Pomoc s odstraněním viru

[Holi-cz]

Ahoj,

svojí blbostí jsem natáhl vir. Projel jsem tedy PC programem Malwarebytes. Nic nenašel (do toho celou dobu běží Avast). Počítač je ale znatelně pomalejší a teď jsem si ve správci všiml programu COM Surrogate, sice hned zmizel, ale viděl jsem ho. Google poradil, že je to vir, ale také, že manuální odstranění je prý nebezpečné, tak prosím o radu vás, zkušenější. Díky.

Jedná se o Desktop z podpisu.

Log HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:02:57, on 4. 8. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Lukáš\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Lukáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Lukáš\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [GoodSync] "C:\Program Files\Siber Systems\GoodSync\GoodSync.exe" /min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoodSync Server (GsServer) - Unknown owner - C:/Program Files/Siber Systems/GoodSync/gs-server.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8300 bytes

[Reklama]

[Holi-cz]

Aha aha, chápu. Nezabírá téměř nic (0% procesor a pár MB ram) a umístěn je C:\Windows\System32.

Nicméně jedná se o relativně čistou instalaci s SSD diskem, i7 procesorem a 12 GB RAM a od toho (možná domnělého) zavirování občas začne počítač šíleně hučet a při psaní se písmena objevují po skupinkách. Když se to dělo, tak jsem koukal na vytížení kompu a nic zvláštního.

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Holi-cz]

AdwCleaner log:

# AdwCleaner v5.201 - Log vytvořen 04/08/2016 v 22:00:28
# Aktualizováno 30/06/2016 by ToolsLib
# Databáze : 2016-08-04.3 [Server]
# Operační system : Windows 8.1 Pro (X64)
# Uživatelské jméno : Lukas - PC-OBYVAK
# Spuštěno z : C:\Users\Lukáš\Desktop\adwcleaner_5.201.exe
# Nastavení : Sken
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****


***** [ Soubory ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****


***** [ Naplánované úlohy ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : isearch.avg.com_
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : buenosearch.com
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : babylon.com
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : websearch.ask.com
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : isearch.avg.com
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : format-factory-portable.en.softonic.com
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : startsear.ch
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : super-mario-3-mario-forever.en.softonic.com
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : search.conduit.com
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Nalezeno : isearch.avg.com__

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [1911 bytů] - [04/08/2016 22:00:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1984 bytů] ##########


Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4. 8. 2016
Čas skenování: 22:13
Protokol: mlwr.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.08.04.13
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Lukas

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 283328
Uplynulý čas: 2 min, 45 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Holi-cz]

AdwCleaner log:

# AdwCleaner v5.201 - Log vytvořen 04/08/2016 v 22:55:19
# Aktualizováno 30/06/2016 by ToolsLib
# Databáze : 2016-08-04.3 [Server]
# Operační system : Windows 8.1 Pro (X64)
# Uživatelské jméno : Lukas - PC-OBYVAK
# Spuštěno z : C:\Users\Lukáš\Desktop\adwcleaner_5.201.exe
# Nastavení : Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****


***** [ Soubory ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****


***** [ Naplánované úlohy ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : isearch.avg.com_
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : buenosearch.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : babylon.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : websearch.ask.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : isearch.avg.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : format-factory-portable.en.softonic.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : startsear.ch
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : super-mario-3-mario-forever.en.softonic.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : search.conduit.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Smazáno : isearch.avg.com__

*************************

:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2057 bytů] - [04/08/2016 22:55:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [2063 bytů] - [04/08/2016 22:00:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [2136 bytů] - [04/08/2016 22:54:13]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2276 bytů] ##########


JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 Pro x64
Ran by Lukas (Administrator) on źt 04. 08. 2016 at 22:58:33,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 04. 08. 2016 at 22:59:37,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


RogueKiller log: (+ mi otevřel tuto webovou stránku)

RogueKiller V12.4.2.0 (x64) [Aug 1 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Lukas [Práva správce]
Started from : C:\Users\Luká?\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/04/2016 23:11:28

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51CB023F-B4DA-4E84-83DF-3AADCF7DAA13} | DhcpNameServer : 10.0.0.138 ([]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51CB023F-B4DA-4E84-83DF-3AADCF7DAA13} | DhcpNameServer : 10.0.0.138 ([]) -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3160827AS ATA Device +++++
--- User ---
[MBR] 5478caa1916bc61636eded2a6ad76d8c
[BSP] dd3f2e8cd9628687a34ece7f3f25fca4 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 51210 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 104880128 | Size: 101414 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: KINGSTON SHFS37A120G ATA Device +++++
--- User ---
[MBR] 2a253e948696fc4ab941f47ddc8385c0
[BSP] 0b57df2624018ef6d6d92703b1168f70 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 114121 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD6400AAKS-00A7B0 ATA Device +++++
--- User ---
[MBR] 6698aa815b61e8e37c90cc4c40ea3f51
[BSP] 3e431ba2d569fc592a4ab9de5e654fba : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 308000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 630786048 | Size: 205000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1050626048 | Size: 97476 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech

[Holi-cz]

