Možné napadení z Facebooku, prosím o kontrolu

HAFcool · Příspěvekod **HAFcool** » 20 lis 2016 23:51

Zdravím,

prosím Vás, dneska mi od kamaráda přišla z FB zpráva, která s největší pravděpodobností obsahovala vir a nejsem si jistý, jestli jsem ho do PC nakonec dostal. Prosím teda o kontrolu.

Děkuji za Váš čas.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:59:33, on 20.11.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18525)

Boot mode: Normal

Running processes:
F:\AVAST\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
F:\DOWNLOAD CHROM\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\MSOFFI~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\AVAST\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "F:\AVAST\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MSOFFI~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\MSOFFI~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - F:\AVAST\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - F:\ORIGIN\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - F:\ORIGIN\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - F:\SKYPE\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8259 bytes

_______________________________________________________________

Poté jsem ještě udělal AFT Cleaner, TFC a logy AdwCleaneru a Malwarebytesu přikládám níže.

# AdwCleaner v6.030 - Log soubor vytvořen 21/11/2016 na 00:54:13
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-10-18.1 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Hafcool - HAFCOOL-PC
# Beží od : C:\Users\Hafcool\Desktop\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.

***** [ Adresáře ] *****

Nebyly nalezeny žádné škodlivé složky.

***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.

***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL soubory.

***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.

***** [ Zástupce ] *****

Žádné infikovaný zástupce nenalezen.

***** [ Plánovač úloh ] *****

Žádný nebezpečná úloha nenalezena.

***** [ Registry ] *****

Nebyly nalezeny žádné škodlivé položky registru.

***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox báze.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium báze.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1259 Bajtů] - [21/11/2016 00:54:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1333 Bajtů] ##########

_______________________________________________________________

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 21.11.2016
Čas skenování: 0:55
Protokol: 1.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.11.20.07
Databáze rootkitů: v2016.11.20.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Hafcool

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 302217
Uplynulý čas: 3 min, 1 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Reklama

Příspěvekod **jaro3** » 21 lis 2016 09:54

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY

64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

HAFcool · Příspěvekod **HAFcool** » 21 lis 2016 15:11

RogueKiller V12.8.2.0 (x64) [Nov 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Hafcool [Práva správce]
Started from : C:\Users\Hafcool\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 11/21/2016 14:56:52 (Duration : 00:11:36)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2375323567-1083510659-1160952978-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2375323567-1083510659-1160952978-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series ATA Device +++++
--- User ---
[MBR] e28e195613d6e6d54b76a245d01c228f
[BSP] 417bf8da3a56e9fd00a396f805fd7653 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1001FALS-00J7B1 ATA Device +++++
--- User ---
[MBR] 6dc805b91349cbfec24c2936c844e52a
[BSP] d043e37ed9f24ea0bec5c1322b905f1c : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD3200AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] 747f30c51994c3ef3d997784ad366cdc
[BSP] 927d9e1184cf8a8846180fe2fb3bf3ca : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive6: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Příspěvekod **jaro3** » 21 lis 2016 18:41

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

HAFcool · Příspěvekod **HAFcool** » 21 lis 2016 23:15

RogueKiller V12.8.2.0 (x64) [Nov 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Hafcool [Práva správce]
Started from : C:\Users\Hafcool\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 11/21/2016 22:23:53 (Duration : 00:11:31)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2375323567-1083510659-1160952978-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nahrazeno (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2375323567-1083510659-1160952978-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nahrazeno (http://search.msn.com/spbasic.htm)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series ATA Device +++++
--- User ---
[MBR] e28e195613d6e6d54b76a245d01c228f
[BSP] 417bf8da3a56e9fd00a396f805fd7653 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1001FALS-00J7B1 ATA Device +++++
--- User ---
[MBR] 6dc805b91349cbfec24c2936c844e52a
[BSP] d043e37ed9f24ea0bec5c1322b905f1c : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD3200AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] 747f30c51994c3ef3d997784ad366cdc
[BSP] 927d9e1184cf8a8846180fe2fb3bf3ca : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive6: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

------------------------------------------------------------------------------------------------------------------------

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Hafcool on po 21.11.2016 at 22:52:02,29.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Hafcool\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21.11.2016 22:52:42 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Google deleted successfully
C:\Users\Hafcool\AppData\Local\CrashDumps deleted successfully
C:\Users\Hafcool\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Hafcool\AppData\Local\EmieSiteList deleted successfully
C:\Users\Hafcool\AppData\Local\EmieUserList deleted successfully
C:\Users\Hafcool\AppData\Local\NCSOFT deleted successfully
C:\Users\Hafcool\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="F:\AVAST\SafePrice\FF" [24.08.2016 19:56]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="F:\AVAST\SafePrice\FF" [24.08.2016 19:56]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
daanglpcpkjjlkhcbladppjphglbigam - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - F:\AVAST\WebRep\Chrome\aswWebRepChrome.crx[]

Chrome Media Router - Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hafcool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=37 folders=30 28326012 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Hafcool\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Hafcool\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 21.11.2016 at 23:04:24,45 ======================

