Preventivka

[dalik]

Zdravím Vás,
dneska se mi stalo, že mi někdo změnil heslo na email a heslo na Steam. Zajímavé je, že u obou bylo jiné heslo. Raději sem dávám log.
Prosím o kontrolu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by dalik at 2015-11-26 21:34:48
Microsoft
System drive C: has 10 GB (8%) free of 122 GB
Total RAM: 8070 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:34:52, on 26. 11. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
C:\Users\dalik\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
C:\Program Files\trend micro\dalik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\dalik\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\dalik\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKUS\S-1-5-21-3997532326-2811007125-1357021809-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart (User '?')
O4 - HKUS\S-1-5-21-3997532326-2811007125-1357021809-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR (User '?')
O4 - HKUS\S-1-5-21-3997532326-2811007125-1357021809-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum (User '?')
O4 - HKUS\S-1-5-21-3997532326-2811007125-1357021809-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Spotify Web Helper] "C:\Users\dalik\AppData\Roaming\Spotify\SpotifyWebHelper.exe" (User '?')
O4 - HKUS\S-1-5-21-3997532326-2811007125-1357021809-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Spotify] "C:\Users\dalik\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files (x86)\MMTaskbar\MultiMon.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Služba Vzdálené plochy Chrome (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
O23 - Service: wampapache64 - Apache Software Foundation - c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
O23 - Service: wampmysqld64 - Unknown owner - c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11516 bytes

======Listing Processes======





wininit.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
"C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {2c1aa6c8-a80c-4523-888501d744f4d277}
"C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe" --type=host --daemon-pipe=544
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {563532E4-F103-46D4-8F1D-7985E058D477}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe" -k runservice
c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld
C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe -d C:/wamp/bin/apache/apache2.4.9
C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files (x86)\Stardock\Start8\Start8_64.exe" START
atieclxx
taskhostex.exe
C:\Windows\Explorer.EXE
igfxEM.exe
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Users\dalik\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F2100 series#1441284019" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5748.0.564442534\415407050" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,8,24,52 --gpu-vendor-id=0x1002 --gpu-device-id=0x673e --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=14.301.1001.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Conservative/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Disabled/*AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/Enabled_Limit2/*AutomaticTabDiscarding/Enabled_Once/*BackgroundTracing/default/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/FeedbackRanker Mixed 1/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/ControlLarge/*DataReductionProxyConfigService/Control_Enabled/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionActionRedesign/Enabled/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*LocalNTPSuggestionsService/Control/MaterialDesignDownloads/Control/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/DevHQPDoesHUPLikeScoring/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Enabled/PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/FontsOnly_01000_0_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SafeBrowsingUpdateFrequency/Default/SdchPersistence/Disabled/*SimpleCacheTrial/ExperimentYes/*SiteEngagement/Enabled/SlimmingPaint/EnableSlimmingPaint/StackProfiling/Report profiles/*StunProbeTrial2/Default/SyncBackingDatabase32K/Enabled/TabSyncByRecency/Control/*TriggeredResetFieldTrial/On/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Control/VoiceTrigger/Install/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Control/WebRTC-StunInterPacketDelay/Default/*WebRTC-SupportVP9/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchIncreaseFontPriority=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5748.2.621315275\1498901645" --font-cache-shared-handle=2280 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Conservative/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Disabled/*AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/Enabled_Limit2/*AutomaticTabDiscarding/Enabled_Once/*BackgroundTracing/default/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/FeedbackRanker Mixed 1/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/ControlLarge/*DataReductionProxyConfigService/Control_Enabled/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionActionRedesign/Enabled/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*LocalNTPSuggestionsService/Control/MaterialDesignDownloads/Control/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/DevHQPDoesHUPLikeScoring/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Enabled/PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/FontsOnly_01000_0_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SafeBrowsingUpdateFrequency/Default/SdchPersistence/Disabled/*SimpleCacheTrial/ExperimentYes/*SiteEngagement/Enabled/SlimmingPaint/EnableSlimmingPaint/StackProfiling/Report profiles/*StunProbeTrial2/Default/SyncBackingDatabase32K/Enabled/TabSyncByRecency/Control/*TriggeredResetFieldTrial/On/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Control/VoiceTrigger/Install/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Control/WebRTC-StunInterPacketDelay/Default/*WebRTC-SupportVP9/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchIncreaseFontPriority=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5748.3.1429022924\1341607257" --font-cache-shared-handle=2552 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Conservative/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Disabled/*AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/Enabled_Limit2/*AutomaticTabDiscarding/Enabled_Once/*BackgroundTracing/default/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/FeedbackRanker Mixed 1/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/ControlLarge/*DataReductionProxyConfigService/Control_Enabled/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionActionRedesign/Enabled/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*LocalNTPSuggestionsService/Control/MaterialDesignDownloads/Control/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/DevHQPDoesHUPLikeScoring/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Enabled/PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/FontsOnly_01000_0_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SafeBrowsingUpdateFrequency/Default/SdchPersistence/Disabled/*SimpleCacheTrial/ExperimentYes/*SiteEngagement/Enabled/SlimmingPaint/EnableSlimmingPaint/StackProfiling/Report