RogueKiller log:
RogueKiller V12.4.2.0 (x64) [Aug 1 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Lukas [Práva správce]
Started from : C:\Users\Luká?\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 08/04/2016 23:36:52

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51CB023F-B4DA-4E84-83DF-3AADCF7DAA13} | DhcpNameServer : 10.0.0.138 ([]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51CB023F-B4DA-4E84-83DF-3AADCF7DAA13} | DhcpNameServer : 10.0.0.138 ([]) -> Nahrazeno ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 5478caa1916bc61636eded2a6ad76d8c
[BSP] dd3f2e8cd9628687a34ece7f3f25fca4 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 51210 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 104880128 | Size: 101414 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: KINGSTON SHFS37A120G ATA Device +++++
--- User ---
[MBR] 2a253e948696fc4ab941f47ddc8385c0
[BSP] 0b57df2624018ef6d6d92703b1168f70 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 114121 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD6400AAKS-00A7B0 ATA Device +++++
--- User ---
[MBR] 6698aa815b61e8e37c90cc4c40ea3f51
[BSP] 3e431ba2d569fc592a4ab9de5e654fba : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 308000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 630786048 | Size: 205000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1050626048 | Size: 97476 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

ZOEK log:

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Lukas on źt 04. 08. 2016 at 23:38:12,81.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\LUK~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4. 8. 2016 23:38:32 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Dashlane deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\Users\LUK~1\AppData\Local\PackageStaging deleted successfully
C:\Users\LUK~1\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Dashlane not found
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [15. 07. 2016 21:15]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [15. 07. 2016 21:15]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]

ColorZilla - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp
Dashlane - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg
News Feed Eradicator for Facebook - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg
EditThisCookie - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
EML Backup for Gmail™ - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoblgjfecfbmdkijphnlknolbppkldi
SmoothScroll - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj
Chrome Media Router - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savegame-download.com_0.localstorage deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savegame-download.com_0.localstorage-journal deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savelocations.wikia.com_0.localstorage deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savelocations.wikia.com_0.localstorage-journal deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savesforgames.com_0.localstorage deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savesforgames.com_0.localstorage-journal deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.str.noccdn.net_0.localstorage deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.str.noccdn.net_0.localstorage-journal deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\LUK~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\LUK~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=8 9523814 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\LUK~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\LUK~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on źt 04. 08. 2016 at 23:49:07,43 ======================

Nový HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:53:23, on 4. 8. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Lukáš\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Lukáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Lukáš\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [GoodSync] "C:\Program Files\Siber Systems\GoodSync\GoodSync.exe" /min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoodSync Server (GsServer) - Unknown owner - C:/Program Files/Siber Systems/GoodSync/gs-server.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8300 bytes

Problémy + dotaz
Skákání textu po blocích vypadalo, že pokračuje, nicméně jsem zjistil, že to dělalo jedno rozšíření v Chromu, co do posledního updatu fungovalo dobře. Takže aktuálně zatím žádný problém nepociťuji, možná se záseky projeví znovu při používání.

Každopádně mám jeden dotaz, v době možné nákazy jsem si zrovna zaváděl správce hesel. To znamená, že jsem na důležitých stránkách měnil hesla za unikátní a dlouhá. Bylo podle logů v PC něco co by je odposlechlo? Případně master password do správce. Díky

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

zatím ne , ale zkusíme ještě jeden nástroj:

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Holi-cz]

FRST.txt je v příloze, je moc velký.

FRST.zip

(62.99 KiB) Staženo 56 x

Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Lukas (2016-08-05 13:02:42)
Running from C:\Users\Lukáš\Desktop
Windows 8.1 Pro (Update) (X64) (2016-07-15 18:44:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1475765806-2540599330-1712118998-500 - Administrator - Disabled)
Guest (S-1-5-21-1475765806-2540599330-1712118998-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1475765806-2540599330-1712118998-1003 - Limited - Enabled)
Lukas (S-1-5-21-1475765806-2540599330-1712118998-1001 - Administrator - Enabled) => C:\Users\Lukáš