----------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 16-11-13.01 - Hafcool 21.11.2016 23:09:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.16255.13793 [GMT 1:00]
Spuštěný z: c:\users\Hafcool\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hafcool\AppData\Roaming\Microsoft\~DFKebd137.tmp
c:\users\Hafcool\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Hafcool\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\Hafcool\AppData\Roaming\Microsoft\bass.dll
c:\users\Hafcool\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Hafcool\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Hafcool\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Hafcool\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Hafcool\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\IsUn0405.exe
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-21 do 2016-11-21 )))))))))))))))))))))))))))))))
.
.
2016-11-21 22:12 . 2016-11-21 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-21 22:03 . 2016-11-21 21:51 24064 ----a-w- c:\windows\zoek-delete.exe
2016-11-21 22:03 . 2016-11-21 22:12 -------- d-----w- c:\users\Hafcool\AppData\Local\Temp
2016-11-21 21:51 . 2016-11-21 22:01 -------- d-----w- C:\zoek_backup
2016-11-21 14:41 . 2016-11-21 14:41 -------- d-----w- c:\users\Hafcool\AppData\Local\Adobe
2016-11-20 22:06 . 2016-11-20 22:06 -------- d-----w- c:\programdata\Sophos
2016-11-20 21:37 . 2016-11-20 21:37 -------- d-----w- c:\users\Hafcool\.oracle_jre_usage
2016-11-13 12:47 . 2016-11-13 12:47 -------- d-----w- c:\program files\iTunes
2016-11-13 12:47 . 2016-11-13 12:47 -------- d-----w- c:\program files\iPod
2016-11-08 03:21 . 2014-01-30 04:28 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-21 21:23 . 2014-11-16 19:56 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-21 00:19 . 2016-06-19 11:23 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-13 12:44 . 2013-09-21 20:23 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-13 12:44 . 2013-09-21 20:23 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-10 00:34 . 2013-08-19 22:17 141011376 -c--a-w- c:\windows\system32\MRT.exe
2016-10-13 07:55 . 2013-08-19 20:52 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-10-10 15:33 . 2016-11-09 07:19 345600 ----a-w- c:\windows\system32\schannel.dll
2016-10-10 15:33 . 2016-11-09 07:19 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-10-10 15:16 . 2016-11-09 07:19 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2016-10-10 15:16 . 2016-11-09 07:19 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-10-07 15:12 . 2016-11-09 07:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-09-23 21:11 . 2016-09-23 21:11 34818624 ----a-w- c:\windows\system32\nvoglv64.dll
2016-09-23 21:11 . 2016-09-23 21:11 28223544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-09-23 21:10 . 2016-09-23 21:10 14127040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-09-23 21:10 . 2016-09-23 21:10 446408 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2016-09-23 21:10 . 2016-09-23 21:10 397256 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2016-09-23 21:10 . 2016-09-23 21:10 952376 ----a-w- c:\windows\system32\NvIFR64.dll
2016-09-23 21:10 . 2016-09-23 21:10 903736 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-09-23 21:10 . 2016-09-23 21:10 63440 ----a-w- c:\windows\system32\nvhdap64.dll
2016-09-23 21:09 . 2016-09-23 21:09 1597392 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2016-09-23 21:09 . 2016-09-23 21:09 232016 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2016-09-23 21:09 . 2016-09-23 21:09 1029184 ----a-w- c:\windows\system32\NvFBC64.dll
2016-09-23 21:09 . 2016-09-23 21:09 965568 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-09-23 21:09 . 2016-09-23 21:09 1593792 ----a-w- c:\windows\system32\nvdispgenco6437290.dll
2016-09-23 21:09 . 2016-09-23 21:09 1931328 ----a-w- c:\windows\system32\nvdispco6437290.dll
2016-09-23 21:09 . 2016-09-23 21:09 3604536 ----a-w- c:\windows\system32\nvcuvid.dll
2016-09-23 21:09 . 2016-09-23 21:09 3169736 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-09-23 21:08 . 2016-09-23 21:08 40078912 ----a-w- c:\windows\system32\nvcompiler.dll
2016-09-23 21:08 . 2016-09-23 21:08 35189704 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-09-23 20:42 . 2016-01-21 18:04 20036576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-09-23 20:41 . 2016-09-23 20:41 421768 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-09-23 20:41 . 2016-09-23 20:41 10972208 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2016-09-23 20:41 . 2016-09-23 20:41 8964016 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2016-09-23 20:41 . 2016-09-23 20:41 10849640 ----a-w- c:\windows\system32\nvopencl.dll
2016-09-23 20:41 . 2016-09-23 20:41 141776 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2016-09-23 20:41 . 2015-06-15 16:30 190440 ----a-w- c:\windows\system32\nvinitx.dll
2016-09-23 20:41 . 2016-09-23 20:41 703736 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2016-09-23 20:41 . 2016-09-23 20:41 592032 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2016-09-23 20:41 . 2016-09-23 20:41 448624 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2016-09-23 20:41 . 2016-09-23 20:41 17626552 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-09-23 20:40 . 2016-09-23 20:40 10386152 ----a-w- c:\windows\system32\nvcuda.dll
2016-09-23 20:40 . 2016-09-23 20:40 8769088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-09-23 20:40 . 2016-01-29 20:17 3961016 ----a-w- c:\windows\system32\nvapi64.dll
2016-09-23 20:36 . 2016-09-23 20:36 17430888 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-09-23 20:36 . 2016-09-01 15:01 506864 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-09-23 20:35 . 2016-09-23 20:35 9179256 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-09-23 20:35 . 2016-09-23 20:35 534608 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2016-09-23 20:35 . 2016-09-23 20:35 3497712 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-09-23 20:35 . 2016-09-23 20:35 163456 ----a-w- c:\windows\system32\nvoglshim64.dll
2016-09-23 20:35 . 2016-09-23 20:35 14487936 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-09-23 20:35 . 2015-06-15 16:30 167736 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-09-22 18:56 . 2013-08-19 20:52 513632 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-16 22:57 . 2016-01-21 18:02 6385720 ----a-w- c:\windows\system32\nvcpl.dll
2016-09-16 22:57 . 2016-01-21 18:02 2475064 ----a-w- c:\windows\system32\nvsvc64.dll
2016-09-16 22:57 . 2016-01-21 18:05 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-09-16 22:57 . 2016-01-21 18:05 546752 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-09-16 22:57 . 2016-01-21 18:02 69568 ----a-w- c:\windows\system32\nvshext.dll
2016-09-16 22:57 . 2016-01-21 18:02 392128 ----a-w- c:\windows\system32\nvmctray.dll
2016-09-16 22:57 . 2016-01-21 18:02 1762752 ----a-w- c:\windows\system32\nvsvcr.dll
2016-09-16 22:57 . 2016-01-21 18:02 1364024 ----a-w- c:\windows\system32\nvvsvc.exe
2016-09-16 22:30 . 2016-10-12 10:54 134712 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2016-09-16 07:40 . 2016-01-21 18:02 7379415 ----a-w- c:\windows\system32\nvcoproc.bin
2016-09-13 19:40 . 2013-08-19 20:52 969184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-12 21:17 . 2016-10-12 08:35 77032 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-09-12 21:08 . 2016-10-12 08:35 107520 ----a-w- c:\windows\system32\adsmsext.dll
2016-09-12 21:08 . 2016-10-12 08:35 1226752 ----a-w- c:\windows\system32\aeinv.dll
2016-09-12 20:49 . 2016-10-12 08:35 76800 ----a-w- c:\windows\SysWow64\adsmsext.dll
2016-09-12 19:08 . 2016-10-12 08:35 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2016-09-12 18:43 . 2016-10-12 08:35 1180160 ----a-w- c:\windows\system32\FntCache.dll
2016-09-12 18:43 . 2016-10-12 08:35 1648128 ----a-w- c:\windows\system32\DWrite.dll
2016-09-10 06:55 . 2013-08-20 01:25 226680 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-09-09 18:25 . 2016-10-12 10:54 269600 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-09-09 18:25 . 2016-09-09 18:25 269600 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-26-0.dll
2016-09-09 18:25 . 2016-10-12 10:54 110880 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-09-09 18:25 . 2016-09-09 18:25 110880 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
2016-09-09 18:25 . 2016-10-12 10:54 261920 ----a-w- c:\windows\system32\vulkan-1.dll
2016-09-09 18:25 . 2016-09-09 18:25 261920 ----a-w- c:\windows\system32\vulkan-1-1-0-26-0.dll
2016-09-09 18:24 . 2016-10-12 10:54 125216 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-09-09 18:24 . 2016-09-09 18:24 125216 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-26-0.exe
2016-09-09 15:54 . 2016-10-12 08:35 586752 ----a-w- c:\windows\system32\generaltel.dll
2016-09-09 15:54 . 2016-10-12 08:35 314368 ----a-w- c:\windows\system32\invagent.dll
2016-09-09 15:54 . 2016-10-12 08:35 575488 ----a-w- c:\windows\system32\devinv.dll
2016-09-09 15:54 . 2016-10-12 08:35 273408 ----a-w- c:\windows\system32\centel.dll
2016-09-09 15:54 . 2016-10-12 08:35 224256 ----a-w- c:\windows\system32\aepic.dll
2016-09-09 15:54 . 2016-10-12 08:35 1629184 ----a-w- c:\windows\system32\appraiser.dll
2016-09-09 15:54 . 2016-10-12 08:35 129024 ----a-w- c:\windows\system32\acmigration.dll
2016-09-08 20:34 . 2016-10-12 08:35 263680 ----a-w- c:\windows\system32\WebClnt.dll
2016-09-08 20:34 . 2016-10-12 08:35 108544 ----a-w- c:\windows\system32\davclnt.dll
2016-09-08 20:34 . 2016-10-12 08:35 208896 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-09-08 20:34 . 2016-10-12 08:35 87040 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-09-08 15:52 . 2013-08-20 01:25 226680 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-09-08 15:29 . 2013-08-20 01:37 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-09-08 15:24 . 2013-08-20 01:25 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2016-09-08 14:55 . 2016-10-12 08:35 142336 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-09-08 14:55 . 2016-10-12 08:35 106496 ----a-w- c:\windows\system32\drivers\dfsc.sys
2016-08-29 15:31 . 2016-10-12 08:35 14183424 ----a-w- c:\windows\system32\shell32.dll
2016-08-29 15:31 . 2016-10-12 08:35 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-08-29 15:31 . 2016-10-12 08:35 1941504 ----a-w- c:\windows\system32\authui.dll
2016-08-29 15:12 . 2016-10-12 08:35 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-08-29 15:12 . 2016-10-12 08:35 1806848 ----a-w- c:\windows\SysWow64\authui.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="f:\avast\AvastUI.exe" [2016-11-15 9080768]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2016-10-05 67384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;f:\origin\OriginWebHelperService.exe;f:\origin\OriginWebHelperService.exe [x]
R2 SkypeUpdate;Skype Updater;f:\skype\Updater\Updater.exe;f:\skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Origin Client Service;Origin Client Service;f:\origin\OriginClientService.exe;f:\origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-20 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-13 12:44]
.
2016-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20 11:46]
.
2016-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20 11:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-24 18:56 1031520 ----a-w- f:\avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-11-01 176440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-11-21 23:13:45
ComboFix-quarantined-files.txt 2016-11-21 22:13
.
Před spuštěním: Volných bajtů: 46 813 212 672
Po spuštění: Volných bajtů: 46 634 950 656
.
- - End Of File - - DF25FEBD5545C60B7DE63B4E2A35B4A6
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 22 lis 2016 10:14