profiles/*StunProbeTrial2/Default/SyncBackingDatabase32K/Enabled/TabSyncByRecency/Control/*TriggeredResetFieldTrial/On/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Control/VoiceTrigger/Install/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Control/WebRTC-StunInterPacketDelay/Default/*WebRTC-SupportVP9/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchIncreaseFontPriority=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5748.4.1090249563\381553513" --font-cache-shared-handle=2940 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Conservative/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Disabled/*AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/Enabled_Limit2/*AutomaticTabDiscarding/Enabled_Once/*BackgroundTracing/default/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/FeedbackRanker Mixed 1/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/ControlLarge/*DataReductionProxyConfigService/Control_Enabled/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionActionRedesign/Enabled/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*LocalNTPSuggestionsService/Control/MaterialDesignDownloads/Control/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/DevHQPDoesHUPLikeScoring/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Enabled/PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/FontsOnly_01000_0_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SafeBrowsingUpdateFrequency/Default/SdchPersistence/Disabled/*SimpleCacheTrial/ExperimentYes/*SiteEngagement/Enabled/SlimmingPaint/EnableSlimmingPaint/StackProfiling/Report profiles/*StunProbeTrial2/Default/SyncBackingDatabase32K/Enabled/TabSyncByRecency/Control/*TriggeredResetFieldTrial/On/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Control/VoiceTrigger/Install/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Control/WebRTC-StunInterPacketDelay/Default/*WebRTC-SupportVP9/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchIncreaseFontPriority=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5748.6.906791877\1123391966" --font-cache-shared-handle=3168 /prefetch:673131151
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/AppBannerTriggering/Conservative/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Disabled/*AutofillFieldMetadata/Enabled/*AutofillProfileOrderByFrecency/Enabled_Limit2/*AutomaticTabDiscarding/Enabled_Once/*BackgroundTracing/default/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeDashboard/Default/*ChromeSuggestions/FeedbackRanker Mixed 1/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/ControlLarge/*DataReductionProxyConfigService/Control_Enabled/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionActionRedesign/Enabled/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*LocalNTPSuggestionsService/Control/MaterialDesignDownloads/Control/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/DevHQPDoesHUPLikeScoring/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/*PasswordBranding/Disabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Enabled/PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/FontsOnly_01000_0_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/*SafeBrowsingUpdateFrequency/Default/SdchPersistence/Disabled/*SimpleCacheTrial/ExperimentYes/*SiteEngagement/Enabled/SlimmingPaint/EnableSlimmingPaint/StackProfiling/Report profiles/*StunProbeTrial2/Default/SyncBackingDatabase32K/Enabled/*TabSyncByRecency/Control/*TriggeredResetFieldTrial/On/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Control/VoiceTrigger/Install/*WebRTC-LocalIPPermissionCheck/Enabled/*WebRTC-PeerConnectionDTLS1.2/Control/*WebRTC-StunInterPacketDelay/Default/*WebRTC-SupportVP9/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchIncreaseFontPriority=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5748.223.1282334607\224693611" --font-cache-shared-handle=9936 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/AppBannerTriggering/Conservative/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Disabled/*AutofillFieldMetadata/Enabled/*AutofillProfileOrderByFrecency/Enabled_Limit2/*AutomaticTabDiscarding/Enabled_Once/*BackgroundTracing/default/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeDashboard/Default/*ChromeSuggestions/FeedbackRanker Mixed 1/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/ControlLarge/*DataReductionProxyConfigService/Control_Enabled/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionActionRedesign/Enabled/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*LocalNTPSuggestionsService/Control/MaterialDesignDownloads/Control/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/DevHQPDoesHUPLikeScoring/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/*PasswordBranding/Disabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Enabled/PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/FontsOnly_01000_0_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/*SafeBrowsingUpdateFrequency/Default/SdchPersistence/Disabled/*SimpleCacheTrial/ExperimentYes/*SiteEngagement/Enabled/SlimmingPaint/EnableSlimmingPaint/StackProfiling/Report profiles/*StunProbeTrial2/Default/SyncBackingDatabase32K/Enabled/*TabSyncByRecency/Control/*TriggeredResetFieldTrial/On/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Control/VoiceTrigger/Install/*WebRTC-LocalIPPermissionCheck/Enabled/*WebRTC-PeerConnectionDTLS1.2/Control/*WebRTC-StunInterPacketDelay/Default/*WebRTC-SupportVP9/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchIncreaseFontPriority=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5748.380.522279907\325738618" --font-cache-shared-handle=8912 /prefetch:673131151
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
mbamresearch.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/AppBannerTriggering/Conservative/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Disabled/*AutofillFieldMetadata/Enabled/*AutofillProfileOrderByFrecency/Enabled_Limit2/*AutomaticTabDiscarding/Enabled_Once/*BackgroundTracing/default/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeDashboard/Default/*ChromeSuggestions/FeedbackRanker Mixed 1/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/ControlLarge/*DataReductionProxyConfigService/Control_Enabled/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionActionRedesign/Enabled/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*LocalNTPSuggestionsService/Control/MaterialDesignDownloads/Control/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/DevHQPDoesHUPLikeScoring/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/*PasswordBranding/Disabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Enabled/PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/FontsOnly_01000_0_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/*SafeBrowsingUpdateFrequency/Default/SdchPersistence/Disabled/*SimpleCacheTrial/ExperimentYes/*SiteEngagement/Enabled/SlimmingPaint/EnableSlimmingPaint/StackProfiling/Report profiles/*StunProbeTrial2/Default/SyncBackingDatabase32K/Enabled/*TabSyncByRecency/Control/*TriggeredResetFieldTrial/On/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Control/VoiceTrigger/Install/*WebRTC-LocalIPPermissionCheck/Enabled/*WebRTC-PeerConnectionDTLS1.2/Control/*WebRTC-StunInterPacketDelay/Default/*WebRTC-SupportVP9/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchIncreaseFontPriority=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5748.398.1876617298\237505431" --font-cache-shared-handle=5620 /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe145_ Global\UsGthrCtrlFltPipeMssGthrPipe145 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
"C:\Users\dalik\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[altrok]