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Avocode (HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\avocode) (Version: 2.9.0 - Piffle LLC.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios)
FileZilla Client 3.20.0 (HKLM-x32\...\FileZilla Client) (Version: 3.20.0 - Tim Kosse)
GitHub (HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\5f7eb300e2ea4ebf) (Version: 3.2.0.0 - GitHub, Inc.)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.7.7 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Just Cause 2 1.20 (HKLM-x32\...\Just Cause 2 1.20) (Version: - )
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.6741.2056 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.0 (HKLM\...\{0C801AA7-A02E-4DCF-BD09-0EACB11D9863}) (Version: 5.1.0 - Oracle Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WhatsApp (HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\WhatsApp) (Version: 0.2.1455 - WhatsApp)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.5.37-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1475765806-2540599330-1712118998-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FD3B3D9-9468-D082-8F23-A2EE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-1475765806-2540599330-1712118998-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Lukáš\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1475765806-2540599330-1712118998-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lukáš\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1475765806-2540599330-1712118998-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5BB6FC43-9468-D082-156C-C7AA85889A47} => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {072EC33C-5C68-4540-99CB-8A0D24DC2349} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {2B2E3415-BBE8-4792-9C95-6232AC934476} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-20] (Microsoft Corporation)
Task: {434A3F1C-7BC5-46E6-889E-72F82D07DA32} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-15] ()
Task: {51A599AB-E0DE-43E2-97D8-BE7319CF192E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-15] (AVAST Software)
Task: {69511BBF-AB40-4D09-AA57-17C66C715486} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1475765806-2540599330-1712118998-1001 => C:\Users\Lukáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-07-16] (Microsoft Corporation)
Task: {7AA3ADB0-E8C5-48BF-A6FA-65E79614AC7C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)
Task: {89B1C712-081A-4D5D-9C8B-86EB75E82EE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {998EE668-F4F1-4484-85CE-3C5C890BA9F6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-15] (AVAST Software)
Task: {DAA3B1D2-D820-4F16-AEBB-670968D72B99} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-20] (Microsoft Corporation)
Task: {DD32FF1F-1A2D-4A3B-AE63-8C7B58867A15} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-07-20] (Microsoft Corporation)
Task: {ED6ABC3D-C786-4187-9CD9-E8B5E2A6AC2F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-15 21:22 - 2016-07-03 07:04 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-09-12 17:26 - 2014-09-12 17:26 - 08206480 _____ () C:\Program Files\Siber Systems\GoodSync\gs-server.exe
2014-09-12 17:26 - 2014-09-12 17:26 - 12017808 _____ () C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
2016-07-15 21:34 - 2015-11-30 19:02 - 03368960 _____ () C:\xampp\xampp-control.exe
2016-07-15 21:34 - 2016-03-24 05:20 - 11583304 _____ () c:\xampp\mysql\bin\mysqld.exe
2016-08-04 13:08 - 2016-01-20 14:22 - 00382114 _____ () C:\Users\Lukáš\AppData\Local\GitHub\PortableGit_624c8416ee51e205b3f892d1d904e06e6f3c57c8\usr\bin\ssh-agent.exe
2016-07-15 20:57 - 2016-06-23 15:26 - 02336584 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-07-15 20:57 - 2016-06-23 15:25 - 00107336 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2016-07-15 21:15 - 2016-07-15 21:15 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-04 21:59 - 2016-08-04 21:59 - 03012096 _____ () C:\Program Files\AVAST Software\Avast\defs\16080401\algo.dll
2016-07-15 21:15 - 2016-07-15 21:15 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-15 21:15 - 2016-07-15 21:15 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-15 21:34 - 2015-06-05 12:54 - 00404992 _____ () c:\xampp\apache\bin\pcre.dll
2016-07-15 21:34 - 2016-06-23 01:38 - 00128512 _____ () C:\xampp\php\libpq.dll
2016-07-15 21:34 - 2015-06-05 12:54 - 00404992 _____ () C:\xampp\apache\bin\pcre.dll
2016-08-04 13:08 - 2016-04-01 06:58 - 00110334 _____ () C:\Users\Lukáš\AppData\Local\GitHub\PortableGit_624c8416ee51e205b3f892d1d904e06e6f3c57c8\usr\bin\msys-gcc_s-1.dll
2016-08-04 13:08 - 2016-04-01 06:58 - 00013307 _____ () C:\Users\Lukáš\AppData\Local\GitHub\PortableGit_624c8416ee51e205b3f892d1d904e06e6f3c57c8\usr\bin\msys-ssp-0.dll
2016-08-04 13:08 - 2014-11-04 13:33 - 00085916 _____ () C:\Users\Lukáš\AppData\Local\GitHub\PortableGit_624c8416ee51e205b3f892d1d904e06e6f3c57c8\usr\bin\msys-z.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\sharepoint.com -> hxxps://fakturace-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-08-04 23:38 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6D26B9F2-03A6-4BB0-B1C2-AD52190B070F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{4CAEBDA3-2FF7-4070-9754-1E09F777A5A8}C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{35D114A9-F5F9-465D-B86B-ACBAE3A8A10A}C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{5DB1AC8A-AD9B-4F76-B4D3-127CA461B925}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{996AAA1C-D0B5-4636-8124-99AF2C5F6711}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9F79B912-6599-493E-9067-1AA069ABCF3B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BDEAB2DE-54AE-459B-8ACF-535ACFC7EACA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{937B9DCB-F141-44BE-9D87-FCAD8B121B08}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B09EC606-3F6A-4490-948B-FA4A0EDD4236}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{C6D6D34D-A90D-4DDB-8A85-3DA0B16493ED}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{6B43A6CF-CEFA-4030-8432-C10849A2443F}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{950FA47B-BEC7-4F28-824D-67DF93294FB0}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{C3414782-2205-42E7-8D56-9CDAB119BB64}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{C39FEF86-8BC6-4DD2-ACD7-C0E7360E2CEC}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{E9441FA7-1448-4DEE-95F0-1B223B6F9B63}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{D9033305-7EF7-4028-A9B4-10362AAAC59F}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{98CD9535-F61E-42C5-BB95-BF55709FD0CD}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{AECA79DF-9158-4D81-AB1C-5843E4D3419A}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{7A20A13F-255A-45FA-9D4D-2188CFA4C433}C:\users\lukáš\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lukáš\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2F7216A1-3A06-476F-912E-6B046D23D405}C:\users\lukáš\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lukáš\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{047B024D-9768-469E-A306-E9153B2F1776}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C4198F2D-B198-4751-BA72-BA871721889C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E13E973A-916A-42A0-9363-15C87903E7D9}C:\program files\sublime text 3\plugin_host.exe] => (Allow) C:\program files\sublime text 3\plugin_host.exe
FirewallRules: [UDP Query User{02091365-1BF4-43E9-B333-0B637A5779DA}C:\program files\sublime text 3\plugin_host.exe] => (Allow) C:\program files\sublime text 3\plugin_host.exe
FirewallRules: [{0CB9F02E-A31D-49EF-A3F6-0D78AE1F8D3A}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{28621883-81BE-41C7-9146-23B130739DC9}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{92464E03-B593-4D8D-88AE-AEE02885F89B}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{32D7994F-383D-48D3-81DE-9B5E462B29D4}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{E79DC612-7A07-45FF-8F02-88B4B65816FA}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{92F7EF76-6C94-46B7-A309-8A74C85DBA2D}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{648BA2E5-9CB3-47D5-A022-692051436E1E}] => (Allow) LPort=33333
FirewallRules: [{2F1F4E8E-85FF-4761-A634-564E3C99B520}] => (Allow) LPort=33338
FirewallRules: [{6161FAD8-F9DB-41ED-B9E6-4F280BED9FA5}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{86BF4D69-0E7A-4FF4-8A36-613B43C1F5DF}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{E239BF9D-469A-44FD-8DB5-9D8273072BE3}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{1CA8BFCF-C5E0-4BE5-B0AE-044E8EFB5802}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{3B019039-6E08-4A5D-932E-4F309C0B9669}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{BF6BC4BC-E659-4726-95AA-8F65B0DBF660}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [TCP Query User{782DB8E5-277F-445E-A3F4-8A5D403FCDED}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{561FED1B-0CE4-4584-A81F-A9C862994A47}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{972918E0-7864-48DF-BFF8-B3ECF8B70E95}C:\users\lukáš\desktop\subnautica.b678.build.33514\subnautica.b678.build.33514\subnautica.exe] => (Allow) C:\users\lukáš\desktop\subnautica.b678.build.33514\subnautica.b678.build.33514\subnautica.exe
FirewallRules: [UDP Query User{2563CE66-F6ED-46FD-959D-42E5B4FBAFDD}C:\users\lukáš\desktop\subnautica.b678.build.33514\subnautica.b678.build.33514\subnautica.exe] => (Allow) C:\users\lukáš\desktop\subnautica.b678.build.33514\subnautica.b678.build.33514\subnautica.exe
FirewallRules: [{BB245C5B-F2EE-4A8E-963E-CE4E56956560}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7CBBC097-9B80-424D-A326-116D729AFDDE}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe

==================== Restore Points =========================

04-08-2016 22:58:33 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2016 01:02:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 3.8.2016.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 110c

Čas spuštění: 01d1ef08b0d3c0c0

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\Lukáš\Desktop\FRST64.exe

ID hlášení: 0b661a5f-5afc-11e6-825c-001fd0dade50

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (08/05/2016 12:53:42 PM) (Source: MySQL) (EventID: 100) (User: )
Description: mysql.procs_priv: 1 client is using or hasn't closed the table properly

Error: (08/05/2016 12:53:42 PM) (Source: MySQL) (EventID: 100) (User: )
Description: mysqld.exe: Table '.\mysql\procs_priv' is marked as crashed and should be repaired

Error: (08/05/2016 12:53:42 PM) (Source: MySQL) (EventID: 100) (User: )
Description: mysql.columns_priv: 1 client is using or hasn't closed the table properly

Error: (08/05/2016 12:53:42 PM) (Source: MySQL) (EventID: 100) (User: )
Description: mysqld.exe: Table '.\mysql\columns_priv' is marked as crashed and should be repaired

Error: (08/05/2016 12:53:42 PM) (Source: MySQL) (EventID: 100) (User: )
Description: mysql.tables_priv: 1 client is using or hasn't closed the table properly

Error: (08/05/2016 12:53:42 PM) (Source: MySQL) (EventID: 100) (User: )
Description: mysqld.exe: Table '.\mysql\tables_priv' is marked as crashed and should be repaired

Error: (08/05/2016 12:53:42 PM) (Source: MySQL) (EventID: 100) (User: )
Description: mysql.db: 1 client is using or hasn't closed the table properly

Error: (08/05/2016 12:53:42 PM) (Source: MySQL) (EventID: 100) (User: )
Description: mysqld.exe: Table '.\mysql\db' is marked as crashed and should be repaired

Error: (08/05/2016 12:30:34 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220