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
f:\skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

DDS::
uInternet Settings,ProxyOverride = *.local

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

HAFcool · Příspěvekod **HAFcool** » 22 lis 2016 14:32

ComboFix 16-11-13.01 - Hafcool 22.11.2016 14:18:11.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.16255.13716 [GMT 1:00]
Spuštěný z: c:\users\Hafcool\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Hafcool\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.31.5\goopdate.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.31.5\psmachine.dll
c:\program files (x86)\Google\Update\1.3.31.5\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.31.5\psuser.dll
c:\program files (x86)\Google\Update\1.3.31.5\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.31.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\54.0.2840.99\54.0.2840.99_54.0.2840.71_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
f:\skype\Updater
f:\skype\Updater\Updater.dll
f:\skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-22 do 2016-11-22 )))))))))))))))))))))))))))))))
.
.
2016-11-22 13:20 . 2016-11-22 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-21 22:03 . 2016-11-21 21:51 24064 ----a-w- c:\windows\zoek-delete.exe
2016-11-21 22:03 . 2016-11-22 13:21 -------- d-----w- c:\users\Hafcool\AppData\Local\Temp
2016-11-21 21:51 . 2016-11-21 22:01 -------- d-----w- C:\zoek_backup
2016-11-21 14:41 . 2016-11-21 14:41 -------- d-----w- c:\users\Hafcool\AppData\Local\Adobe
2016-11-20 22:06 . 2016-11-20 22:06 -------- d-----w- c:\programdata\Sophos
2016-11-20 21:37 . 2016-11-20 21:37 -------- d-----w- c:\users\Hafcool\.oracle_jre_usage
2016-11-13 12:47 . 2016-11-13 12:47 -------- d-----w- c:\program files\iTunes
2016-11-13 12:47 . 2016-11-13 12:47 -------- d-----w- c:\program files\iPod
2016-11-08 03:21 . 2014-01-30 04:28 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-21 21:23 . 2014-11-16 19:56 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-21 00:19 . 2016-06-19 11:23 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-13 12:44 . 2013-09-21 20:23 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-13 12:44 . 2013-09-21 20:23 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-10 00:34 . 2013-08-19 22:17 141011376 -c--a-w- c:\windows\system32\MRT.exe
2016-10-13 07:55 . 2013-08-19 20:52 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-10-10 15:33 . 2016-11-09 07:19 345600 ----a-w- c:\windows\system32\schannel.dll
2016-10-10 15:33 . 2016-11-09 07:19 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-10-10 15:16 . 2016-11-09 07:19 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2016-10-10 15:16 . 2016-11-09 07:19 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-10-07 15:12 . 2016-11-09 07:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-09-23 21:11 . 2016-09-23 21:11 34818624 ----a-w- c:\windows\system32\nvoglv64.dll
2016-09-23 21:11 . 2016-09-23 21:11 28223544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-09-23 21:10 . 2016-09-23 21:10 14127040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-09-23 21:10 . 2016-09-23 21:10 446408 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2016-09-23 21:10 . 2016-09-23 21:10 397256 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2016-09-23 21:10 . 2016-09-23 21:10 952376 ----a-w- c:\windows\system32\NvIFR64.dll
2016-09-23 21:10 . 2016-09-23 21:10 903736 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-09-23 21:10 . 2016-09-23 21:10 63440 ----a-w- c:\windows\system32\nvhdap64.dll
2016-09-23 21:09 . 2016-09-23 21:09 1597392 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2016-09-23 21:09 . 2016-09-23 21:09 232016 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2016-09-23 21:09 . 2016-09-23 21:09 1029184 ----a-w- c:\windows\system32\NvFBC64.dll
2016-09-23 21:09 . 2016-09-23 21:09 965568 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-09-23 21:09 . 2016-09-23 21:09 1593792 ----a-w- c:\windows\system32\nvdispgenco6437290.dll
2016-09-23 21:09 . 2016-09-23 21:09 1931328 ----a-w- c:\windows\system32\nvdispco6437290.dll
2016-09-23 21:09 . 2016-09-23 21:09 3604536 ----a-w- c:\windows\system32\nvcuvid.dll
2016-09-23 21:09 . 2016-09-23 21:09 3169736 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-09-23 21:08 . 2016-09-23 21:08 40078912 ----a-w- c:\windows\system32\nvcompiler.dll
2016-09-23 21:08 . 2016-09-23 21:08 35189704 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-09-23 20:42 . 2016-01-21 18:04 20036576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-09-23 20:41 . 2016-09-23 20:41 421768 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-09-23 20:41 . 2016-09-23 20:41 10972208 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2016-09-23 20:41 . 2016-09-23 20:41 8964016 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2016-09-23 20:41 . 2016-09-23 20:41 10849640 ----a-w- c:\windows\system32\nvopencl.dll
2016-09-23 20:41 . 2016-09-23 20:41 141776 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2016-09-23 20:41 . 2015-06-15 16:30 190440 ----a-w- c:\windows\system32\nvinitx.dll
2016-09-23 20:41 . 2016-09-23 20:41 703736 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2016-09-23 20:41 . 2016-09-23 20:41 592032 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2016-09-23 20:41 . 2016-09-23 20:41 448624 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2016-09-23 20:41 . 2016-09-23 20:41 17626552 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-09-23 20:40 . 2016-09-23 20:40 10386152 ----a-w- c:\windows\system32\nvcuda.dll
2016-09-23 20:40 . 2016-09-23 20:40 8769088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-09-23 20:40 . 2016-01-29 20:17 3961016 ----a-w- c:\windows\system32\nvapi64.dll
2016-09-23 20:36 . 2016-09-23 20:36 17430888 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-09-23 20:36 . 2016-09-01 15:01 506864 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-09-23 20:35 . 2016-09-23 20:35 9179256 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-09-23 20:35 . 2016-09-23 20:35 534608 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2016-09-23 20:35 . 2016-09-23 20:35 3497712 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-09-23 20:35 . 2016-09-23 20:35 163456 ----a-w- c:\windows\system32\nvoglshim64.dll