Krasny den Vam preju


V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[dalik]

Posílám.

# AdwCleaner v5.022 - Logfile created 28/11/2015 at 16:02:16
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : dalik - DALIK-PC
# Running from : C:\Users\dalik\Desktop\adwcleaner_5.022.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\Program Files (x86)\BinarySense
[-] Folder Deleted : C:\ProgramData\BinarySense
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Files ] *****

[-] File Deleted : C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_v.qq.com_0.localstorage
[-] File Deleted : C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_v.qq.com_0.localstorage-journal
[-] File Deleted : C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Web browsers ] *****

[-] [C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : portable-windows-movie-maker.softonic.com.br
[-] [C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : primeshop.cz
[-] [C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : word-lens-translator.en.softonic.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3037 bytes] ##########

[altrok]

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868

• Upozorneni: tento sken zabere od 30 minut po nekolik hodin

[dalik]

Bylo to čístý.

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 30. 11. 2015
Čas skenování: 18:48
Protokol: log.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.11.30.04
Databáze rootkitů: v2015.11.26.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: dalik

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 748733
Uplynulý čas: 1 hod, 8 min, 1 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[altrok]

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[dalik]

FRST.txt:

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by dalik (administrator) on DALIK-PC (03-12-2015 19:06:51)
Running from C:\Users\dalik\Desktop
Loaded Profiles: dalik (Available Profiles: dalik)
Platform: Windows 8.1 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
() C:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
(Spotify Ltd) C:\Users\dalik\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [3340288 2012-03-20] ()
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\Run: [Spotify Web Helper] => C:\Users\dalik\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-07-26] (Spotify Ltd)
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\Run: [Spotify] => C:\Users\dalik\AppData\Roaming\Spotify\Spotify.exe [7574584 2015-07-26] (Spotify Ltd)
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\MountPoints2: {2fabae21-440c-11e5-82fa-94de807d1cb9} - "G:\MafiaLauncher.EXE" 
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\MountPoints2: {2fabae38-440c-11e5-82fa-94de807d1cb9} - "H:\m.exe" 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-09-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MultiMon Taskbar.lnk [2014-08-11]
ShortcutTarget: MultiMon Taskbar.lnk -> C:\Program Files (x86)\MMTaskbar\MultiMon.exe ()
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{781E785E-C376-496C-B65F-DC055DAD9D38}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-19] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-19] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\dalik\AppData\Roaming\Mozilla\Firefox\Profiles\5kb4jfkj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-14] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3997532326-2811007125-1357021809-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dalik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: DownThemAll! - C:\Users\dalik\AppData\Roaming\Mozilla\Firefox\Profiles\5kb4jfkj.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-06-07]
FF Extension: NoScript - C:\Users\dalik\AppData\Roaming\Mozilla\Firefox\Profiles\5kb4jfkj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-30]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.22\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.22\pdf.dll => No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 8 U25) - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll => No File
CHR Profile: C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Screenr) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajmdmhlhifnkjklgeikfdmffiigfoged [2014-08-11]
CHR Extension: (Dokumenty Google) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (ColorZilla) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-09-30]
CHR Extension: (YouTube) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Screen capture, screenshot share/save) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjbjepchlgclmpinlbbeinajphohgfod [2015-09-02]
CHR Extension: (Vyhledávání Google) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Convert Case) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhnjnbopnnlbjemjepcpcfchmfpafoj [2015-04-28]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2014-08-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-12-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-11-25]
CHR Extension: (Gmail) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-03-28] (Stardock Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
R3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 dtultrascsibus; C:\Windows\System32\drivers\dtultrascsibus.sys [30264 2015-08-16] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\drivers\dtultrausbbus.sys [47160 2015-08-16] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 19:06 - 2015-12-03 19:07 - 00020762 _____ C:\Users\dalik\Desktop\FRST.txt
2015-12-03 19:06 - 2015-12-03 19:06 - 02350080 _____ (Farbar) C:\Users\dalik\Desktop\FRST64.exe
2015-12-03 19:06 - 2015-12-03 19:06 - 00000000 ____D C:\FRST
2015-11-29 13:00 - 2015-11-29 13:00 - 00000000 ____D C:\Users\dalik\AppData\Roaming\GullySoft
2015-11-28 16:01 - 2015-11-28 16:02 - 00000000 ____D C:\AdwCleaner
2015-11-26 21:34 - 2015-11-26 21:34 - 00000000 ____D C:\rsit
2015-11-26 21:34 - 2015-11-26 21:34 - 00000000 ____D C:\Program Files\trend micro
2015-11-26 21:29 - 2015-12-03 17:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-26 21:29 - 2015-11-26 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-26 21:29 - 2015-11-26 21:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-26 21:29 - 2015-11-26 21:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-26 21:29 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-26 21:29 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-26 21:29 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-25 23:10 - 2015-11-25 23:10 - 26938128 _____ C:\Users\dalik\Desktop\webdesign_financni_trh_20151103.psd
2015-11-22 21:53 - 2015-11-22 21:53 - 00000000 _____ C:\Windows\system32\ipconfig
2015-11-21 16:42 - 2015-11-21 16:42 - 15762933 _____ C:\Users\dalik\Desktop\webdesign_sillet-it_20151020.psd
2015-11-20 17:33 - 2015-11-20 17:33 - 00000000 ____D C:\Users\dalik\AppData\Roaming\Unity
2015-11-20 17:27 - 2015-11-20 17:27 - 03249480 _____ (Unity Technologies ApS) C:\Users\dalik\Downloads\UnityWebPlayer.exe
2015-11-20 17:27 - 2015-11-20 17:27 - 00000000 ____D C:\Users\dalik\AppData\LocalLow\Unity
2015-11-20 17:27 - 2015-11-20 17:27 - 00000000 ____D C:\Users\dalik\AppData\Local\Unity
2015-11-18 15:14 - 2015-11-28 15:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-18 15:14 - 2015-11-18 15:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-17 22:34 - 2015-11-21 13:39 - 00000000 ____D C:\Program Files\KMSnano
2015-11-12 18:12 - 2015-11-15 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-11 17:16 - 2015-11-11 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2015-11-11 16:30 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 16:30 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 16:30 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 16:30 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 16:30 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 16:30 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 16:30 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-11 16:30 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 16:30 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 16:30 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 16:30 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 16:30 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 16:30 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 16:30 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 16:30 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 16:30 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 16:30 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 16:30 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 16:30 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-11 16:30 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 16:30 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-11 16:30 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 16:30 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 16:30 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 16:30 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 16:30 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 16:30 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 16:30 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-11 16:30 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-11 16:30 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 16:30 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 16:30 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 16:30 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 