x86)\rayman legends\rayman legends.exe] => (Block) C:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [TCP Query User{059748E2-ECC2-4202-AB04-D85E2AEBA9CC}C:\program files (x86)\rayman legends\rayman legends.exe] => (Block) C:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [{EFC89F5B-C0CE-4E86-87C1-857F9FBF10D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{812385AB-65F3-4D20-87F8-11940B6261B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ED6A17C8-FE5C-4C9E-BDB0-0BC0E748B770}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B5DB82D9-8B2A-4D5B-AB40-630A896C6C46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09F61A09-5B74-4146-9000-2005959D9A88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{41C597E6-B0E3-4153-A816-D244F46E3138}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe
FirewallRules: [UDP Query User{A32B5A79-6D49-49FE-93FA-48EA7D5F1F33}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe
FirewallRules: [TCP Query User{710883E4-4B0E-43BF-B176-421A609A9125}C:\games\world_of_tanks_ct\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_ct\worldoftanks.exe
FirewallRules: [UDP Query User{D49D41F9-C15E-491F-BD05-89D0FEBF24EF}C:\games\world_of_tanks_ct\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_ct\worldoftanks.exe
FirewallRules: [{0D752E78-F661-47B2-9FA7-202A8E799C74}] => (Allow) C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe
FirewallRules: [{D55648ED-2E29-4821-8E45-F643FAC72157}] => (Allow) C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe
FirewallRules: [{E5352418-C31C-4F35-A67B-B85C26AA7AD5}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [{724CE475-8938-4C84-ADD7-7CBA40ECE3DE}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [TCP Query User{ADE7F9F1-56E2-491C-AAF7-2AA80368222C}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{070A1F00-1561-4DE6-8DA1-8E5F0B49F7B2}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{E5D781F7-F4C2-4C5F-A5C5-2F11A1F873CA}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{27BC8880-183C-424D-A65D-611413146DA8}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{7229DABC-81C3-4A8D-881C-7296CDD61666}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{6FBBD087-ECF6-41C1-B540-F7595BEF9515}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{ADD5F0C9-8B86-49C5-A2F0-802B4B130200}] => (Allow) C:\Program Files\EslWire\wire.exe
FirewallRules: [{1199499B-70BC-43CC-A3FA-0E21D73D953F}] => (Allow) C:\Program Files\EslWire\wire.exe
FirewallRules: [{9C13AE9D-4D69-45DD-981D-E837A7F7997E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2015 09:21:35 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: ASP.NET_1.1.43228

Error: (11/14/2015 07:25:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (11/13/2015 08:56:13 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: ASP.NET_1.1.43228

Error: (11/13/2015 05:46:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (11/13/2015 05:44:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2 na řádku C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (11/13/2015 01:43:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2 na řádku C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (11/12/2015 07:01:46 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: ASP.NET_1.1.43228

Error: (11/11/2015 06:49:19 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: ASP.NET_1.1.43228

Error: (11/11/2015 06:44:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (11/09/2015 09:02:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: ASP.NET_1.1.43228


System errors:
=============
Error: (11/14/2015 10:15:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (11/14/2015 10:15:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (11/14/2015 10:15:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (11/14/2015 10:15:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (11/14/2015 08:42:52 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Tento počítač je nakonfigurován jako člen pracovní skupiny, nikoliv jako
člen domény. Přihlašovací služba Netlogon nepotřebuje být spuštěna v této
konfiguraci.

Error: (11/14/2015 08:41:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (11/14/2015 08:41:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (11/14/2015 08:41:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (11/14/2015 08:41:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (11/14/2015 07:16:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici


CodeIntegrity:
===================================
Date: 2015-08-20 19:52:18.538
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 19:52:18.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 19:52:18.269
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 19:52:18.097
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 19:52:17.963
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 19:52:17.850
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 19:52:17.740
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 19:52:17.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 19:52:17.406
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-20 19:52:17.255
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD FX(tm)-4130 Quad-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 8173.43 MB
Available physical RAM: 6602.02 MB
Total Virtual: 9453.43 MB
Available Virtual: 7916.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:474.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C0729418)
Partition 1: (Active) - (Size=352 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod jaro3 » 15 lis 2015 10:16

Odinstaluj:
IObit Malware Fighter
Advanced SystemCare 6


Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
SearchScopes: HKU\S-1-5-21-3832753693-3646972138-179110667-1004 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3832753693-3646972138-179110667-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
2015-11-15 09:10 - 2015-09-19 12:05 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 07:14 - 2015-09-19 12:05 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
Task: {05639E6A-F8BD-4289-AF4A-8FD0292DC87E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2A3B9A33-FC34-4825-94B0-9D5F5CF6D925} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2EE9B358-588B-44FB-8415-9211B537EBAB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3C7A66F9-7B1C-4B76-AFFF-C611B04CC031} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3D4E88C9-7666-4C97-ADC9-B1990BADF374} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {5A9F7E8D-6083-4E55-AC34-840E678A47B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {878FC9E0-BB81-4372-814E-C579818BB785} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B114E92F-7603-47FA-898C-B587E4196C5E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BB31753D-C688-4DAA-BDE2-869572E36585} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BC1E005D-166D-4B5C-BE07-52935BD2D66E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C570D6EB-6F4F-442D-9F09-FAE68EE36A48} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CAFEBF1F-F82F-4A9D-8AAC-8B8F448A0FF8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EF40356E-D95D-4F6C-BA9C-306807478AD7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\12don.info -> 12don.info
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\17gamo.com -> 17gamo.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\17webplace.com -> 17webplace.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1autocity.com -> 1autocity.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1ive.net -> 1ive.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1traff.us -> 1traff.us
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1ze.net -> 1ze.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\2-antispyware.com -> 2-antispyware.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\2004search.cc -> 2004search.cc
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "Pokki"

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 86 hostů