2016-09-23 20:35 . 2016-09-23 20:35 14487936 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-09-23 20:35 . 2015-06-15 16:30 167736 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-09-22 18:56 . 2013-08-19 20:52 513632 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-16 22:57 . 2016-01-21 18:02 6385720 ----a-w- c:\windows\system32\nvcpl.dll
2016-09-16 22:57 . 2016-01-21 18:02 2475064 ----a-w- c:\windows\system32\nvsvc64.dll
2016-09-16 22:57 . 2016-01-21 18:05 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-09-16 22:57 . 2016-01-21 18:05 546752 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-09-16 22:57 . 2016-01-21 18:02 69568 ----a-w- c:\windows\system32\nvshext.dll
2016-09-16 22:57 . 2016-01-21 18:02 392128 ----a-w- c:\windows\system32\nvmctray.dll
2016-09-16 22:57 . 2016-01-21 18:02 1762752 ----a-w- c:\windows\system32\nvsvcr.dll
2016-09-16 22:57 . 2016-01-21 18:02 1364024 ----a-w- c:\windows\system32\nvvsvc.exe
2016-09-16 22:30 . 2016-10-12 10:54 134712 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2016-09-16 07:40 . 2016-01-21 18:02 7379415 ----a-w- c:\windows\system32\nvcoproc.bin
2016-09-13 19:40 . 2013-08-19 20:52 969184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-12 21:17 . 2016-10-12 08:35 77032 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-09-12 21:08 . 2016-10-12 08:35 107520 ----a-w- c:\windows\system32\adsmsext.dll
2016-09-12 21:08 . 2016-10-12 08:35 1226752 ----a-w- c:\windows\system32\aeinv.dll
2016-09-12 20:49 . 2016-10-12 08:35 76800 ----a-w- c:\windows\SysWow64\adsmsext.dll
2016-09-12 19:08 . 2016-10-12 08:35 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2016-09-12 18:43 . 2016-10-12 08:35 1180160 ----a-w- c:\windows\system32\FntCache.dll
2016-09-12 18:43 . 2016-10-12 08:35 1648128 ----a-w- c:\windows\system32\DWrite.dll
2016-09-10 06:55 . 2013-08-20 01:25 226680 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-09-09 18:25 . 2016-10-12 10:54 269600 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-09-09 18:25 . 2016-09-09 18:25 269600 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-26-0.dll
2016-09-09 18:25 . 2016-10-12 10:54 110880 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-09-09 18:25 . 2016-09-09 18:25 110880 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
2016-09-09 18:25 . 2016-10-12 10:54 261920 ----a-w- c:\windows\system32\vulkan-1.dll
2016-09-09 18:25 . 2016-09-09 18:25 261920 ----a-w- c:\windows\system32\vulkan-1-1-0-26-0.dll
2016-09-09 18:24 . 2016-10-12 10:54 125216 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-09-09 18:24 . 2016-09-09 18:24 125216 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-26-0.exe
2016-09-09 15:54 . 2016-10-12 08:35 586752 ----a-w- c:\windows\system32\generaltel.dll
2016-09-09 15:54 . 2016-10-12 08:35 314368 ----a-w- c:\windows\system32\invagent.dll
2016-09-09 15:54 . 2016-10-12 08:35 575488 ----a-w- c:\windows\system32\devinv.dll
2016-09-09 15:54 . 2016-10-12 08:35 273408 ----a-w- c:\windows\system32\centel.dll
2016-09-09 15:54 . 2016-10-12 08:35 224256 ----a-w- c:\windows\system32\aepic.dll
2016-09-09 15:54 . 2016-10-12 08:35 1629184 ----a-w- c:\windows\system32\appraiser.dll
2016-09-09 15:54 . 2016-10-12 08:35 129024 ----a-w- c:\windows\system32\acmigration.dll
2016-09-08 20:34 . 2016-10-12 08:35 263680 ----a-w- c:\windows\system32\WebClnt.dll
2016-09-08 20:34 . 2016-10-12 08:35 108544 ----a-w- c:\windows\system32\davclnt.dll
2016-09-08 20:34 . 2016-10-12 08:35 208896 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-09-08 20:34 . 2016-10-12 08:35 87040 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-09-08 15:52 . 2013-08-20 01:25 226680 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-09-08 15:29 . 2013-08-20 01:37 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-09-08 15:24 . 2013-08-20 01:25 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2016-09-08 14:55 . 2016-10-12 08:35 142336 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-09-08 14:55 . 2016-10-12 08:35 106496 ----a-w- c:\windows\system32\drivers\dfsc.sys
2016-08-29 15:31 . 2016-10-12 08:35 14183424 ----a-w- c:\windows\system32\shell32.dll
2016-08-29 15:31 . 2016-10-12 08:35 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-08-29 15:31 . 2016-10-12 08:35 1941504 ----a-w- c:\windows\system32\authui.dll
2016-08-29 15:12 . 2016-10-12 08:35 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-08-29 15:12 . 2016-10-12 08:35 1806848 ----a-w- c:\windows\SysWow64\authui.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="f:\avast\AvastUI.exe" [2016-11-15 9080768]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2016-10-05 67384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;f:\origin\OriginWebHelperService.exe;f:\origin\OriginWebHelperService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Origin Client Service;Origin Client Service;f:\origin\OriginClientService.exe;f:\origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-20 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-13 12:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-24 18:56 1031520 ----a-w- f:\avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-11-01 176440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
f:\avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2016-11-22 14:26:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-22 13:26
ComboFix2.txt 2016-11-21 22:13
.
Před spuštěním: Volných bajtů: 45 842 796 544
Po spuštění: Volných bajtů: 45 551 919 104
.
- - End Of File - - 4893DAA279384CB6C5DBFA5BCE59A9F9
A36C5E4F47E84449FF07ED3517B43A31

______________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:31:22, on 22.11.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18525)

Boot mode: Normal

Running processes:
C:\Users\Hafcool\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\MSOFFI~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\AVAST\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "F:\AVAST\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MSOFFI~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\MSOFFI~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - F:\AVAST\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - F:\ORIGIN\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - F:\ORIGIN\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7242 bytes