16:30 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 16:30 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 16:30 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 16:30 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 16:30 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 16:30 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-11 16:30 - 2015-09-12 14:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-11 16:30 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-11 16:30 - 2015-09-07 17:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-11 16:30 - 2015-09-07 17:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-11 16:30 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-11 16:30 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-11 16:30 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-11 16:30 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-11 16:30 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-11 16:30 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-11 16:29 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 16:29 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 16:29 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 16:29 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 16:29 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 16:29 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 16:29 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-11 16:29 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 16:29 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 16:29 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 16:29 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 16:29 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 16:29 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 16:29 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-11 16:29 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 16:29 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 16:29 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 16:29 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 16:29 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 16:29 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 16:29 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 16:29 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 16:29 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-11 16:29 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-11 16:29 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-11 16:29 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-11 16:29 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 16:29 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-08 14:22 - 2015-11-26 16:59 - 00000034 _____ C:\Users\dalik\AppData\Roaming\AdobeWLCMCache.dat
2015-11-08 14:22 - 2015-11-08 14:22 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2015-11-08 14:22 - 2015-11-08 14:22 - 00000000 ____D C:\ProgramData\ALM
2015-11-08 14:00 - 2015-11-08 14:00 - 00000132 _____ C:\Users\dalik\AppData\Roaming\Filtr IIIExport Adobe CC – předvolby
2015-11-03 08:48 - 2015-11-03 08:48 - 11492997 _____ C:\Users\dalik\Desktop\Běloruský automechanik.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 19:06 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-03 19:03 - 2014-08-19 16:17 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 19:00 - 2014-08-11 12:29 - 00000000 ____D C:\Users\dalik\AppData\Local\Packages
2015-12-03 18:51 - 2014-08-22 23:53 - 00000000 ___RD C:\Users\dalik\Disk Google
2015-12-03 18:46 - 2014-08-11 13:45 - 00000000 ____D C:\Users\dalik\AppData\Roaming\Skype
2015-12-03 18:21 - 2015-05-18 15:10 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0917457cb4187.job
2015-12-03 18:15 - 2015-02-03 23:48 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040037d9dc9e1.job
2015-12-03 18:15 - 2014-10-28 12:04 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff29ef216a90f.job
2015-12-03 18:09 - 2014-08-11 12:59 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 17:49 - 2014-10-14 20:11 - 00000000 ____D C:\Users\dalik\AppData\Roaming\TS3Client
2015-12-03 17:14 - 2014-09-17 19:19 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-03 16:01 - 2014-08-11 12:37 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B3BC3CFE-8753-400F-B9F1-3234D88F5091}
2015-12-03 13:21 - 2015-07-16 21:53 - 00000974 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c00977cd4e52.job
2015-12-03 13:21 - 2014-08-11 12:59 - 00000974 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 13:21 - 2014-08-11 12:51 - 00000000 __SHD C:\Users\dalik\IntelGraphicsProfiles
2015-12-03 09:51 - 2014-08-11 14:08 - 00000000 ____D C:\Users\dalik\AppData\Local\Adobe
2015-12-02 23:24 - 2014-08-14 19:09 - 00000600 _____ C:\Users\dalik\AppData\Local\PUTTY.RND
2015-12-02 22:14 - 2014-08-13 18:50 - 00000600 _____ C:\Users\dalik\AppData\Roaming\winscp.rnd
2015-12-02 15:45 - 2014-08-11 12:59 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2015-12-02 15:45 - 2014-08-11 12:59 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-30 21:29 - 2014-08-11 13:53 - 00000000 ____D C:\Users\dalik\AppData\Local\Sublime Text 3
2015-11-30 15:20 - 2014-08-11 14:48 - 07444992 ___SH C:\Users\dalik\Desktop\Thumbs.db
2015-11-29 19:33 - 2014-08-11 12:34 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3997532326-2811007125-1357021809-1001
2015-11-28 16:07 - 2014-08-11 12:34 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-28 16:07 - 2013-10-11 18:41 - 00738682 _____ C:\Windows\system32\perfh005.dat
2015-11-28 16:07 - 2013-10-11 18:41 - 00151404 _____ C:\Windows\system32\perfc005.dat
2015-11-28 16:07 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2015-11-28 16:02 - 2013-08-22 16:36 - 00000000 __RSD C:\Windows\Media
2015-11-28 16:02 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-28 16:02 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-26 20:50 - 2014-08-13 18:33 - 00001480 _____ C:\Users\dalik\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2015-11-26 18:18 - 2015-02-20 11:31 - 00000000 ____D C:\Users\dalik\AppData\Local\Steam
2015-11-25 20:11 - 2015-10-06 20:01 - 00000000 ____D C:\Users\dalik\Desktop\projekty
2015-11-25 08:10 - 2014-08-22 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-22 09:49 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-18 15:14 - 2014-12-25 22:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-18 15:14 - 2014-08-11 13:56 - 00000000 ____D C:\ProgramData\Adobe
2015-11-17 22:28 - 2014-08-11 12:40 - 00000000 ____D C:\Users\dalik\AppData\Roaming\uTorrent
2015-11-17 09:37 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-11-15 10:04 - 2014-08-11 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-15 10:04 - 2013-08-22 15:44 - 05647352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-15 10:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-11 18:38 - 2015-09-03 11:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-11 18:38 - 2015-09-03 11:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 18:38 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-11 18:32 - 2013-08-22 14:25 - 00000202 _____ C:\Windows\win.ini
2015-11-11 18:31 - 2014-08-14 14:42 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 18:29 - 2014-08-14 14:42 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 17:18 - 2014-08-11 12:29 - 00000000 ____D C:\Users\dalik
2015-11-11 17:15 - 2015-09-21 19:33 - 00000000 ____D C:\ProgramData\Atlassian
2015-11-10 19:03 - 2014-08-19 16:17 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-08 14:22 - 2014-08-11 14:10 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-11-08 14:22 - 2014-08-11 14:09 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-11-08 14:22 - 2014-08-11 13:48 - 00000000 ____D C:\Program Files\Adobe
2015-11-08 14:22 - 2014-08-11 12:29 - 00000000 ____D C:\Users\dalik\AppData\Roaming\Adobe
2015-11-08 14:21 - 2014-08-11 14:09 - 00001562 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-11-06 08:19 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-05 15:42 - 2014-08-21 00:15 - 00000000 ____D C:\Users\dalik\AppData\Roaming\vlc
2015-11-03 08:45 - 2014-08-11 12:59 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-03 01:23 - 2013-08-22 16:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-11-08 14:22 - 2015-11-26 16:59 - 0000034 _____ () C:\Users\dalik\AppData\Roaming\AdobeWLCMCache.dat
2015-11-08 14:00 - 2015-11-08 14:00 - 0000132 _____ () C:\Users\dalik\AppData\Roaming\Filtr IIIExport Adobe CC – předvolby
2014-08-26 13:25 - 2015-01-18 17:30 - 0000132 _____ () C:\Users\dalik\AppData\Roaming\Formát PNG Adobe CC – předvolby
2015-08-16 21:44 - 2002-08-29 18:33 - 0319488 ____R () C:\Users\dalik\AppData\Roaming\MafiaSetup.exe
2014-08-13 18:50 - 2015-12-02 22:14 - 0000600 _____ () C:\Users\dalik\AppData\Roaming\winscp.rnd
2014-08-13 18:33 - 2015-11-26 20:50 - 0001480 _____ () C:\Users\dalik\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2014-08-14 19:09 - 2015-12-02 23:24 - 0000600 _____ () C:\Users\dalik\AppData\Local\PUTTY.RND
2014-08-18 23:54 - 2015-03-23 21:34 - 0007610 _____ () C:\Users\dalik\AppData\Local\Resmon.ResmonCfg
2014-08-11 23:43 - 2014-08-11 23:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-28 11:48 - 2015-09-03 13:40 - 0001866 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\dalik\AppData\Local\Temp\Execute2App.exe
C:\Users\dalik\AppData\Local\Temp\msvcp90.dll
C:\Users\dalik\AppData\Local\Temp\msvcr90.dll
C:\Users\dalik\AppData\Local\Temp\PidGenX.dll
C:\Users\dalik\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-25 16:50

