Nejdou smazat spamy

Zpráva

VladoR · #1 Příspěvek od **VladoR** » 02 pro 2015 12:30

Prosím o kontrolu a radu - nejdou mazat spamy z pošty.

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by Arwel (2015-12-02 12:29:18)
Running from C:\Users\Arwel\Desktop
Microsoft Windows 8.1 (X86) (2015-07-26 12:25:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1691434953-3710603858-1979380488-500 - Administrator - Disabled)
Arwel (S-1-5-21-1691434953-3710603858-1979380488-1001 - Administrator - Enabled) => C:\Users\Arwel
Guest (S-1-5-21-1691434953-3710603858-1979380488-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1691434953-3710603858-1979380488-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 16.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 19 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Avast Internet Security (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.536 - Corel Corporation)
HP Support Solutions Framework (HKLM\...\{9327D2D1-A0F2-4B33-AA57-0EA3D40054E6}) (Version: 12.0.30.219 - Hewlett-Packard Company)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version: - )
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 cs) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 cs)) (Version: 38.3.0 - Mozilla)
OpenOffice 4.1.1 (HKLM\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 33.0.1990.115 (HKLM\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software)
OrderReminder HP LaserJet 1020 (HKLM\...\OrderReminder HP LaserJet 1020) (Version: 2.0 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA CZ Premium (HKLM\...\{8C3BA5D5-6FAE-42C3-A3CD-EF1A3872B149}) (Version: 11100.161 - STORMWARE)
STORMWARE POHODA Klient CZ Premium (HKLM\...\{D9291109-63B3-407B-B29F-6CAF69F0DEBB}) (Version: 11100.161 - STORMWARE)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

11-11-2015 08:18:14 Windows Update
18-11-2015 08:20:06 Naplánovaný kontrolní bod
27-11-2015 08:19:12 Naplánovaný kontrolní bod
02-12-2015 09:11:00 Installed STORMWARE POHODA Klient CZ.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {38522F0B-03DD-45F5-9CB4-E28E1348C80F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-12] (AVAST Software)
Task: {5B5F3382-C564-4500-B66B-F3F4152BEBA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {637F4D2E-2CE9-4CDE-898F-42886022D42F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {B6E48F33-D406-4627-92B3-9B6E99851265} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B8D87042-FD20-45FC-80E9-B55B47676B2E} - System32\Tasks\Driver Booster SkipUAC (Arwel) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {B9E33F94-AE6C-4C79-B460-3B11367D88D2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {D69BBE5D-E58D-4721-B35C-E911627E41D7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {DAC980B9-DEC5-4173-BE6B-836C03EE2E09} - System32\Tasks\Opera scheduled Autoupdate 1437981128 => C:\Program Files\Opera\launcher.exe [2015-11-16] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-12 07:13 - 2015-10-12 07:13 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-12 07:13 - 2015-10-12 07:13 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-30 20:13 - 2015-11-30 20:13 - 02812928 _____ () C:\Program Files\AVAST Software\Avast\defs\15113001\algo.dll
2015-12-01 12:18 - 2015-12-01 12:18 - 02813440 _____ () C:\Program Files\AVAST Software\Avast\defs\15120101\algo.dll
2015-10-12 07:13 - 2015-10-12 07:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-19 13:54 - 2015-11-19 13:53 - 60736120 _____ () C:\Program Files\Opera\33.0.1990.115\opera.dll
2015-07-26 15:33 - 2012-09-18 14:26 - 02223104 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\suhp1020.dll
2015-07-26 15:34 - 2012-09-18 14:26 - 00949248 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\gchp1020.dll
2015-07-26 15:33 - 2012-09-18 14:26 - 00532992 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\sdhp1020.dll
2015-07-26 15:34 - 2012-09-18 14:26 - 00169472 _____ () C:\Windows\System32\ZLhp1020.DLL
2015-07-26 15:34 - 2012-09-18 14:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2015-09-30 11:55 - 2015-09-30 11:55 - 00298792 ____R () \\Vlador\pohoda\StwXML.dll
2014-07-22 07:51 - 2014-07-22 07:51 - 00055808 ____R () \\Vlador\pohoda\zlib1.dll
2015-09-30 11:55 - 2015-09-30 11:55 - 00211752 ____R () \\Vlador\pohoda\StwDataBox.dll
2014-07-22 07:51 - 2014-07-22 07:51 - 24978944 ____R () \\Vlador\pohoda\libcef.dll
2013-08-22 00:55 - 2013-06-18 13:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
2015-10-01 16:25 - 2015-10-01 16:25 - 00153768 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-10-01 16:25 - 2015-10-01 16:25 - 00023208 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1691434953-3710603858-1979380488-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img2.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "OrderReminder"
HKU\S-1-5-21-1691434953-3710603858-1979380488-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