System errors:
=============
Error: (08/05/2016 12:30:38 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače VIRTUALBOX,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{EBB160F1-AE25-4A21-991B-AF1DA7BF0626}.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (08/05/2016 10:38:52 AM) (Source: DCOM) (EventID: 10010) (User: pc-obyvak)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/05/2016 10:38:22 AM) (Source: DCOM) (EventID: 10010) (User: pc-obyvak)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/05/2016 02:22:53 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače VIRTUALBOX,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{EBB160F1-AE25-4A21-991B-AF1DA7BF0626}.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (08/05/2016 12:59:50 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače VIRTUALBOX,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{EBB160F1-AE25-4A21-991B-AF1DA7BF0626}.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (08/04/2016 11:46:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (08/04/2016 11:46:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (08/04/2016 11:46:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (08/04/2016 11:46:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (08/04/2016 11:46:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 16%
Total physical RAM: 12286.3 MB
Available physical RAM: 10263.09 MB
Total Virtual: 14142.3 MB
Available Virtual: 12027.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:58.26 GB) NTFS
Drive d: (Hry) (Fixed) (Total:50.01 GB) (Free:2.16 GB) NTFS
Drive e: (Seriály) (Fixed) (Total:300.78 GB) (Free:29.47 GB) NTFS
Drive g: (Zálohy) (Fixed) (Total:99.04 GB) (Free:30.66 GB) NTFS
Drive h: (Filmy) (Fixed) (Total:200.2 GB) (Free:126.65 GB) NTFS
Drive i: (Data) (Fixed) (Total:95.19 GB) (Free:26.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 149.1 GB) (Disk ID: DE81F691)
Partition 1: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or (Size: 111.8 GB) (Disk ID: 0F60C468)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or (Size: 596.2 GB) (Disk ID: 00002141)
Partition 1: (Not Active) - (Size=300.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=95.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[jaro3]

Log rozděl do více příspěvků.