==================== End of FRST.txt ============================

Addition.txt:

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by dalik (2015-12-03 19:07:11)
Running from C:\Users\dalik\Desktop
Windows 8.1 Pro (X64) (2014-08-11 11:29:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3997532326-2811007125-1357021809-500 - Administrator - Disabled)
dalik (S-1-5-21-3997532326-2811007125-1357021809-1001 - Administrator - Enabled) => C:\Users\dalik
Guest (S-1-5-21-3997532326-2811007125-1357021809-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3997532326-2811007125-1357021809-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation)
Brackets (HKLM-x32\...\{36FDB2A6-90A0-43DC-8CF9-FC66E1D6DC7D}) (Version: 1.5 - brackets.io)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.67.1076 - AB Team, d.o.o.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_NS_LP_DocCD (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
EAX Unified (HKLM-x32\...\EAX Unified) (Version:  - )
F2100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F2100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
GitHub (HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\5f7eb300e2ea4ebf) (Version: 2.14.7.1 - GitHub, Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.22 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet All-In-One Software (HKLM\...\{2CB8566A-8EA6-417A-BAB1-1B10A88C79BB}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{CDF9E1C8-4B97-4F8B-A848-7DD0E8BEB89F}) (Version: 47.0.2526.18 - Google Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft RemoteApp (HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\8b53dffd52ff902f) (Version: 1.9866.1023.1530 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 cs)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MultiMon TaskBar 2.1 (HKLM-x32\...\MultiMon TaskBar_is1) (Version:  - MediaChance)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{8C7BB038-9DF2-4B43-8BF7-42D95559E459}) (Version: 4.1.1 - Node.js Foundation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
OSCAR Editor (x32 Version: 12.03.0004 - A4TECH) Hidden
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
Prepros 5.9.5 (HKLM-x32\...\Prepros) (Version: 5.9.5 - Subash Pathak)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.5.7.2450 - Jan Fiala)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SourceTree (HKLM-x32\...\SourceTree 1.6.22) (Version: 1.6.22 - Atlassian)
SourceTree (x32 Version: 1.6.22 - Atlassian) Hidden
Spotify (HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.40.1 - Stardock Software, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.PROPLUSR_{2B44F588-2B80-4DD3-B577-B10B3C6865EA}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
X7 Oscar Editor (HKLM-x32\...\InstallShield_{3C2379D2-337A-4FFA-9017-BDFB80EC0931}) (Version: 12.03.0004 - A4TECH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3997532326-2811007125-1357021809-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