==================== Faulty Device Manager Devices =============

Name: Sériový port sběrnice PCI
Description: Sériový port sběrnice PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič jednoduché komunikace pro sběrnici PCI
Description: Řadič jednoduché komunikace pro sběrnici PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2015 00:39:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (11/30/2015 03:57:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program StwPh.exe verze 5.1.11103.11 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1074

Čas spuštění: 01d12b7a98fd336c

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files\STORMWARE\POHODA\StwPh.exe

ID hlášení: 9fc2593e-9772-11e5-972b-0019993d38cc

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (11/30/2015 02:47:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program StwPh.exe verze 5.1.11103.11 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 900

Čas spuštění: 01d12b7312efed6a

Čas ukončení: 562

Cesta k aplikaci: C:\Program Files\STORMWARE\POHODA\StwPh.exe

ID hlášení: d9a7acd9-9768-11e5-972a-0019993d38cc

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (11/25/2015 03:13:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program glcnd.exe verze 6.3.9600.17994 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 12b0

Čas spuštění: 01d126c1a243a511

Čas ukončení: 270

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x86__8wekyb3d8bbwe\glcnd.exe

ID hlášení: a1c969ca-937e-11e5-9728-0019993d38cc

Úplný název chybujícího balíčku: Microsoft.Reader_6.4.9926.17994_x86__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: Microsoft.Reader

Error: (11/17/2015 01:42:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (11/16/2015 08:18:21 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (11/10/2015 08:15:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (11/10/2015 07:55:47 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Službě Windows Search se nepodařilo vytvořit nový vyhledávací index. Došlo k vnitřní chybě <4, 0x80070020, Nepodařilo se přidat projekt: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (11/10/2015 07:54:56 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (11/10/2015 07:54:56 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

System errors:
=============
Error: (12/01/2015 00:16:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (11:50:27, ‎1. ‎12. ‎2015) bylo neočekávané.

Error: (11/30/2015 03:08:49 PM) (Source: DCOM) (EventID: 10010) (User: UČTO1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/30/2015 03:08:49 PM) (Source: DCOM) (EventID: 10010) (User: UČTO1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/30/2015 02:22:30 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače VLADOR,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{C1705383-0328-4EB4-B343-1DDE8B26145.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (11/30/2015 01:12:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (11/30/2015 01:06:26 PM) (Source: DCOM) (EventID: 10010) (User: UČTO1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/30/2015 01:06:26 PM) (Source: DCOM) (EventID: 10010) (User: UČTO1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/30/2015 01:06:23 PM) (Source: DCOM) (EventID: 10010) (User: UČTO1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/30/2015 01:06:22 PM) (Source: DCOM) (EventID: 10010) (User: UČTO1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/30/2015 01:06:22 PM) (Source: DCOM) (EventID: 10010) (User: UČTO1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8300 @ 2.83GHz
Percentage of memory in use: 75%
Total physical RAM: 2005.29 MB
Available physical RAM: 493.45 MB
Total Virtual: 3285.29 MB
Available Virtual: 866.24 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:193 GB) (Free:150.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:111.78 GB) (Free:96.76 GB) NTFS
Drive e: (Elements) (Fixed) (Total:298.09 GB) (Free:166.52 GB) NTFS
Drive f: (Data) (Fixed) (Total:39.88 GB) (Free:39.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: D85F7F66)
Partition 1: (Active) - (Size=193 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 42134212)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 0014D254)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2 Příspěvek od **Rudy** » 02 pro 2015 18:49