[Holi-cz]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Lukas (administrator) on PC-OBYVAK (05-08-2016 13:02:12)
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukas (Available Profiles: Lukas)
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Spotify Ltd) C:\Users\Lukáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\xampp\xampp-control.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\Users\Lukáš\AppData\Local\GitHub\PortableGit_624c8416ee51e205b3f892d1d904e06e6f3c57c8\usr\bin\ssh-agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-15] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\Run: [Spotify Web Helper] => C:\Users\Lukáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-05] (Spotify Ltd)
HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\Run: [Spotify] => C:\Users\Lukáš\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-05] (Spotify Ltd)
HKU\S-1-5-21-1475765806-2540599330-1712118998-1001\...\Run: [GoodSync] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe [12017808 2014-09-12] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-15] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{51CB023F-B4DA-4E84-83DF-3AADCF7DAA13}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1475765806-2540599330-1712118998-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-15] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-15] (AVAST Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-15]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://facebook.com/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-04]
CHR Extension: (ColorZilla) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2016-08-04]
CHR Extension: (YouTube) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-04]
CHR Extension: (Adblock Plus) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-04]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2016-08-04]
CHR Extension: (EditThisCookie) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-08-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-05]
CHR Extension: (EML Backup for Gmail™) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoblgjfecfbmdkijphnlknolbppkldi [2016-08-04]
CHR Extension: (Page Ruler) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2016-08-04]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-08-04]
CHR Extension: (SmoothScroll) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2016-08-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-04]
CHR Extension: (Gmail) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-15] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-03] (Microsoft Corporation)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [8206480 2014-09-12] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-15] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-02] (AVAST Software)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-04] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-12] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [195424 2016-07-12] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U4 nxfs; no ImagePath
U4 nxpcap; no ImagePath
U4 nxsshd; no ImagePath
U4 nxusbd; no ImagePath
U4 nxusbh; no ImagePath
U4 nxusbs; no ImagePath
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-05 13:01 - 2016-08-05 13:02 - 00013358 _____ C:\Users\Lukáš\Desktop\FRST.txt
2016-08-05 13:01 - 2016-08-05 13:01 - 02393600 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2016-08-05 12:59 - 2016-08-05 12:59 - 00000000 ____D C:\Users\Lukáš\Desktop\backups
2016-08-05 12:58 - 2016-08-05 12:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lukáš\Desktop\HijackThis.exe
2016-08-05 12:54 - 2016-08-05 12:54 - 00000159 _____ C:\Users\Lukáš\.gitconfig
2016-08-05 01:08 - 2016-08-05 01:10 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Riot
2016-08-05 01:05 - 2016-08-05 01:05 - 00000000 ____D C:\Program Files\IrfanView
2016-08-04 23:48 - 2016-08-04 23:53 - 00000000 ____D C:\Users\Lukáš\AppData\Local\VirtualStore
2016-08-04 23:48 - 2016-08-04 23:38 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-08-04 23:38 - 2016-08-04 23:47 - 00000000 ____D C:\zoek_backup
2016-08-04 23:00 - 2016-08-04 23:00 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-08-04 23:00 - 2016-08-04 23:00 - 00000000 ____D C:\ProgramData\RogueKiller
2016-08-04 22:27 - 2016-08-05 00:42 - 00000000 ____D C:\Users\Lukáš\Desktop\zasilka-KFJHT65KTRMIUGK3
2016-08-04 22:27 - 2016-08-04 22:27 - 61983506 _____ C:\Users\Lukáš\Desktop\zasilka-KFJHT65KTRMIUGK3.zip
2016-08-04 22:04 - 2016-08-04 22:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-04 22:04 - 2016-08-04 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-04 22:04 - 2016-08-04 22:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-04 22:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-04 22:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-04 22:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-04 22:00 - 2016-08-04 22:55 - 00000000 ____D C:\AdwCleaner
2016-08-04 14:12 - 2016-08-05 00:48 - 00000132 _____ C:\Users\Lukáš\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2016-08-04 12:45 - 2016-08-04 12:45 - 00000000 ____D C:\Users\Lukáš\AppData\Local\ElevatedDiagnostics
2016-08-03 23:05 - 2016-08-05 13:02 - 00000000 ____D C:\FRST
2016-08-03 14:26 - 2016-08-03 14:26 - 00000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2016-08-03 14:26 - 2016-08-03 14:26 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Sublime Text 3
2016-08-03 14:26 - 2016-08-03 14:26 - 00000000 ____D C:\Program Files\Sublime Text 3
2016-08-03 00:05 - 2016-08-03 00:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-01 23:08 - 2016-08-01 23:08 - 00000000 ____D C:\Users\Lukáš\Documents\Square Enix
2016-08-01 23:08 - 2016-08-01 23:08 - 00000000 ____D C:\Users\Lukáš\AppData\Local\SKIDROW
2016-08-01 23:00 - 2016-08-01 23:00 - 00000000 ____D C:\Program Files (x86)\Tomi2k9
2016-07-21 22:03 - 2016-07-21 22:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-07-21 21:01 - 2016-07-21 21:01 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\SmartSteamEmu
2016-07-21 21:01 - 2016-07-21 21:01 - 00000000 ____D C:\Users\Lukáš\AppData\LocalLow\Unknown Worlds
2016-07-21 15:30 - 2016-07-21 15:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-20 23:35 - 2016-07-20 23:35 - 00001019 _____ C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\putty.lnk
2016-07-20 23:30 - 2016-08-05 12:55 - 00000600 _____ C:\Users\Lukáš\AppData\Local\PUTTY.RND
2016-07-20 23:30 - 2016-07-20 23:30 - 00531368 _____ (Simon Tatham) C:\Program Files\putty.exe
2016-07-19 23:58 - 2016-07-20 23:45 - 00000000 ____D C:\Users\Lukáš\Documents\NoMachine
2016-07-19 23:57 - 2016-07-21 13:28 - 00000000 ___HD C:\Users\Lukáš\.nx
2016-07-19 23:55 - 2015-03-02 14:39 - 00087216 _____ (NoMachine) C:\Windows\system32\Drivers\nxusbf.sys
2016-07-19 23:55 - 2015-03-02 14:39 - 00068096 _____ (NoMachine) C:\Windows\system32\Drivers\nxusbh.sys
2016-07-19 23:55 - 2015-03-02 14:39 - 00010240 _____ (NoMachine) C:\Windows\system32\Drivers\nxusbs.sys
2016-07-19 23:55 - 2014-04-22 16:07 - 00017920 _____ (NoMachine) C:\Windows\system32\Drivers\nxaudio.sys
2016-07-17 18:21 - 2016-08-04 13:09 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Piffle, LLC
2016-07-17 18:21 - 2016-07-18 14:00 - 00000000 ____D C:\Users\Lukáš\.avocode
2016-07-17 18:21 - 2016-07-17 18:28 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Avocode
2016-07-17 18:20 - 2016-08-04 13:09 - 00000000 ____D C:\Users\Lukáš\AppData\Local\avocode
2016-07-17 18:15 - 2016-07-17 18:15 - 00000000 ____D C:\Users\Lukáš\AppData\LocalLow\Adobe
2016-07-17 18:12 - 2016-08-04 12:45 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2016-07-17 18:12 - 2016-07-17 18:12 - 00000000 ____D C:\Users\Lukáš\.codeintel
2016-07-17 17:51 - 2016-07-17 17:51 - 00000000 ____D C:\Users\Lukáš\AppData\Local\GWX
2016-07-16 15:35 - 2016-07-02 06:29 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-16 15:35 - 2016-07-02 06:29 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-16 15:31 - 2016-07-21 15:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-16 15:31 - 2016-07-21 15:33 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-16 15:31 - 2016-07-16 15:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-07-16 15:31 - 2016-07-16 15:31 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-16 14:55 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-16 14:55 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-16 11:43 - 2016-05-25 15:22 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-07-16 11:43 - 2016-05-25 15:22 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-07-16 11:43 - 2016-05-25 15:12 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-07-16 11:43 - 2016-05-25 15:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-07-16 11:27 - 2016-07-20 00:00 - 00000000 ____D C:\Users\Lukáš\.ssh