29-11-2015 19:33:44 Naplánovaný kontrolní bod

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-10-12 19:02 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17DE729B-18B1-4D54-B795-A1AA5CBF447E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {270C9DC1-3DA7-401B-ABF2-E3B64CB8B532} - System32\Tasks\GoogleUpdateTaskMachineUA1d001c8a93f1ca1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {27E5C968-E932-493C-80B6-028E4493A761} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3D471748-6481-4215-AD1B-98DDDA8B1683} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {560B53CE-3879-4832-905B-D1329700A426} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {5AAE99D7-96F5-4AFF-95B8-4A60EF9F111E} - System32\Tasks\GoogleUpdateTaskMachineUA1d040037d9dc9e1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6826DE2E-2F08-46AB-8F95-2A0CB87E5E76} - System32\Tasks\AdobeAAMUpdater-1.0-dalik-pc-dalik => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {6B54EA7F-530A-4A57-BA48-C65D237BAC07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6B6C40D7-8A2D-4DBD-8D2E-7C532527A840} - System32\Tasks\GoogleUpdateTaskMachineUA1d0917457cb4187 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {868E3C16-EC95-432D-8A0A-3DD9A031ADBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B0CEFF3B-BBC7-409C-93DA-96BD601798B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3997532326-2811007125-1357021809-1001UA1d10a9eb9bc4e39 => C:\Users\dalik\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D1E08A7A-0847-4D9D-9A34-E3DB2FE02324} - System32\Tasks\GoogleUpdateTaskMachineUA1cff29ef216a90f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D1F92F92-10AD-482D-92F3-66F82B5A184E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3997532326-2811007125-1357021809-1001UA => C:\Users\dalik\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {DEF8E041-C77D-428E-9042-C3B261BBEE9A} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f17834b13ebd => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E5A88DDD-F0F2-4411-B359-98A6B0B0C82F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E7EC4816-8EEA-4582-8601-9BC5DAA8AA71} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {EB6B7165-41AD-4EB4-AD3D-034024F09B80} - System32\Tasks\{2EDD9E70-A45A-4987-B87F-25E3B448EC56} => pcalua.exe -a "C:\Program Files\Mafia\Game.exe" -d "c:\program files\Mafia\"
Task: {EECDF82A-EACF-4533-930E-AD252CFD873F} - System32\Tasks\GoogleUpdateTaskMachineCore1d0c00977cd4e52 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F75083BB-3832-43DF-B4F7-A98213D0813B} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e19c1793730b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FD3E480E-D5C8-47BC-8C64-7CD434F95228} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c00977cd4e52.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff29ef216a90f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d001c8a93f1ca1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040037d9dc9e1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0917457cb4187.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e19c1793730b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f17834b13ebd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\dalik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat" <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-10-12 19:02 - 2014-05-01 08:06 - 10959360 _____ () c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
2012-03-20 10:59 - 2012-03-20 10:59 - 03340288 _____ () C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
2014-12-12 23:25 - 2014-12-12 23:25 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2015-12-02 15:45 - 2015-12-01 07:38 - 02042184 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.22\libglesv2.dll
2015-12-02 15:45 - 2015-12-01 07:38 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.22\libegl.dll
2015-10-12 19:02 - 2014-05-01 08:50 - 00217600 _____ () c:\wamp\bin\apache\apache2.4.9\bin\pcre.dll
2015-10-12 19:02 - 2014-05-01 08:50 - 00068608 _____ () c:\wamp\bin\apache\apache2.4.9\bin\zlib1.dll
2015-10-12 19:02 - 2014-05-01 08:50 - 00217600 _____ () C:\wamp\bin\apache\apache2.4.9\bin\pcre.dll
2015-10-12 19:02 - 2014-05-01 08:50 - 00068608 _____ () C:\wamp\bin\apache\apache2.4.9\bin\zlib1.dll
2015-12-03 13:21 - 2015-12-03 13:21 - 00098816 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32api.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00110080 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\pywintypes27.dll
2015-12-03 13:21 - 2015-12-03 13:21 - 00364544 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\pythoncom27.dll
2015-12-03 13:21 - 2015-12-03 13:21 - 00046080 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\_socket.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 01208320 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\_ssl.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00320512 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32com.shell.shell.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00776704 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\_hashlib.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 01176576 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\wx._core_.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00806400 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\wx._gdi_.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00816128 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\wx._windows_.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 01067008 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\wx._controls_.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00733184 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\wx._misc_.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00682496 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\pysqlite2._sqlite.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00088064 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\_ctypes.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00119808 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32file.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00108544 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32security.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00007168 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\hashobjs_ext.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00017920 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\thumbnails_ext.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00079360 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\usb_ext.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00167936 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32gui.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00018432 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32event.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00128512 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\_elementtree.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00127488 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\pyexpat.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00013824 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\common.time34.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00036864 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\_psutil_windows.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00038912 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32inet.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00525640 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\windows._lib_cacheinvalidation.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00011264 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32crypt.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00077312 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\wx._html2.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00027136 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\_multiprocessing.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00020480 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\_yappi.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00035840 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32process.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00686080 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\unicodedata.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00123392 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\wx._wizard.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00024064 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32pipe.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00010240 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\select.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00025600 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32pdh.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00017408 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32profile.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00022528 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\win32ts.pyd
2015-12-03 13:21 - 2015-12-03 13:21 - 00078848 _____ () C:\Users\dalik\AppData\Local\Temp\_MEI33642\wx._animate.pyd
2010-12-02 16:56 - 2010-12-02 16:56 - 00815104 _____ () C:\Program Files (x86)\OSCAR Editor X7\Data\X7\Forms\OSD_Text\OSD_Text.dll
2011-01-09 19:45 - 2011-01-09 19:45 - 00088064 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_MouseDeviceManager.dll
2012-02-07 10:20 - 2012-02-07 10:20 - 02413568 _____ () C:\Program Files (x86)\OSCAR Editor X7\Data\X7\Forms\ScreenCapture\ScreenCapture.dll
2011-03-21 18:33 - 2011-03-21 18:33 - 00999424 _____ () C:\Program Files (x86)\OSCAR Editor X7\Data\X7\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 13:18 - 2010-09-20 13:18 - 00085504 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_ZoomControl.dll
2010-09-20 13:18 - 2010-09-20 13:18 - 00054272 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_ScrollbarControl.dll
2011-04-12 14:14 - 2011-04-12 14:14 - 00063488 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 19:16 - 2010-11-01 19:16 - 00062976 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_AnalyzeGesturesInOne.dll
2011-08-10 12:43 - 2011-08-10 12:43 - 00118272 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_Wheel4D.dll
2014-09-17 19:19 - 2015-10-05 17:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-21 21:05 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-09-17 19:19 - 2015-11-10 03:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-21 21:05 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-21 21:05 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-09-17 19:19 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-17 19:19 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-17 19:19 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-17 19:19 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-17 19:19 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-09-17 19:19 - 2015-11-10 03:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-23 18:21 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2014-09-17 19:19 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "MultiMon Taskbar.lnk"
HKLM\...\StartupApproved\Run: => "Služba Acronis Scheduler2"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "PivotSoftware"
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{E2DE1041-C2A2-4BC9-84E8-8388E839921E}C:\users\dalik\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dalik\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6EFA53F8-CAB7-41FB-8A1A-593A60A7484D}C:\users\dalik\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dalik\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{79756D1E-A4EF-4364-83AF-9A7CBA781D4F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7AB470BD-B022-4466-B6F3-5065593FDBDD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C7D89F44-699C-4534-AADC-AED7E2031643}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F33A23B-57DF-44D1-9429-F7965385229A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D3DBA339-28E4-462E-AAC5-64797F14A5F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8DB18CD3-67C1-41B1-91A1-239789D63F4C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{25781061-4FB7-40AD-8E35-0A27E3477DA6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{0257DA33-001C-4546-A86D-12CBC028811A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{5012D7D5-F505-4199-BBB8-BA068B083FFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{1A9D5EA0-9F33-4C06-9182-C28C7B75CC5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{975353F9-4DAA-4A3C-B42D-B3A7B228B05B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{158455D5-5982-4B38-A4D8-BB8C9D706089}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{DDB50707-B990-4424-BD31-357B3591B027}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C6850FE7-782F-4C05-BF38-539CCF87E5A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{43CD22DD-3FF5-4E01-88FA-275E93067444}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{4592D6F0-1FF1-409E-8CB1-6395EFE55EDE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{4A51D2CD-794D-4E24-91E9-34817C62CED5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{78E42055-D772-4AA3-95E0-CE7E7F8A606A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3CE4BA25-D0D5-4467-A523-3A2AAA80D523}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E691C200-47EF-44D8-9129-04A9E0A178E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0E621AFA-1179-4826-9585-D2BB2BD00765}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BB731DEC-EC4E-4FE7-A30F-88593AD0A4D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6B21B667-C3EF-4643-8E9F-9F27E7B051A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{698FEF2E-0B06-4989-8146-E6DA68502552}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C682B35A-A304-4A9A-B7B0-6DA634291235}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9A840FB5-CEB8-4B99-A4F0-F7784CAB296B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2EC989A6-AF61-4068-B654-F35679335BCF}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{15C6B255-0C54-4121-A696-8DBF07D7DC4B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CC60A306-D9C6-47AA-AB63-6C2E0F501219}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CB46CF53-B2C5-4D89-BE4B-2B6EF430775E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0658291E-89CF-4B05-BA8A-9DB4727F6145}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{98DBC83D-9BC9-4C5F-BE9B-B90EBF2771DC}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
FirewallRules: [{974FE279-8A48-4BDD-AB6B-E63A83733480}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{993C991C-66D8-4453-9DBF-6CB62E40815A}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{9C547AB9-4E51-47D7-8BC5-278E43157F39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Řadič sběrnice SM 
Description: Řadič sběrnice SM 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič jednoduché komunikace pro sběrnici PCI
Description: Řadič jednoduché komunikace pro sběrnici PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2015 01:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CCC.exe, verze: 4.5.0.0, časové razítko: 0x53ad0dcc
Název chybujícího modulu: amdmantle64.dll, verze: 9.1.10.34, časové razítko: 0x5417637b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000040cfa6
ID chybujícího procesu: 0x15a0
Čas spuštění chybující aplikace: 0xCCC.exe0
Cesta k chybující aplikaci: CCC.exe1
Cesta k chybujícímu modulu: CCC.exe2
ID zprávy: CCC.exe3
Úplný název chybujícího balíčku: CCC.exe4
ID aplikace související s chybujícím balíčkem: CCC.exe5