_________________________________________________________________________________________________________

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-11-22 14:29:08
-----------------------------
14:29:08.320 OS Version: Windows x64 6.1.7601 Service Pack 1
14:29:08.320 Number of processors: 4 586 0x3C03
14:29:08.320 ComputerName: HAFCOOL-PC UserName: Hafcool
14:29:08.461 Initialize success
14:29:08.461 VM: initialized successfully
14:29:08.461 VM: Intel CPU supported virtualized
14:29:11.147 VM: not used
14:29:19.493 AVAST engine defs: 16112200
14:29:25.749 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:29:25.749 Disk 0 Vendor: Samsung_SSD_840_Series DXT07B0Q Size: 114473MB BusType: 11
14:29:25.764 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
14:29:25.764 Disk 1 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 11
14:29:25.764 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
14:29:25.780 Disk 2 Vendor: WDC_WD3200AAKS-00V1A0 05.01D05 Size: 305245MB BusType: 11
14:29:25.780 Disk 0 MBR read successfully
14:29:25.780 Disk 0 MBR scan
14:29:25.795 Disk 0 Windows 7 default MBR code
14:29:25.795 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:29:25.795 Disk 0 default boot code
14:29:25.811 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
14:29:25.827 Disk 0 scanning C:\Windows\system32\drivers
14:29:28.635 Service scanning
14:29:32.893 Modules scanning
14:29:32.893 Disk 0 trace - called modules:
14:29:32.909 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:29:32.925 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d3b6060]
14:29:32.925 3 CLASSPNP.SYS[fffff8800193743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800d19c060]
14:29:33.034 AVAST engine scan C:\Windows
14:29:33.377 AVAST engine scan C:\Windows\system32
14:30:10.115 AVAST engine scan C:\Windows\system32\drivers
14:30:12.174 AVAST engine scan C:\Users\Hafcool
14:30:33.874 File: C:\Users\Hafcool\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
14:30:34.591 AVAST engine scan C:\ProgramData
14:30:43.749 Disk 0 statistics 4015649/0/0 @ 61,66 MB/s
14:30:43.764 Scan finished successfully
14:30:53.686 Disk 0 MBR has been saved successfully to "C:\Users\Hafcool\Desktop\MBR.dat"
14:30:53.686 The log file has been saved successfully to "C:\Users\Hafcool\Desktop\aswMBR.txt"

Příspěvekod **jaro3** » 22 lis 2016 19:08

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

HAFcool · Příspěvekod **HAFcool** » 22 lis 2016 21:45

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Hafcool (Administrator) on Łt 22.11.2016 at 21:43:32,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 22.11.2016 at 21:44:49,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

__________________________________________________________________________________________________________

# DelFix v1.013 - Logfile created 22/11/2016 at 21:45:30
# Updated 17/04/2016 by Xplode
# Username : Hafcool - HAFCOOL-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Users\Hafcool\Desktop\JRT.exe
Deleted : C:\Users\Hafcool\Desktop\JRT.txt

~ Cleaning system restore ...

Deleted : RP #491 [End of disinfection | 11/22/2016 20:38:24]
Deleted : RP #492 [JRT Pre-Junkware Removal | 11/22/2016 20:41:45]
Deleted : RP #493 [JRT Pre-Junkware Removal | 11/22/2016 20:43:33]

New restore point created !

########## - EOF - ##########

Problémy žádné, počítač funguje jak má. Ovšem, na HDD se mi objevilo několik složek s divnými názvy (d80854d794b2942172, MSOCache, $RECYCLE.BIN atp...). Dříve tam nebyly.

Příspěvekod **jaro3** » 22 lis 2016 22:20

V možnostech složky si zakaž zobrazování skrytých souborů a složek+ dej zatržítko skrýt chráněné soubory operačního systému

pokud nezmizí:

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

HAFcool · Příspěvekod **HAFcool** » 22 lis 2016 23:06

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by Hafcool (administrator) on HAFCOOL-PC (22-11-2016 22:42:37)
Running from C:\Users\Hafcool\Desktop
Loaded Profiles: Hafcool (Available Profiles: Hafcool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AVAST Software) F:\AVAST\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software) F:\AVAST\avastui.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5296\Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => F:\AVAST\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2375323567-1083510659-1160952978-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [190440 2016-09-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [167736 2016-09-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => F:\AVAST\ashShA64.dll [2016-08-24] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => F:\MS OFFICE\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => F:\MS OFFICE\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => F:\MS OFFICE\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => F:\MS OFFICE\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => F:\MS OFFICE\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5BF1B200-D805-472D-9F35-A077BFFEB90E}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2375323567-1083510659-1160952978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2375323567-1083510659-1160952978-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-2375323567-1083510659-1160952978-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> F:\AVAST\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> F:\MS OFFICE\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> F:\AVAST\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\MS OFFICE\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - F:\AVAST\WebRep\FF
FF Extension: (Avast Online Security) - F:\AVAST\WebRep\FF [2016-08-24]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - F:\AVAST\SafePrice\FF
FF Extension: (Avast SafePrice) - F:\AVAST\SafePrice\FF [2016-08-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - F:\AVAST\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - F:\AVAST\SafePrice\FF
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Windows\system32\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-08-19] (Microsoft Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-08-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default [2016-11-22]
CHR Extension: (Prezentace Google) - C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-21]
CHR Extension: (Dokumenty Google) - C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-21]
CHR Extension: (Disk Google) - C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-21]
CHR Extension: (YouTube) - C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-21]
CHR Extension: (Tabulky Google) - C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-21]
CHR Extension: (Gmail) - C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\Hafcool\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-21]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; F:\AVAST\AvastSvc.exe [197128 2016-08-24] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Microsoft Office Groove Audit Service; F:\MS OFFICE\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
S3 Origin Client Service; F:\ORIGIN\OriginClientService.exe [2142728 2016-11-01] (Electronic Arts)
S2 Origin Web Helper Service; F:\ORIGIN\OriginWebHelperService.exe [2209296 2016-11-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-05-22] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-09-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-15] (Disc Soft Ltd)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-22 22:42 - 2016-11-22 22:42 - 00014474 _____ C:\Users\Hafcool\Desktop\FRST.txt
2016-11-22 22:42 - 2016-11-22 22:42 - 00000000 ____D C:\FRST
2016-11-22 22:41 - 2016-11-22 22:41 - 02412544 _____ (Farbar) C:\Users\Hafcool\Desktop\FRST64.exe
2016-11-22 21:39 - 2016-11-22 21:39 - 00001066 _____ C:\Users\Hafcool\Desktop\DD.txt
2016-11-22 17:58 - 2016-11-22 17:58 - 00000000 ____D C:\Users\Hafcool\AppData\Local\Apple Computer
2016-11-21 23:08 - 2016-11-22 20:51 - 00000000 ____D C:\Windows\erdnt
2016-11-21 23:03 - 2016-11-21 22:51 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-11-21 15:41 - 2016-11-21 15:41 - 00000000 ____D C:\Users\Hafcool\AppData\Local\Adobe
2016-11-20 23:06 - 2016-11-20 23:06 - 00000000 ____D C:\ProgramData\Sophos
2016-11-20 23:05 - 2016-11-20 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-11-20 22:37 - 2016-11-20 22:37 - 00000000 ____D C:\Users\Hafcool\.oracle_jre_usage
2016-11-13 13:47 - 2016-11-13 13:47 - 00000000 ____D C:\Program Files\iTunes
2016-11-13 13:47 - 2016-11-13 13:47 - 00000000 ____D C:\Program Files\iPod
2016-11-09 08:19 - 2016-11-02 16:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 08:19 - 2016-11-02 16:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 08:19 - 2016-11-02 16:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 08:19 - 2016-11-02 16:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 08:19 - 2016-11-02 16:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 08:19 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-09 08:19 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-09 08:19 - 2016-11-02 16:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-09 08:19 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-09 08:19 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-09 08:19 - 2016-10-28 04:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 08:19 - 2016-10-28 04:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-09 08:19 - 2016-10-27 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 08:19 - 2016-10-27 20:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 08:19 - 2016-10-27 19:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 08:19 - 2016-10-27 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 08:19 - 2016-10-27 19:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 08:19 - 2016-10-27 19:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 08:19 - 2016-10-27 19:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 08:19 - 2016-10-27 19:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 08:19 - 2016-10-27 19:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 08:19 - 2016-10-27 19:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 08:19 - 2016-10-27 19:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 08:19 - 2016-10-27 19:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 08:19 - 2016-10-27 19:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 08:19 - 2016-10-27 19:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 08:19 - 2016-10-27 19:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 08:19 - 2016-10-27 19:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 08:19 - 2016-10-27 19:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 08:19 - 2016-10-27 19:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 08:19 - 2016-10-27 19:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 08:19 - 2016-10-27 19:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 08:19 - 2016-10-27 19:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 08:19 - 2016-10-27 19:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 08:19 - 2016-10-27 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 08:19 - 2016-10-27 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 08:19 - 2016-10-27 19:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 08:19 - 2016-10-27 18:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 08:19 - 2016-10-27 18:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 08:19 - 2016-10-27 18:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 08:19 - 2016-10-27 18:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 08:19 - 2016-10-27 18:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 08:19 - 2016-10-27 18:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 08:19 - 2016-10-27 18:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 08:19 - 2016-10-27 18:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 08:19 - 2016-10-27 17:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 08:19 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-09 08:19 - 2016-10-25 16:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 08:19 - 2016-10-22 18:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-09 08:19 - 2016-10-22 18:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-09 08:19 - 2016-10-22 18:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-09 08:19 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-09 08:19 - 2016-10-22 18:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-09 08:19 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-09 08:19 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-09 08:19 - 2016-10-22 18:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-09 08:19 - 2016-10-22 18:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-09 08:19 - 2016-10-22 18:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-09 08:19 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-09 08:19 - 2016-10-22 18:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-09 08:19 - 2016-10-22 18:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-09 08:19 - 2016-10-22 18:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-09 08:19 - 2016-10-22 18:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-09 08:19 - 2016-10-22 18:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-09 08:19 - 2016-10-22 17:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-09 08:19 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-09 08:19 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-09 08:19 - 2016-10-22 17:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-09 08:19 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-09 08:19 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-09 08:19 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-09 08:19 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-09 08:19 - 2016-10-22 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-09 08:19 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-09 08:19 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-09 08:19 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-09 08:19 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-09 08:19 - 2016-10-15 16:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 08:19 - 2016-10-15 16:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 08:19 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-09 08:19 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-09 08:19 - 2016-10-11 16:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 08:19 - 2016-10-11 16:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 08:19 - 2016-10-11 16:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 08:19 - 2016-10-11 16:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 08:19 - 2016-10-11 16:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 08:19 - 2016-10-11 16:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 08:19 - 2016-10-11 16:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 08:19 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 08:19 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 08:19 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 08:19 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 08:19 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 08:19 - 2016-10-11 16:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 08:19 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-09 08:19 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-09 08:19 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-09 08:19 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-09 08:19 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-09 08:19 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-09 08:19 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-09 08:19 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-09 08:19 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-09 08:19 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-09 08:19 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-09 08:19 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-09 08:19 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-09 08:19 - 2016-10-11 14:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 08:19 - 2016-10-10 16:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 08:19 - 2016-10-10 16:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 08:19 - 2016-10-10 16:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 08:19 - 2016-10-10 16:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 08:19 - 2016-10-10 16:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 08:19 - 2016-10-10 16:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 08:19 - 2016-10-10 16:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-09 08:19 - 2016-10-10 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-09 08:19 - 2016-10-10 16:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 08:19 - 2016-10-10 15:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 08:19 - 2016-10-10 15:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 08:19 - 2016-10-10 15:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 08:19 - 2016-10-10 15:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 08:19 - 2016-10-10 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-09 08:19 - 2016-10-10 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-09 08:19 - 2016-10-07 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-09 08:19 - 2016-10-07 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 08:19 - 2016-10-07 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-09 08:19 - 2016-10-07 16:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-09 08:19 - 2016-10-07 16:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-09 08:19 - 2016-10-07 16:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 16:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 08:19 - 2016-10-07 16:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 08:19 - 2016-10-07 16:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 08:19 - 2016-10-07 16:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-09 08:19 - 2016-10-07 16:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 08:19 - 2016-10-07 15:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 08:19 - 2016-10-07 15:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-09 08:19 - 2016-10-07 15:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-09 08:19 - 2016-10-07 15:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-09 08:19 - 2016-10-07 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-09 08:19 - 2016-10-07 15:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 15:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 15:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 08:19 - 2016-10-07 15:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-09 08:19 - 2016-10-05 15:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 08:19 - 2016-09-15 15:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 08:19 - 2016-09-13 16:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 08:19 - 2016-09-13 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-09 08:19 - 2016-09-09 19:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-09 08:19 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-09 08:19 - 2016-08-22 17:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-08 04:47 - 2016-11-08 04:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2016-11-08 04:21 - 2014-01-30 05:28 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-22 22:42 - 2016-02-14 09:46 - 00000000 ____D C:\Users\Hafcool\AppData\Roaming\vlc
2016-11-22 22:40 - 2016-08-30 02:38 - 00000000 ____D C:\Users\Hafcool\AppData\Local\Battle.net
2016-11-22 21:44 - 2009-07-14 05:45 - 00027408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-22 21:44 - 2009-07-14 05:45 - 00027408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-22 21:36 - 2016-01-21 19:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-22 21:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-22 21:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-22 14:24 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-11-22 14:18 - 2013-08-19 21:52 - 00004122 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-21 22:23 - 2014-11-16 20:56 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-21 15:12 - 2014-11-16 20:56 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-21 01:19 - 2016-06-19 12:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-20 22:37 - 2013-08-20 03:12 - 00000000 ____D C:\Users\Hafcool
2016-11-20 01:01 - 2016-06-20 12:36 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-18 22:09 - 2016-06-20 13:00 - 00047104 ___SH C:\Users\Hafcool\AppData\Roaming\Thumbs.db
2016-11-14 23:04 - 2016-06-20 12:47 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-13 13:47 - 2013-09-03 01:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-13 13:44 - 2016-06-20 12:36 - 00003960 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-13 13:44 - 2013-09-21 21:23 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-13 13:44 - 2013-09-21 21:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-13 13:44 - 2013-09-21 21:23 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-13 13:44 - 2013-09-21 21:23 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-11 13:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-11-10 13:40 - 2014-12-25 12:53 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-10 13:27 - 2009-07-14 05:45 - 00437432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-10 01:38 - 2013-08-19 23:17 - 00000000 ____D C:\Windows\system32\MRT
2016-11-10 01:34 - 2013-08-19 23:17 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 04:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-01 13:56 - 2015-10-27 04:33 - 00000000 ____D C:\Users\Hafcool\AppData\Roaming\Origin
2016-11-01 13:56 - 2013-08-20 01:56 - 00000000 ____D C:\ProgramData\Origin
2016-10-31 17:04 - 2013-08-20 03:36 - 00000000 ____D C:\Users\Hafcool\AppData\Local\Google

==================== Files in the root of some directories =======

2016-06-20 13:00 - 2016-06-20 13:00 - 0001273 _____ () C:\Users\Hafcool\AppData\Roaming\Roaming – zástupce.lnk
2016-06-20 13:00 - 2016-11-18 22:09 - 0047104 ___SH () C:\Users\Hafcool\AppData\Roaming\Thumbs.db
2014-11-10 23:33 - 2016-09-23 21:49 - 0005120 _____ () C:\Users\Hafcool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-16 16:05 - 2014-03-16 16:05 - 0003318 _____ () C:\Users\Hafcool\AppData\Local\recently-used.xbel
2013-08-25 17:41 - 2016-08-26 20:03 - 0007602 _____ () C:\Users\Hafcool\AppData\Local\Resmon.ResmonCfg
2014-07-28 23:54 - 2014-07-28 23:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-14 14:26

==================== End of FRST.txt ============================

HAFcool · Příspěvekod **HAFcool** » 22 lis 2016 23:07

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by Hafcool (22-11-2016 22:42:51)
Running from C:\Users\Hafcool\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-20 02:12:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2375323567-1083510659-1160952978-500 - Administrator - Disabled)
Guest (S-1-5-21-2375323567-1083510659-1160952978-501 - Limited - Disabled)
Hafcool (S-1-5-21-2375323567-1083510659-1160952978-1000 - Administrator - Enabled) => C:\Users\Hafcool
HomeGroupUser$ (S-1-5-21-2375323567-1083510659-1160952978-1063 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B14.0603.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B14.0603.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: - Electronic Arts)
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.4.0.10 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrystalDiskInfo 6.5.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenIV (HKU\S-1-5-21-2375323567-1083510659-1160952978-1000\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team)
Origin (HKLM-x32\...\Origin) (Version: 10.2.1.38915 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 372.90 (Version: 372.90 - NVIDIA Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Sherlock Holmes Crimes and Punishments (HKLM-x32\...\Sherlock Holmes Crimes and Punishments_is1) (Version: - )
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Smart Port Forwarding (HKLM-x32\...\Smart Port Forwarding) (Version: 1.0.0.1 - Brooks Younce Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11854F17-19AF-418F-B745-0E5E9B3459B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {29E2F6B1-BA08-425B-AF8E-3A2460452719} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3AC65CF8-7314-4290-9479-251AEDB4E278} - System32\Tasks\SafeZone scheduled Autoupdate 1458684335 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {4E892A16-3131-46C1-A856-0CAA531D8C46} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {81A09DAA-C744-4C27-BEFB-F87610A18BE6} - System32\Tasks\{B064D64F-38E4-4ABC-A995-4D76B21A0321} => D:\setup.exe
Task: {A41DC147-BBA9-496D-BC73-4CC7F04C1D2F} - System32\Tasks\{4A13495D-52AE-4BA4-90D2-44B1A5AB2F16} => pcalua.exe -a "F:\DOWNLOAD CHROM\Dev-Cpp 5_5_2_x64_Setup.exe" -d "F:\DOWNLOAD CHROM"
Task: {D1C5E13E-4618-404A-8CD9-8CF76A51F87B} - System32\Tasks\CCleanerSkipUAC => F:\CCLEANER\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {DC19CEF9-FFFA-4125-81CD-534C3F56D62F} - System32\Tasks\avast! Emergency Update => F:\AVAST\AvastEmUpdate.exe [2016-08-24] (AVAST Software)
Task: {DC9617B4-5C2F-4DF6-B2EC-ACC6DCC35C43} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-13] (Adobe Systems Incorporated)
Task: {DFC2E659-2A67-4715-BFB6-ACF78D2D13F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {EA19A19F-98A2-43C5-B940-D780CE9FD8B9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-05] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-20 02:25 - 2016-09-08 16:24 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-01-21 19:02 - 2016-09-16 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-24 19:56 - 2016-08-24 19:56 - 00169064 _____ () F:\AVAST\JsonRpcServer.dll
2016-11-22 14:10 - 2016-11-22 14:10 - 03129808 _____ () F:\AVAST\defs\16112200\algo.dll
2016-08-24 19:56 - 2016-08-24 19:56 - 00482928 _____ () F:\AVAST\ffl2.dll
2016-06-30 19:30 - 2016-06-30 19:30 - 48936448 _____ () F:\AVAST\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-11-22 14:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2375323567-1083510659-1160952978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hafcool\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: DAEMON Tools Lite => "F:\DEAMON\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "F:\MS OFFICE\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5A55AB44-3B98-4E3B-9FD9-CD28B93E634C}] => (Allow) F:\STEAM\Steam.exe
FirewallRules: [{295B1703-0B69-47E8-8FA7-85E5042098AE}] => (Allow) F:\STEAM\Steam.exe
FirewallRules: [{49A7374F-BABE-4FAE-80FC-C439D1CA8BF0}] => (Allow) F:\STEAM\Steam.exe
FirewallRules: [{BDBF097E-BEB4-4B95-AFEB-1D9957F48942}] => (Allow) F:\STEAM\Steam.exe
FirewallRules: [{2774496A-6CB3-4F56-B6C4-F37BF2C046E3}] => (Allow) LPort=25570
FirewallRules: [{B9FA465B-750F-45AF-9B3D-47C4521ED009}] => (Allow) LPort=25570
FirewallRules: [{3548633E-8532-4F2D-B1B0-A38A053D52E0}] => (Allow) LPort=51546
FirewallRules: [{30FC16D6-4EA2-46B8-8064-7F30BAEF724C}] => (Allow) LPort=51546
FirewallRules: [TCP Query User{EA462FC8-17B0-45BC-A794-F9D387DB4ECE}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [UDP Query User{BDE32460-11FF-42C1-BFA5-C1B8222C8C98}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{123833CF-7165-46F5-91A9-285666B0519E}] => (Block) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{07ABE4EF-2857-446F-8C2A-95715BFF1D79}] => (Block) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{F88F3E57-072E-44A4-937E-DD904CFF9EC4}] => (Allow) F:\STEAM\bin\steamwebhelper.exe
FirewallRules: [{B119D943-484C-4511-8C89-80470599495B}] => (Allow) F:\STEAM\bin\steamwebhelper.exe
FirewallRules: [{94EEEFEF-E8F8-4079-88C5-985B324E7677}] => (Allow) LPort=3569
FirewallRules: [{B9104BD8-2B4C-42CE-B501-282AA23166C8}] => (Allow) LPort=9946
FirewallRules: [{5877033D-EBD5-49BE-BC82-214D2E93A5CA}] => (Allow) LPort=9988
FirewallRules: [{D5E98FC8-7508-4909-BAE5-0B41456E7BB0}] => (Allow) LPort=42124
FirewallRules: [{3E0A0B4C-AD28-4C6F-8D05-2C0AC46568C2}] => (Allow) LPort=3659
FirewallRules: [{57C6B5BC-20C1-4CA2-8FF9-5CFA2104C560}] => (Allow) LPort=9565
FirewallRules: [{648FD713-D388-4A84-B53C-8269BE959A3B}] => (Allow) LPort=9570
FirewallRules: [{EFE9FBF0-7754-404E-AB0B-E1D4DFE96E92}] => (Allow) LPort=3659
FirewallRules: [{C71B4A20-AE0E-4E12-9E5B-C6119878E50B}] => (Allow) F:\MS OFFICE\Office12\outlook.exe
FirewallRules: [{E7E96933-DEAF-4B7D-9B1A-BD5C5FA30A70}] => (Allow) F:\MS OFFICE\Office12\GROOVE.EXE
FirewallRules: [{C8F89FAC-01FC-4B60-9A5F-B62F5E001D89}] => (Allow) F:\MS OFFICE\Office12\GROOVE.EXE
FirewallRules: [{BEA8A879-37AC-4E45-A3E6-2175E435A967}] => (Allow) F:\MS OFFICE\Office12\ONENOTE.EXE
FirewallRules: [{A0666811-D4CC-41EC-9C35-539881989591}] => (Allow) F:\MS OFFICE\Office12\ONENOTE.EXE
FirewallRules: [TCP Query User{4E7794B7-94F3-4F18-A602-0CF42AD77B00}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E2C25777-944F-44FB-9C3B-4BE7CCA7CE12}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe
FirewallRules: [{427CEB21-3064-42E4-88B5-0F6FDA3C5AD3}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{8B27537D-FFC6-4415-BAC7-734914F168C6}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{4447040E-0874-4A17-BF66-DC8C70AFDEC1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D45FF63B-6738-48A6-A8DF-B62D8C4582E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DC31CF95-C7DE-4ECE-8C19-DF67F539780E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E005743-2055-481B-B6D4-0881BCA0D263}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7CA81FD0-AC3C-44FF-A82A-C3A422AE1A5F}F:\program files (x86)\origin games\bfh\bfh.exe] => (Allow) F:\program files (x86)\origin games\bfh\bfh.exe
FirewallRules: [UDP Query User{A1F579E4-1144-4EBD-A159-71C4E76B0C49}F:\program files (x86)\origin games\bfh\bfh.exe] => (Allow) F:\program files (x86)\origin games\bfh\bfh.exe
FirewallRules: [{542C0C38-24F2-4B87-BD5D-BF9811F8D0A0}] => (Allow) F:\Program Files (x86)\Origin Games\BFH\BFHWebHelper.exe
FirewallRules: [{5F74D7F4-8E32-47C6-8614-CB9D059E814F}] => (Allow) F:\Program Files (x86)\Origin Games\BFH\BFHWebHelper.exe
FirewallRules: [TCP Query User{37BCEDB0-8F55-4EE3-B9B4-EB904F06F0F6}F:\gta v\grand theft auto v\gta5.exe] => (Block) F:\gta v\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{07B05728-901F-421A-BF4D-7C2175F16F48}F:\gta v\grand theft auto v\gta5.exe] => (Block) F:\gta v\grand theft auto v\gta5.exe
FirewallRules: [{AE26573E-6829-4A7C-ACFF-4624D8C8B7F3}] => (Allow) F:\STEAM\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{86A4BEE2-BEF0-4709-8BFD-12CC78A4F522}] => (Allow) F:\STEAM\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{B749D334-7C7F-4C33-B4F4-3197616C61BD}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{FC7A9434-C20E-4C72-A088-9831C6376AAC}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{4B3DB668-741D-41DE-95A8-0A5669FF2820}] => (Allow) F:\SKYPE\Phone\Skype.exe
FirewallRules: [{D6ABF072-485E-4E8D-889D-EF2EB91B193B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3AB4175E-FCC4-4631-BDEE-473EEEE48BE7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0EEDC26E-DE66-4956-840E-380F3D04C3A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{120E3AB5-E890-4046-A755-B682B162EC26}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{30EB231D-C1C4-4158-9381-D83CA44110A5}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{E2E4D6BE-1A3B-496E-ACAF-033BA63884E6}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{D58A1BB0-2D75-41A7-9D4A-4A67455617BC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{69DBCF6B-CD3E-45C4-9275-F47583351291}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-11-2016 21:45:30 End of disinfection