2016-07-16 11:23 - 2016-08-05 12:55 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\GitHub
2016-07-16 11:23 - 2016-08-05 12:55 - 00000000 ____D C:\Users\Lukáš\AppData\Local\GitHub
2016-07-16 11:23 - 2016-07-16 11:23 - 00000000 ____D C:\Users\Lukáš\Documents\GitHub
2016-07-16 11:23 - 2016-07-16 11:23 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-07-16 11:19 - 2016-08-05 12:54 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Deployment
2016-07-16 11:19 - 2016-07-16 11:19 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Apps\2.0
2016-07-16 10:49 - 2016-05-16 23:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-16 10:49 - 2016-05-16 23:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-16 10:49 - 2016-05-16 23:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-16 10:49 - 2016-05-16 23:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-16 10:49 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-16 10:49 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-16 10:49 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-16 10:49 - 2016-05-14 00:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-16 10:49 - 2016-05-13 23:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-16 10:49 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-16 10:49 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-16 10:49 - 2016-05-12 18:24 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-07-16 10:49 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-16 10:49 - 2016-05-12 18:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-07-16 10:49 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-16 10:49 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-16 10:49 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-16 10:49 - 2016-05-12 17:48 - 00580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-07-16 10:49 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-16 10:49 - 2016-05-12 17:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-07-16 10:49 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-16 10:49 - 2016-05-09 23:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-07-16 10:49 - 2016-05-09 22:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-07-16 10:49 - 2016-05-09 22:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-07-16 10:49 - 2016-05-09 22:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-07-16 10:49 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-16 10:49 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-16 10:49 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-07-16 10:49 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-07-16 10:49 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-16 10:49 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-16 10:49 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-16 10:49 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-16 10:49 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-16 10:49 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-16 10:49 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-16 10:49 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-16 10:49 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-16 10:49 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-16 10:49 - 2016-02-02 20:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-07-16 10:49 - 2016-01-21 21:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-07-16 10:49 - 2016-01-21 20:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-07-16 10:49 - 2015-12-03 21:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-07-16 10:49 - 2015-12-03 20:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-07-16 10:49 - 2015-10-13 19:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-07-16 10:49 - 2015-10-13 19:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-07-16 10:49 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2016-07-16 10:49 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2016-07-16 10:49 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2016-07-16 10:49 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2016-07-16 10:49 - 2014-10-31 06:50 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2016-07-16 10:49 - 2014-10-31 05:30 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2016-07-16 10:49 - 2014-10-31 05:23 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2016-07-16 10:49 - 2014-10-31 05:22 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2016-07-16 10:49 - 2014-10-31 05:18 - 04840960 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2016-07-16 10:49 - 2014-10-31 05:09 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2016-07-16 10:49 - 2014-10-31 04:12 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2016-07-16 10:48 - 2016-06-25 22:05 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-16 10:48 - 2016-06-25 20:13 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-16 10:48 - 2016-06-25 18:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-16 10:48 - 2016-06-25 18:15 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-16 10:48 - 2016-06-25 18:13 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-16 10:48 - 2016-06-25 18:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-16 10:48 - 2016-06-22 15:48 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-16 10:48 - 2016-06-21 15:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-16 10:48 - 2016-06-21 15:48 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-16 10:48 - 2016-06-21 15:48 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-16 10:48 - 2016-06-21 15:48 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-16 10:48 - 2016-06-21 15:48 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-16 10:48 - 2016-06-21 15:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-16 10:48 - 2016-06-21 15:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-16 10:48 - 2016-06-11 21:45 - 07445856 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-16 10:48 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-07-16 10:48 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-07-16 10:48 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-16 10:48 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-07-16 10:48 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-07-16 10:48 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-16 10:48 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-16 10:48 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-16 10:48 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-07-16 10:48 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-07-16 10:48 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-16 10:48 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-16 10:48 - 2016-02-11 22:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-16 10:48 - 2016-02-11 22:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-16 10:48 - 2016-02-11 22:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-07-16 10:48 - 2016-02-11 22:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-16 10:48 - 2016-02-11 22:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-07-16 10:48 - 2016-02-11 22:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-16 10:48 - 2016-02-09 20:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-07-16 10:48 - 2016-02-09 03:31 - 22365472 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-16 10:48 - 2016-02-09 03:31 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-16 10:48 - 2016-02-09 03:31 - 02757616 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-16 10:48 - 2016-02-09 03:31 - 02412576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-07-16 10:48 - 2016-02-09 03:31 - 00273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-07-16 10:48 - 2016-02-08 22:55 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-07-16 10:48 - 2016-02-08 22:15 - 02551808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2016-07-16 10:48 - 2016-02-08 22:02 - 01197056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-07-16 10:48 - 2016-02-08 21:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-07-16 10:48 - 2016-02-08 21:40 - 00539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2016-07-16 10:48 - 2016-02-08 21:39 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2016-07-16 10:48 - 2016-02-08 21:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