Error: (12/03/2015 01:21:15 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/03/2015 09:48:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CCC.exe, verze: 4.5.0.0, časové razítko: 0x53ad0dcc
Název chybujícího modulu: amdmantle64.dll, verze: 9.1.10.34, časové razítko: 0x5417637b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000040cfa6
ID chybujícího procesu: 0x13f0
Čas spuštění chybující aplikace: 0xCCC.exe0
Cesta k chybující aplikaci: CCC.exe1
Cesta k chybujícímu modulu: CCC.exe2
ID zprávy: CCC.exe3
Úplný název chybujícího balíčku: CCC.exe4
ID aplikace související s chybujícím balíčkem: CCC.exe5

Error: (12/02/2015 11:40:13 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Aplikace: CCC.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu vnitřní chyby v modulu .NET Runtime na IP adrese 00007FFF3A9A36FC (00007FFF3A9A0000) s ukončovacím kódem 80131506.

Error: (12/02/2015 08:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CCC.exe, verze: 4.5.0.0, časové razítko: 0x53ad0dcc
Název chybujícího modulu: amdmantle64.dll, verze: 9.1.10.34, časové razítko: 0x5417637b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000040cfa6
ID chybujícího procesu: 0x1080
Čas spuštění chybující aplikace: 0xCCC.exe0
Cesta k chybující aplikaci: CCC.exe1
Cesta k chybujícímu modulu: CCC.exe2
ID zprávy: CCC.exe3
Úplný název chybujícího balíčku: CCC.exe4
ID aplikace související s chybujícím balíčkem: CCC.exe5

Error: (12/02/2015 03:37:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CCC.exe, verze: 4.5.0.0, časové razítko: 0x53ad0dcc
Název chybujícího modulu: amdmantle64.dll, verze: 9.1.10.34, časové razítko: 0x5417637b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000040cfa6
ID chybujícího procesu: 0x12dc
Čas spuštění chybující aplikace: 0xCCC.exe0
Cesta k chybující aplikaci: CCC.exe1
Cesta k chybujícímu modulu: CCC.exe2
ID zprávy: CCC.exe3
Úplný název chybujícího balíčku: CCC.exe4
ID aplikace související s chybujícím balíčkem: CCC.exe5

Error: (12/01/2015 04:52:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CCC.exe, verze: 4.5.0.0, časové razítko: 0x53ad0dcc
Název chybujícího modulu: amdmantle64.dll, verze: 9.1.10.34, časové razítko: 0x5417637b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000040cfa6
ID chybujícího procesu: 0x14cc
Čas spuštění chybující aplikace: 0xCCC.exe0
Cesta k chybující aplikaci: CCC.exe1
Cesta k chybujícímu modulu: CCC.exe2
ID zprávy: CCC.exe3
Úplný název chybujícího balíčku: CCC.exe4
ID aplikace související s chybujícím balíčkem: CCC.exe5

Error: (12/01/2015 03:45:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: CCC.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: kód výjimky c0000096, adresa výjimky 00007FFF35D2DEE0

Error: (12/01/2015 03:02:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CCC.exe, verze: 4.5.0.0, časové razítko: 0x53ad0dcc
Název chybujícího modulu: amdmantle64.dll, verze: 9.1.10.34, časové razítko: 0x5417637b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000040cfa6
ID chybujícího procesu: 0xd2c
Čas spuštění chybující aplikace: 0xCCC.exe0
Cesta k chybující aplikaci: CCC.exe1
Cesta k chybujícímu modulu: CCC.exe2
ID zprávy: CCC.exe3
Úplný název chybujícího balíčku: CCC.exe4
ID aplikace související s chybujícím balíčkem: CCC.exe5

Error: (12/01/2015 07:34:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CCC.exe, verze: 4.5.0.0, časové razítko: 0x53ad0dcc
Název chybujícího modulu: amdmantle64.dll, verze: 9.1.10.34, časové razítko: 0x5417637b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000040cfa6
ID chybujícího procesu: 0x1efc
Čas spuštění chybující aplikace: 0xCCC.exe0
Cesta k chybující aplikaci: CCC.exe1
Cesta k chybujícímu modulu: CCC.exe2
ID zprávy: CCC.exe3
Úplný název chybujícího balíčku: CCC.exe4
ID aplikace související s chybujícím balíčkem: CCC.exe5


System errors:
=============
Error: (12/02/2015 08:21:40 PM) (Source: DCOM) (EventID: 10010) (User: dalik-pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/02/2015 08:21:10 PM) (Source: DCOM) (EventID: 10010) (User: dalik-pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/01/2015 07:59:38 AM) (Source: DCOM) (EventID: 10010) (User: dalik-pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/30/2015 05:49:43 PM) (Source: DCOM) (EventID: 10010) (User: dalik-pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/29/2015 07:33:43 PM) (Source: DCOM) (EventID: 10010) (User: dalik-pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/28/2015 04:02:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/28/2015 04:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MBAMService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/28/2015 04:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MBAMScheduler byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/28/2015 04:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba wampmysqld byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/28/2015 04:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba wampapache byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 41%
Total physical RAM: 8070.07 MB
Available physical RAM: 4725.1 MB
Total Virtual: 9350.07 MB
Available Virtual: 4720.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:9.5 GB) NTFS
Drive e: () (Fixed) (Total:372.51 GB) (Free:193.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: D6BCD6BC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=372.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: D356275F)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[altrok]

Je Vas operacni system legalni?


Bezite bez jakekoliv ochrany - i Windows Defender mate vypnuty. Alespon Defender zapnete.


Odinstalujte starou a zranitelnou verzi javy. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit. Aktualni je 8U66. Verze Javy, ktere v PC mate nainstalovane:

• Java 8 Update 25 (64-bit)
• Java SE Development Kit 8 Update 20 (64-bit)

Rozsireni Chromu Screenr mate vedome?

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  File: C:\Windows\system32\perfh005.dat
  File: C:\Windows\system32\perfc005.dat
  HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
  HKLM-x32\...\Run: [] => [X]
  HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\MountPoints2: {2fabae21-440c-11e5-82fa-94de807d1cb9} - "G:\MafiaLauncher.EXE"
  HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\MountPoints2: {2fabae38-440c-11e5-82fa-94de807d1cb9} - "H:\m.exe" 
  GroupPolicyScripts: Restriction <======= ATTENTION
  GroupPolicyScripts\User: Restriction <======= ATTENTION
  CHR Plugin: (Widevine Content Decryption Module) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x64\widevinecdmadapter.dll => No File
  2015-12-03 19:06 - 2015-12-03 19:07 - 00020762 _____ C:\Users\dalik\Desktop\FRST.txt
  2015-11-28 16:01 - 2015-11-28 16:02 - 00000000 ____D C:\AdwCleaner
  2015-11-26 21:34 - 2015-11-26 21:34 - 00000000 ____D C:\rsit
  2015-11-26 21:34 - 2015-11-26 21:34 - 00000000 ____D C:\Program Files\trend micro
  2015-11-17 22:34 - 2015-11-21 13:39 - 00000000 ____D C:\Program Files\KMSnano
  2015-08-16 21:44 - 2002-08-29 18:33 - 0319488 ____R () C:\Users\dalik\AppData\Roaming\MafiaSetup.exe
  Task: {EB6B7165-41AD-4EB4-AD3D-034024F09B80} - System32\Tasks\{2EDD9E70-A45A-4987-B87F-25E3B448EC56} => pcalua.exe -a "C:\Program Files\Mafia\Game.exe" -d "c:\program files\Mafia\"
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c00977cd4e52.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff29ef216a90f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d001c8a93f1ca1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040037d9dc9e1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0917457cb4187.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e19c1793730b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f17834b13ebd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  FirewallRules: [{974FE279-8A48-4BDD-AB6B-E63A83733480}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
  FirewallRules: [{993C991C-66D8-4453-9DBF-6CB62E40815A}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
  Hosts:
  EmptyTemp:
  End

[dalik]

Operační systém legální nebyl, ale už dávno jsem zakupoval cdkey, takže se z něho legální stal.

Screenr jsem myslím už dávno odstraňoval.

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by dalik (2015-12-07 18:50:47) Run:1
Running from C:\Users\dalik\Desktop
Loaded Profiles: dalik (Available Profiles: dalik)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\system32\perfh005.dat
File: C:\Windows\system32\perfc005.dat
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\MountPoints2: {2fabae21-440c-11e5-82fa-94de807d1cb9} - "G:\MafiaLauncher.EXE"
HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\...\MountPoints2: {2fabae38-440c-11e5-82fa-94de807d1cb9} - "H:\m.exe" 
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\dalik\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x64\widevinecdmadapter.dll => No File
2015-12-03 19:06 - 2015-12-03 19:07 - 00020762 _____ C:\Users\dalik\Desktop\FRST.txt
2015-11-28 16:01 - 2015-11-28 16:02 - 00000000 ____D C:\AdwCleaner
2015-11-26 21:34 - 2015-11-26 21:34 - 00000000 ____D C:\rsit
2015-11-26 21:34 - 2015-11-26 21:34 - 00000000 ____D C:\Program Files\trend micro
2015-11-17 22:34 - 2015-11-21 13:39 - 00000000 ____D C:\Program Files\KMSnano
2015-08-16 21:44 - 2002-08-29 18:33 - 0319488 ____R () C:\Users\dalik\AppData\Roaming\MafiaSetup.exe
Task: {EB6B7165-41AD-4EB4-AD3D-034024F09B80} - System32\Tasks\{2EDD9E70-A45A-4987-B87F-25E3B448EC56} => pcalua.exe -a "C:\Program Files\Mafia\Game.exe" -d "c:\program files\Mafia\"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c00977cd4e52.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff29ef216a90f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d001c8a93f1ca1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040037d9dc9e1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0917457cb4187.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e19c1793730b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f17834b13ebd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
FirewallRules: [{974FE279-8A48-4BDD-AB6B-E63A83733480}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{993C991C-66D8-4453-9DBF-6CB62E40815A}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Windows\system32\perfh005.dat ========================

File not signed
MD5: 9758BC2A44A51416BAD954FAF02BBBEE
Creation and modification date: 2013-10-11 18:41 - 2015-11-28 16:07
Size: 0738682
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 

====== End of File: ======


========================= File: C:\Windows\system32\perfc005.dat ========================

File not signed
MD5: 736530B8D9E5B78FDBC549951D120E8F
Creation and modification date: 2013-10-11 18:41 - 2015-11-28 16:07
Size: 0151404
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 

====== End of File: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fabae21-440c-11e5-82fa-94de807d1cb9}" => key removed successfully
HKCR\CLSID\{2fabae21-440c-11e5-82fa-94de807d1cb9} => key not found. 
"HKU\S-1-5-21-3997532326-2811007125-1357021809-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fabae38-440c-11e5-82fa-94de807d1cb9}" => key removed successfully
HKCR\CLSID\{2fabae38-440c-11e5-82fa-94de807d1cb9} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Users\dalik\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x64\widevinecdmadapter.dll => not found.
"C:\Users\dalik\Desktop\FRST.txt" => not found.
C:\AdwCleaner => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Program Files\KMSnano => moved successfully
C:\Users\dalik\AppData\Roaming\MafiaSetup.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB6B7165-41AD-4EB4-AD3D-034024F09B80}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB6B7165-41AD-4EB4-AD3D-034024F09B80}" => key removed successfully
C:\Windows\System32\Tasks\{2EDD9E70-A45A-4987-B87F-25E3B448EC56} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2EDD9E70-A45A-4987-B87F-25E3B448EC56}" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c00977cd4e52.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff29ef216a90f.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d001c8a93f1ca1.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040037d9dc9e1.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0917457cb4187.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e19c1793730b.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f17834b13ebd.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{974FE279-8A48-4BDD-AB6B-E63A83733480} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{993C991C-66D8-4453-9DBF-6CB62E40815A} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:51:15 ====

[altrok]

V logu nic spatneho nevidim, takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.