==================== Faulty Device Manager Devices =============

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Adaptér tunelového režimu Microsoft Teredo
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2016 09:42:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

Error: (11/22/2016 08:37:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

Error: (11/22/2016 05:39:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

Error: (11/22/2016 02:28:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

Error: (11/22/2016 02:14:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

Error: (11/21/2016 11:50:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Wow-64.exe verze 7.1.0.22996 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 834

Čas spuštění: 01d2444994cfa684

Čas ukončení: 1

Cesta k aplikaci: F:\WOW\Wow-64.exe

ID hlášení: ddfd5e6d-b03c-11e6-a711-94de807e9a12

Error: (11/21/2016 11:35:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

Error: (11/21/2016 11:08:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

Error: (11/21/2016 09:15:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

Error: (11/21/2016 02:50:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

System errors:
=============
Error: (11/22/2016 09:38:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/22/2016 09:37:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
UsbCharger

Error: (11/22/2016 09:37:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Origin Web Helper Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/22/2016 09:37:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Origin Web Helper Service bylo dosaženo časového limitu (30000 ms).

Error: (11/22/2016 08:35:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/22/2016 08:33:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
UsbCharger

Error: (11/22/2016 08:33:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Origin Web Helper Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/22/2016 08:33:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Origin Web Helper Service bylo dosaženo časového limitu (30000 ms).

Error: (11/22/2016 02:36:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/22/2016 02:26:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk4\DR4.

CodeIntegrity:
===================================
Date: 2016-11-22 14:20:27.087
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-22 14:20:27.009
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-22 14:19:47.276
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Hafcool\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-22 14:19:47.182
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Hafcool\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-22 14:17:55.268
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-22 14:17:55.174
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-22 14:17:55.096
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-22 14:17:55.018
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-21 23:11:58.642
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-21 23:11:58.564
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 12%
Total physical RAM: 16254.62 MB
Available physical RAM: 14268.95 MB
Total Virtual: 32507.42 MB
Available Virtual: 30476.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:45.21 GB) NTFS
Drive e: (Hafcool) (Fixed) (Total:298.09 GB) (Free:13.58 GB) NTFS
Drive f: (SnakeEyes) (Fixed) (Total:931.51 GB) (Free:178.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or

(Size: 111.8 GB) (Disk ID: 82B1D6F4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 82D442BB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or

(Size: 298.1 GB) (Disk ID: 930C9FF9)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Možné napadení z Facebooku, prosím o kontrolu Vyřešeno

Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Re: Možné napadení z Facebooku, prosím o kontrolu

Kdo je online