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

VladoR · #3 Příspěvek od **VladoR** » 03 pro 2015 13:14

Díky, tady je log.

# AdwCleaner v5.023 - Logfile created 03/12/2015 at 13:08:29
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 8.1 (x86)
# Username : Arwel - UÄŚTO1
# Running from : C:\Users\Arwel\Desktop\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Arwel\AppData\Local\slimware utilities inc

***** [ Files ] *****

[-] File Deleted : C:\Windows\system32\drivers\swdumon.sys

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1070 bytes] ##########

#4 Příspěvek od **Rudy** » 03 pro 2015 18:05

Dejte nový log FRST.

VladoR · #5 Příspěvek od **VladoR** » 04 pro 2015 08:49

Nový log, díky.

# AdwCleaner v5.023 - Logfile created 04/12/2015 at 08:21:38
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 8.1 (x86)
# Username : Arwel - UÄŚTO1
# Running from : C:\Users\Arwel\Desktop\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [653 bytes] ##########

#6 Příspěvek od **JaRon** » 04 pro 2015 08:58

Rudy píše:Dejte nový log FRST.

VladoR · #7 Příspěvek od **VladoR** » 04 pro 2015 13:43

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by Arwel (administrator) on UČTO1 (04-12-2015 13:42:07)
Running from C:\Users\Arwel\Desktop
Loaded Profiles: Arwel (Available Profiles: Arwel)
Platform: Microsoft Windows 8.1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x86__8wekyb3d8bbwe\glcnd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(STORMWARE s.r.o.) \\Vlador\pohoda\Pohoda.exe
(STORMWARE s.r.o.) \\Vlador\pohoda\StwPh.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-07-21] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12336856 2015-07-28] (Realtek Semiconductor)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [729088 2004-06-22] (Corel Corporation)
HKU\S-1-5-21-1691434953-3710603858-1979380488-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-1691434953-3710603858-1979380488-1001\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-12] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{C1705383-0328-4EB4-B343-1DDE8B26145C}: [DhcpNameServer] 192.168.1.1 8.8.8.8

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-21] (AVAST Software)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-12] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-10-12] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45056 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-11-14] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-10-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-10-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-10-12] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [275856 2015-10-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-10-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-10-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115640 2015-10-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-10-12] (AVAST Software)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-07-28] (REALiX(tm))
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [25840 2015-07-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-11-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 13:22 - 2015-12-04 13:22 - 00007774 _____ C:\Users\Arwel\Downloads\output.pdf
2015-12-04 08:50 - 2015-12-04 08:50 - 00000731 _____ C:\Users\Arwel\Desktop\AdwCleaner[C2]_log.txt
2015-12-03 19:13 - 2015-12-03 19:13 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-03 13:07 - 2015-12-04 08:47 - 00000000 ____D C:\AdwCleaner
2015-12-03 13:03 - 2015-12-03 13:03 - 01736704 _____ C:\Users\Arwel\Desktop\adwcleaner_5.023.exe
2015-12-03 09:45 - 2015-12-03 13:15 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-12-02 12:26 - 2015-12-02 12:29 - 00017211 _____ C:\Users\Arwel\Desktop\Addition.txt
2015-12-02 12:25 - 2015-12-04 13:42 - 00008289 _____ C:\Users\Arwel\Desktop\FRST.txt
2015-12-02 12:25 - 2015-12-04 13:40 - 00000000 ____D C:\FRST
2015-12-02 12:24 - 2015-12-02 12:24 - 01721344 _____ (Farbar) C:\Users\Arwel\Desktop\FRST.exe
2015-12-02 09:11 - 2015-12-02 09:11 - 00002438 _____ C:\Users\Public\Desktop\Ekonomický systém POHODA 2015 (síťový klient) Premium.lnk
2015-11-30 09:48 - 2015-11-30 09:48 - 00007737 _____ C:\Users\Arwel\Downloads\output (100).pdf
2015-11-30 09:40 - 2015-11-30 09:40 - 00007754 _____ C:\Users\Arwel\Downloads\output (99).pdf
2015-11-30 09:33 - 2015-11-30 09:33 - 00007716 _____ C:\Users\Arwel\Downloads\output (98).pdf
2015-11-30 09:21 - 2015-11-30 09:21 - 00007999 _____ C:\Users\Arwel\Downloads\output (97).pdf
2015-11-30 08:24 - 2015-11-30 08:24 - 00007865 _____ C:\Users\Arwel\Downloads\output (96).pdf
2015-11-27 10:26 - 2015-11-27 10:26 - 00023171 _____ C:\Users\Arwel\Downloads\output (95).pdf
2015-11-27 10:25 - 2015-11-27 10:25 - 00021793 _____ C:\Users\Arwel\Downloads\output (94).pdf
2015-11-27 09:59 - 2015-11-27 09:59 - 00007747 _____ C:\Users\Arwel\Downloads\output (93).pdf
2015-11-27 09:38 - 2015-11-27 09:38 - 00007768 _____ C:\Users\Arwel\Downloads\output (92).pdf
2015-11-27 09:33 - 2015-11-27 09:33 - 00007953 _____ C:\Users\Arwel\Downloads\output (91).pdf
2015-11-27 09:25 - 2015-11-27 09:25 - 00007930 _____ C:\Users\Arwel\Downloads\output (90).pdf
2015-11-27 09:09 - 2015-11-27 09:09 - 00007995 _____ C:\Users\Arwel\Downloads\output (89).pdf
2015-11-26 10:41 - 2015-11-26 10:41 - 00022426 _____ C:\Users\Arwel\Downloads\output (88).pdf
2015-11-26 10:40 - 2015-11-26 10:40 - 00008020 _____ C:\Users\Arwel\Downloads\output (87).pdf
2015-11-26 10:04 - 2015-11-26 10:04 - 00007682 _____ C:\Users\Arwel\Downloads\output (86).pdf
2015-11-26 09:53 - 2015-11-26 09:53 - 00022177 _____ C:\Users\Arwel\Downloads\output (85).pdf
2015-11-26 09:51 - 2015-11-26 09:51 - 00007831 _____ C:\Users\Arwel\Downloads\output (84).pdf
2015-11-26 09:50 - 2015-11-26 09:50 - 00007834 _____ C:\Users\Arwel\Downloads\output (83).pdf
2015-11-26 08:42 - 2015-11-26 08:42 - 00007853 _____ C:\Users\Arwel\Downloads\output (82).pdf
2015-11-26 08:34 - 2015-11-26 08:34 - 00008013 _____ C:\Users\Arwel\Downloads\output (81).pdf
2015-11-25 15:11 - 2015-11-25 15:11 - 00007761 _____ C:\Users\Arwel\Downloads\output (80).pdf
2015-11-25 13:33 - 2015-11-25 13:33 - 00008098 _____ C:\Users\Arwel\Downloads\output (79).pdf
2015-11-25 12:47 - 2015-11-25 12:47 - 00023620 _____ C:\Users\Arwel\Downloads\output (78).pdf
2015-11-25 12:46 - 2015-11-25 12:46 - 00022295 _____ C:\Users\Arwel\Downloads\output (77).pdf
2015-11-25 12:24 - 2015-11-25 12:24 - 00007755 _____ C:\Users\Arwel\Downloads\output (76).pdf
2015-11-25 11:06 - 2015-11-25 11:06 - 00022295 _____ C:\Users\Arwel\Downloads\output (75).pdf
2015-11-25 10:41 - 2015-11-25 10:41 - 00008029 _____ C:\Users\Arwel\Downloads\output (74).pdf
2015-11-25 10:11 - 2015-11-25 10:11 - 00022055 _____ C:\Users\Arwel\Downloads\output (73).pdf
2015-11-25 09:44 - 2015-11-25 09:44 - 00007834 _____ C:\Users\Arwel\Downloads\output (72).pdf
2015-11-25 09:29 - 2015-11-25 09:29 - 00007990 _____ C:\Users\Arwel\Downloads\output (71).pdf
2015-11-25 09:24 - 2015-11-25 09:24 - 00007847 _____ C:\Users\Arwel\Downloads\output (70).pdf
2015-11-25 09:17 - 2015-11-25 09:17 - 00007934 _____ C:\Users\Arwel\Downloads\output (69).pdf
2015-11-25 09:05 - 2015-11-25 09:05 - 00007870 _____ C:\Users\Arwel\Downloads\output (68).pdf
2015-11-24 09:52 - 2015-11-24 09:52 - 00007730 _____ C:\Users\Arwel\Downloads\output (67).pdf
2015-11-24 09:11 - 2015-11-24 09:11 - 00007785 _____ C:\Users\Arwel\Downloads\output (66).pdf
2015-11-24 08:59 - 2015-11-26 13:56 - 00023955 _____ C:\Users\Arwel\Desktop\Marketingový plán.odt
2015-11-23 09:28 - 2015-11-23 09:28 - 00021818 _____ C:\Users\Arwel\Downloads\output (65).pdf
2015-11-23 09:21 - 2015-11-23 09:21 - 00007751 _____ C:\Users\Arwel\Downloads\output (64).pdf
2015-11-23 08:56 - 2015-11-23 08:56 - 00007996 _____ C:\Users\Arwel\Downloads\output (63).pdf
2015-11-23 08:42 - 2015-11-23 08:42 - 00007840 _____ C:\Users\Arwel\Downloads\output (62).pdf
2015-11-20 16:13 - 2015-11-20 16:13 - 00009501 _____ C:\Users\Arwel\Downloads\output (61).pdf
2015-11-20 15:05 - 2015-11-20 15:05 - 00007746 _____ C:\Users\Arwel\Downloads\output (60).pdf
2015-11-20 10:53 - 2015-11-20 10:53 - 00022040 _____ C:\Users\Arwel\Downloads\output (59).pdf
2015-11-20 10:53 - 2015-11-20 10:53 - 00021758 _____ C:\Users\Arwel\Downloads\output (58).pdf
2015-11-20 08:32 - 2015-11-20 08:32 - 00007898 _____ C:\Users\Arwel\Downloads\output (57).pdf
2015-11-19 12:18 - 2015-11-19 12:18 - 00007857 _____ C:\Users\Arwel\Downloads\output (56).pdf
2015-11-19 11:39 - 2015-11-19 11:39 - 00007732 _____ C:\Users\Arwel\Downloads\output (55).pdf
2015-11-19 08:53 - 2015-11-19 08:53 - 00022086 _____ C:\Users\Arwel\Downloads\output (54).pdf
2015-11-19 08:51 - 2015-11-19 08:51 - 00008001 _____ C:\Users\Arwel\Downloads\output (53).pdf
2015-11-19 08:33 - 2015-11-19 08:33 - 00021821 _____ C:\Users\Arwel\Downloads\output (52).pdf
2015-11-19 08:32 - 2015-11-19 08:32 - 00007980 _____ C:\Users\Arwel\Downloads\output (51).pdf
2015-11-19 08:27 - 2015-11-19 08:27 - 00007856 _____ C:\Users\Arwel\Downloads\output (50).pdf
2015-11-18 15:08 - 2015-11-18 15:08 - 00007745 _____ C:\Users\Arwel\Downloads\output (49).pdf
2015-11-18 14:40 - 2015-11-18 14:40 - 00007744 _____ C:\Users\Arwel\Downloads\output (48).pdf
2015-11-18 14:15 - 2015-11-18 14:15 - 00007762 _____ C:\Users\Arwel\Downloads\output (47).pdf
2015-11-18 10:44 - 2015-11-18 10:44 - 00007877 _____ C:\Users\Arwel\Downloads\output (46).pdf
2015-11-18 10:24 - 2015-11-18 10:24 - 00007876 _____ C:\Users\Arwel\Downloads\output (45).pdf
2015-11-18 09:11 - 2015-11-18 09:11 - 00007916 _____ C:\Users\Arwel\Downloads\output (44).pdf
2015-11-16 12:23 - 2015-11-16 12:23 - 00022767 _____ C:\Users\Arwel\Downloads\output (43).pdf
2015-11-16 11:03 - 2015-11-16 11:03 - 00009470 _____ C:\Users\Arwel\Downloads\output (42).pdf
2015-11-16 09:15 - 2015-11-16 09:15 - 00007758 _____ C:\Users\Arwel\Downloads\output (41).pdf
2015-11-16 09:12 - 2015-11-16 09:12 - 00007930 _____ C:\Users\Arwel\Downloads\output (40).pdf
2015-11-13 13:51 - 2015-11-24 14:53 - 00016322 _____ C:\Users\Arwel\Desktop\Ladies bags.odt
2015-11-13 11:35 - 2015-11-13 11:35 - 00023403 _____ C:\Users\Arwel\Downloads\output (39).pdf
2015-11-13 11:32 - 2015-11-13 11:32 - 00007731 _____ C:\Users\Arwel\Downloads\output (38).pdf
2015-11-13 11:27 - 2015-11-13 11:27 - 00007823 _____ C:\Users\Arwel\Downloads\output (37).pdf
2015-11-13 11:14 - 2015-11-13 11:14 - 00007814 _____ C:\Users\Arwel\Downloads\output (36).pdf
2015-11-13 11:08 - 2015-11-13 11:08 - 00007759 _____ C:\Users\Arwel\Downloads\output (35).pdf
2015-11-13 10:02 - 2015-11-13 10:02 - 00021921 _____ C:\Users\Arwel\Downloads\output (34).pdf
2015-11-13 09:49 - 2015-11-13 09:49 - 00007835 _____ C:\Users\Arwel\Downloads\output (33).pdf
2015-11-13 09:40 - 2015-11-13 09:40 - 00007980 _____ C:\Users\Arwel\Downloads\output (32).pdf
2015-11-13 09:37 - 2015-11-13 09:37 - 00007741 _____ C:\Users\Arwel\Downloads\output (31).pdf
2015-11-12 08:54 - 2015-11-12 08:54 - 00007840 _____ C:\Users\Arwel\Downloads\output (30).pdf
2015-11-12 08:53 - 2015-11-12 08:53 - 00007744 _____ C:\Users\Arwel\Downloads\output (29).pdf
2015-11-11 12:59 - 2015-11-11 12:59 - 00023027 _____ C:\Users\Arwel\Downloads\output (28).pdf
2015-11-11 10:18 - 2015-11-11 10:18 - 00007842 _____ C:\Users\Arwel\Downloads\output (27).pdf
2015-11-11 09:29 - 2015-11-11 09:29 - 00022812 _____ C:\Users\Arwel\Downloads\output (26).pdf
2015-11-11 09:28 - 2015-11-11 09:28 - 00021936 _____ C:\Users\Arwel\Downloads\output (25).pdf
2015-11-11 09:27 - 2015-11-11 09:27 - 00007739 _____ C:\Users\Arwel\Downloads\output (24).pdf
2015-11-11 09:25 - 2015-11-11 09:25 - 00007700 _____ C:\Users\Arwel\Downloads\output (23).pdf
2015-11-11 09:23 - 2015-11-11 09:23 - 00007988 _____ C:\Users\Arwel\Downloads\output (22).pdf
2015-11-11 04:59 - 2015-10-20 22:59 - 00128568 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 04:59 - 2015-10-20 15:21 - 03066368 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 04:59 - 2015-10-20 15:14 - 02175488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 04:59 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 04:59 - 2015-10-20 15:13 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-11 04:59 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 04:59 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 04:59 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 04:59 - 2015-10-17 15:00 - 03521536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 04:59 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 04:59 - 2015-10-15 00:07 - 05765976 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 04:59 - 2015-10-15 00:07 - 01393584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 04:59 - 2015-10-15 00:07 - 01282528 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-11 04:59 - 2015-10-15 00:07 - 01269072 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 04:59 - 2015-10-15 00:07 - 01168912 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-11 04:59 - 2015-10-13 17:24 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 04:59 - 2015-10-13 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 04:59 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 04:59 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 04:59 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-11 04:59 - 2015-10-11 07:41 - 00478800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 04:59 - 2015-10-11 07:41 - 00148312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 04:59 - 2015-10-10 18:35 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 04:59 - 2015-10-10 18:35 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 04:59 - 2015-10-10 17:46 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 04:59 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 04:59 - 2015-10-08 16:45 - 00734208 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-11 04:59 - 2015-09-29 13:30 - 00131416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-11 04:59 - 2015-09-12 14:28 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-11 04:59 - 2015-09-04 19:04 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-11 04:59 - 2015-08-28 23:24 - 00148736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-11 04:59 - 2015-08-20 21:01 - 01134168 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-11 04:59 - 2015-08-10 18:01 - 00570368 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-11 04:59 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-11 04:59 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-11 04:59 - 2014-11-10 18:47 - 00069440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-11 04:59 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-11 04:58 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 04:58 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 04:58 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 04:58 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 04:58 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 04:58 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-11 04:58 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 04:58 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 04:58 - 2015-10-30 23:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 04:58 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 04:58 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 04:58 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 04:58 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-11 04:58 - 2015-09-07 16:22 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-10 11:27 - 2015-11-10 11:27 - 00023218 _____ C:\Users\Arwel\Downloads\output (21).pdf
2015-11-10 11:27 - 2015-11-10 11:27 - 00021852 _____ C:\Users\Arwel\Downloads\output (20).pdf
2015-11-10 08:36 - 2015-11-10 08:36 - 00007802 _____ C:\Users\Arwel\Downloads\output (19).pdf
2015-11-10 08:22 - 2015-11-10 08:22 - 00007753 _____ C:\Users\Arwel\Downloads\output (18).pdf
2015-11-09 10:50 - 2015-11-09 10:50 - 00007967 _____ C:\Users\Arwel\Downloads\output (17).pdf
2015-11-09 10:36 - 2015-11-09 10:36 - 00007735 _____ C:\Users\Arwel\Downloads\output (16).pdf
2015-11-09 10:19 - 2015-11-09 10:19 - 00007912 _____ C:\Users\Arwel\Downloads\output (15).pdf
2015-11-09 10:11 - 2015-11-09 10:11 - 00022821 _____ C:\Users\Arwel\Downloads\output (14).pdf
2015-11-09 10:10 - 2015-11-09 10:10 - 00021928 _____ C:\Users\Arwel\Downloads\output (13).pdf
2015-11-09 09:59 - 2015-11-09 09:59 - 00007721 _____ C:\Users\Arwel\Downloads\output (12).pdf
2015-11-09 08:44 - 2015-11-09 08:44 - 00007997 _____ C:\Users\Arwel\Downloads\output (11).pdf
2015-11-05 08:40 - 2015-11-05 08:40 - 00022898 _____ C:\Users\Arwel\Downloads\output (9).pdf
2015-11-05 08:40 - 2015-11-05 08:40 - 00022006 _____ C:\Users\Arwel\Downloads\output (10).pdf
2015-11-05 08:36 - 2015-11-05 08:36 - 00007811 _____ C:\Users\Arwel\Downloads\output (8).pdf
2015-11-05 08:17 - 2015-11-05 08:17 - 00007741 _____ C:\Users\Arwel\Downloads\output (7).pdf
2015-11-04 11:44 - 2015-11-04 11:44 - 00008017 _____ C:\Users\Arwel\Downloads\output (6).pdf
2015-11-04 11:37 - 2015-11-04 11:37 - 00008034 _____ C:\Users\Arwel\Downloads\output (5).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 13:42 - 2015-07-28 09:16 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-04 08:23 - 2015-07-26 13:30 - 00000000 ____D C:\Users\Arwel\OneDrive
2015-12-04 08:23 - 2013-08-22 08:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 08:22 - 2015-07-26 15:19 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-04 08:22 - 2013-08-22 07:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-03 13:09 - 2015-07-26 13:23 - 00000000 ____D C:\Users\Arwel
2015-12-02 12:25 - 2013-08-22 07:21 - 00000000 ____D C:\Windows
2015-12-02 09:55 - 2015-08-21 07:21 - 00104960 ___SH C:\Users\Arwel\Desktop\Thumbs.db
2015-12-02 09:11 - 2015-10-12 07:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office
2015-12-01 14:40 - 2014-11-21 05:28 - 01658450 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-01 14:40 - 2014-11-21 04:44 - 00704264 _____ C:\Windows\system32\perfh005.dat
2015-12-01 14:40 - 2014-11-21 04:44 - 00143624 _____ C:\Windows\system32\perfc005.dat
2015-12-01 14:40 - 2013-08-22 07:21 - 00000000 ____D C:\Windows\inf
2015-12-01 11:14 - 2011-03-21 15:16 - 00000000 ____D C:\docasne
2015-11-30 16:01 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\system32\NDF
2015-11-30 14:23 - 2015-07-27 08:11 - 00000000 ____D C:\Program Files\Opera
2015-11-30 12:49 - 2015-07-26 14:34 - 00000000 ____D C:\Users\Arwel\AppData\Local\ElevatedDiagnostics
2015-11-22 13:50 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\AppReadiness
2015-11-19 13:54 - 2015-07-27 08:12 - 00001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-16 08:22 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\rescache
2015-11-14 09:15 - 2013-08-22 08:22 - 00370536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-14 09:13 - 2013-08-22 09:17 - 00000000 ___RD C:\Windows\ToastData
2015-11-14 08:46 - 2015-07-28 09:16 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-11-11 08:26 - 2013-08-22 09:05 - 00000000 ____D C:\Windows\CbsTemp
2015-11-11 08:24 - 2015-07-28 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 08:21 - 2015-07-28 03:01 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-06 19:13 - 2015-07-26 17:01 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-06 19:13 - 2015-07-26 17:01 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-11-06 08:34 - 2013-08-22 09:17 - 00000000 ___HD C:\Program Files\WindowsApps

==================== Files in the root of some directories =======

2015-07-28 12:57 - 2015-07-28 12:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Arwel\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-04 05:42

==================== End of FRST.txt ============================

#8 Příspěvek od **Rudy** » 04 pro 2015 17:23

Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\Windows\system32\ApnDatabase.xml
C:\ProgramData\DP45977C.lfl
C:\Users\Arwel\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

VIRY.CZ

Nejdou smazat spamy

Nejdou smazat spamy

Re: Nejdou smazat spamy

Re: Nejdou smazat spamy

Re: Nejdou smazat spamy

Re: Nejdou smazat spamy

Re: Nejdou smazat spamy

Re: Nejdou smazat spamy

Re: Nejdou smazat spamy