2016-07-16 10:48 - 2016-02-08 21:35 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-07-16 10:48 - 2016-02-08 21:34 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-07-16 10:48 - 2016-02-08 21:33 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-07-16 10:48 - 2016-02-08 20:50 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-16 10:48 - 2016-02-08 19:55 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2016-07-16 10:48 - 2016-02-08 19:33 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-07-16 10:48 - 2016-02-08 19:02 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-07-16 10:48 - 2016-02-08 19:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2016-07-16 10:48 - 2016-02-08 18:58 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2016-07-16 10:48 - 2016-02-08 18:55 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
2016-07-16 10:48 - 2016-02-08 18:53 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-07-16 10:48 - 2016-02-08 18:53 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-07-16 10:48 - 2016-02-08 18:50 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-07-16 10:48 - 2016-02-08 18:50 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-07-16 10:48 - 2016-02-08 18:48 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-07-16 10:48 - 2016-02-08 18:47 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-07-16 10:48 - 2016-02-08 18:44 - 00955392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-07-16 10:48 - 2016-02-05 16:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-07-16 10:48 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2016-07-16 10:48 - 2016-02-03 17:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-07-16 10:48 - 2016-02-02 19:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-07-16 10:48 - 2016-02-02 19:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-07-16 10:48 - 2016-02-02 19:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2016-07-16 10:48 - 2016-02-02 19:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-07-16 10:48 - 2016-02-02 18:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-07-16 10:48 - 2016-02-02 18:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-07-16 10:48 - 2016-02-02 18:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2016-07-16 10:48 - 2016-02-02 18:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-07-16 10:48 - 2016-02-02 18:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-07-16 10:48 - 2016-01-30 21:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-07-16 10:48 - 2016-01-30 21:00 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2016-07-16 10:48 - 2016-01-30 20:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-07-16 10:48 - 2016-01-30 20:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2016-07-16 10:48 - 2016-01-30 19:48 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2016-07-16 10:48 - 2016-01-30 19:41 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-07-16 10:48 - 2016-01-27 17:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-07-16 10:48 - 2016-01-24 20:19 - 00419160 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-07-16 10:48 - 2016-01-24 20:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-07-16 10:48 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-07-16 10:48 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-07-16 10:48 - 2016-01-10 19:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-07-16 10:48 - 2016-01-10 19:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-07-16 10:48 - 2016-01-10 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-07-16 10:48 - 2016-01-10 19:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-07-16 10:48 - 2016-01-10 18:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-07-16 10:48 - 2016-01-10 18:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-07-16 10:48 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-07-16 10:48 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-07-16 10:48 - 2016-01-09 03:38 - 00091992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-07-16 10:48 - 2015-12-30 23:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-07-16 10:48 - 2015-12-05 07:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-07-16 10:48 - 2015-12-05 07:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-07-16 10:48 - 2015-12-05 07:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-07-16 10:48 - 2015-12-03 20:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-07-16 10:48 - 2015-12-03 20:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-07-16 10:48 - 2015-12-03 20:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-07-16 10:48 - 2015-12-03 20:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-07-16 10:48 - 2015-12-03 20:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-07-16 10:48 - 2015-12-03 19:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-07-16 10:48 - 2015-12-03 19:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-07-16 10:48 - 2015-12-03 19:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-07-16 10:48 - 2015-12-03 19:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-07-16 10:48 - 2015-12-03 19:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-07-16 10:48 - 2015-12-03 19:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-07-16 10:48 - 2015-12-03 19:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-07-16 10:48 - 2015-12-03 19:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-07-16 10:48 - 2015-12-03 19:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-07-16 10:48 - 2015-12-03 19:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-07-16 10:48 - 2015-12-03 18:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-07-16 10:48 - 2015-12-03 18:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-07-16 10:48 - 2015-12-02 17:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-16 10:48 - 2015-12-02 17:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-07-16 10:48 - 2015-11-05 10:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-07-16 10:48 - 2015-09-29 14:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-07-16 10:48 - 2015-09-04 21:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2016-07-16 10:48 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-07-16 10:48 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-07-16 10:48 - 2015-08-29 00:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-07-16 10:48 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-07-16 10:48 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-07-16 10:48 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-07-16 10:48 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-07-16 10:48 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-07-16 10:48 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-07-16 10:48 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-07-16 10:48 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-07-16 10:48 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2016-07-16 10:48 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-07-16 10:48 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-07-16 10:48 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-07-16 10:48 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2016-07-16 10:48 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2016-07-16 10:48 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2016-07-16 10:48 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-07-16 10:48 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-07-16 10:48 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2016-07-16 10:48 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2016-07-16 10:48 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2016-07-16 10:48 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-07-16 10:48 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-07-16 10:48 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2016-07-16 10:48 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2016-07-16 10:48 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-07-16 10:48 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-07-16 10:48 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-07-16 10:48 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-07-16 10:48 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2016-07-16 10:48 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-07-16 10:48 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-07-16 10:48 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2016-07-16 10:48 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2016-07-16 10:48 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2016-07-16 10:48 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2016-07-16 10:48 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2016-07-16 10:48 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2016-07-16 10:48 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2016-07-16 10:48 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-07-16 10:48 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-07-16 10:48 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll