Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka - podezření na viry

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Josef Kratochvíl
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 28 dub 2013 13:26

Preventivka - podezření na viry

#1 Příspěvek od Josef Kratochvíl »

Dobrý den, kamarádka mě poprosila, jestli bych jí nepomohl s notebookem, i když je poměrně nový a podle parametrů celkem výkonný, je dost zasekaný a nefunguje, jak má. mockrát předem děkuji :)

Logfile of random's system information tool 1.10 (written by random/random)
Run by user at 2015-12-31 15:08:40
Microsoft Windows 8.1
System drive C: has 330 GB (71%) free of 462 GB
Total RAM: 3554 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:09:09, on 31. 12. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BingSvc] C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP SimplePass Cachedrv Service (Cachedrv server) - Unknown owner - C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem14.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9889 bytes

======Listing Processes======





wininit.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe"
"C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\MyPC Backup\BackupStack.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
atieclxx
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
dashost.exe {6943b73c-031a-4435-af60169b90437d4e}
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" /byrunkey

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Users\user\Downloads\RSITx64.exe"
"C:\Users\user\Downloads\RSITx64(1).exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Norton Security Scan for user.job - C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe /scan-quick /scheduled

=========Mozilla firefox=========

ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c20wzvs7.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-04 885152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12 2134656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-04 664184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12 1725056]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-08-20 7202520]
"SimplePass"=C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2013-09-26 2755640]
"OPBHOBroker"=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2013-09-26 155704]
"OPBHOBrokerDesktop"=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2013-09-26 155704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26 2771184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"BingSvc"=C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-17 144008]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-09-25 766208]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2013-07-24 77088]
"YouCam Service"=C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-09-02 267224]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2013-10-08 1045304]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-04 7004376]

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MyPC Backup.lnk - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-12-31 15:06:17 ----D---- C:\rsit
2015-12-31 15:06:17 ----D---- C:\Program Files\trend micro
2015-12-31 15:01:54 ----D---- C:\Users\user\AppData\Roaming\Mozilla
2015-12-31 15:01:33 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-12-29 11:45:29 ----A---- C:\Windows\system32\aspnet_counters.dll
2015-12-29 11:45:26 ----A---- C:\Windows\SYSWOW64\aspnet_counters.dll
2015-12-25 13:58:19 ----A---- C:\Windows\system32\dpapisrv.dll
2015-12-25 13:58:18 ----A---- C:\Windows\SYSWOW64\PCPKsp.dll
2015-12-25 13:58:18 ----A---- C:\Windows\system32\winlogon.exe
2015-12-25 13:58:18 ----A---- C:\Windows\system32\wininit.exe
2015-12-25 13:58:18 ----A---- C:\Windows\system32\PCPKsp.dll
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\usbport.sys
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\USBHUB3.SYS
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\usbhub.sys
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\usbehci.sys
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\usbd.sys
2015-12-25 13:58:16 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-12-25 13:58:16 ----A---- C:\Windows\system32\msctf.dll
2015-12-25 13:58:16 ----A---- C:\Windows\system32\drivers\winusb.sys
2015-12-25 13:58:16 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2015-12-25 13:58:16 ----A---- C:\Windows\system32\drivers\usbohci.sys
2015-12-23 08:51:23 ----A---- C:\Windows\system32\drivers\rmcast.sys
2015-12-23 08:51:12 ----A---- C:\Windows\system32\mshtml.dll
2015-12-23 08:51:09 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-12-23 08:50:32 ----A---- C:\Windows\system32\jscript9.dll
2015-12-23 08:50:29 ----A---- C:\Windows\system32\ieframe.dll
2015-12-23 08:50:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-12-23 08:50:23 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-12-23 08:50:21 ----A---- C:\Windows\system32\wininet.dll
2015-12-23 08:50:20 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-12-23 08:50:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-12-23 08:50:20 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-12-23 08:50:20 ----A---- C:\Windows\system32\vbscript.dll
2015-12-23 08:50:20 ----A---- C:\Windows\system32\ieui.dll
2015-12-23 08:50:19 ----A---- C:\Windows\system32\urlmon.dll
2015-12-23 08:50:18 ----A---- C:\Windows\system32\jscript.dll
2015-12-23 08:50:18 ----A---- C:\Windows\system32\iertutil.dll
2015-12-23 08:50:17 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-12-23 08:50:17 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-12-23 08:50:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-12-23 08:50:16 ----A---- C:\Windows\SYSWOW64\actxprxy.dll
2015-12-23 08:50:16 ----A---- C:\Windows\system32\msfeeds.dll
2015-12-23 08:50:15 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-12-23 08:50:15 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-12-23 08:50:14 ----A---- C:\Windows\system32\inetcomm.dll
2015-12-23 08:50:14 ----A---- C:\Windows\system32\iedkcs32.dll
2015-12-23 08:50:14 ----A---- C:\Windows\system32\ie4uinit.exe
2015-12-23 08:50:13 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-12-23 08:50:13 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-12-23 08:50:13 ----A---- C:\Windows\system32\mshtmled.dll
2015-12-23 08:50:13 ----A---- C:\Windows\system32\iepeers.dll
2015-12-23 08:50:13 ----A---- C:\Windows\system32\ieapfltr.dll
2015-12-23 08:50:12 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-12-23 08:50:12 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-12-23 08:50:12 ----A---- C:\Windows\system32\webcheck.dll
2015-12-23 08:50:12 ----A---- C:\Windows\system32\dxtrans.dll
2015-12-23 08:50:11 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-12-23 08:50:11 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-12-23 08:50:11 ----A---- C:\Windows\system32\actxprxy.dll
2015-12-23 08:48:52 ----A---- C:\Windows\system32\win32k.sys
2015-12-23 08:48:51 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-12-23 08:48:51 ----A---- C:\Windows\system32\user32.dll
2015-12-23 08:48:51 ----A---- C:\Windows\system32\GdiPlus.dll
2015-12-23 08:48:51 ----A---- C:\Windows\system32\FntCache.dll
2015-12-23 08:48:51 ----A---- C:\Windows\system32\DWrite.dll
2015-12-23 08:48:50 ----A---- C:\Windows\SYSWOW64\user32.dll
2015-12-23 08:48:50 ----A---- C:\Windows\SYSWOW64\GdiPlus.dll
2015-12-23 08:48:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-12-23 08:48:48 ----A---- C:\Windows\system32\ntdll.dll
2015-12-23 08:48:48 ----A---- C:\Windows\system32\comsvcs.dll
2015-12-23 08:48:47 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-12-23 08:48:47 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2015-12-23 08:48:47 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2015-12-23 08:48:47 ----A---- C:\Windows\system32\winresume.exe
2015-12-23 08:48:47 ----A---- C:\Windows\system32\winload.exe
2015-12-23 08:48:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-12-23 08:48:46 ----A---- C:\Windows\system32\ntvdm64.dll
2015-12-23 08:48:46 ----A---- C:\Windows\system32\catsrvut.dll
2015-12-23 08:48:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-23 08:48:20 ----A---- C:\Windows\system32\wucltux.dll
2015-12-23 08:48:20 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-23 08:48:20 ----A---- C:\Windows\system32\wuapi.dll
2015-12-23 08:48:19 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-23 08:48:19 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-23 08:48:19 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-23 08:48:19 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wups2.dll
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wudriver.dll
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wuapp.exe
2015-12-23 08:47:34 ----A---- C:\Windows\system32\authui.dll
2015-12-23 08:47:33 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-12-14 22:23:57 ----D---- C:\Program Files\Common Files\AV

======List of files/folders modified in the last 1 month======

2015-12-31 15:06:30 ----D---- C:\Windows\Prefetch
2015-12-31 15:06:17 ----D---- C:\Program Files
2015-12-31 15:01:43 ----D---- C:\Windows\system32\config
2015-12-31 15:01:33 ----RD---- C:\Program Files (x86)
2015-12-31 15:00:02 ----D---- C:\Windows\system32\sru
2015-12-31 15:00:01 ----D---- C:\Windows\Temp
2015-12-31 14:52:31 ----D---- C:\Windows\system32\NDF
2015-12-31 14:38:47 ----D---- C:\Windows\CbsTemp
2015-12-31 14:38:44 ----D---- C:\Windows\WinSxS
2015-12-31 14:38:26 ----D---- C:\Windows\Microsoft.NET
2015-12-31 14:27:13 ----RD---- C:\Windows\System32
2015-12-31 14:27:13 ----D---- C:\Windows\Inf
2015-12-31 14:27:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-30 20:58:58 ----D---- C:\Windows\SysWOW64
2015-12-30 20:58:35 ----SHD---- C:\System Volume Information
2015-12-29 23:10:33 ----D---- C:\Users\user\AppData\Roaming\Skype
2015-12-29 11:53:00 ----SD---- C:\Windows\SYSWOW64\GWX
2015-12-29 11:53:00 ----SD---- C:\Windows\system32\GWX
2015-12-29 11:53:00 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-29 11:52:59 ----D---- C:\Windows\system32\cs-CZ
2015-12-29 11:52:56 ----D---- C:\Windows\system32\drivers
2015-12-29 11:52:51 ----D---- C:\Windows\system32\DriverStore
2015-12-27 17:39:41 ----D---- C:\Windows\system32\MRT
2015-12-27 17:18:40 ----A---- C:\Windows\system32\MRT.exe
2015-12-26 09:48:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-12-25 14:13:40 ----RSD---- C:\Windows\assembly
2015-12-25 13:57:58 ----D---- C:\Windows\system32\catroot2
2015-12-23 10:35:50 ----D---- C:\Program Files\Internet Explorer
2015-12-23 10:35:50 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-23 08:51:59 ----SHD---- C:\Windows\Installer
2015-12-15 22:18:57 ----D---- C:\Windows\AppReadiness
2015-12-14 22:24:01 ----D---- C:\Windows\system32\Tasks
2015-12-14 22:23:57 ----D---- C:\Program Files\Common Files
2015-12-14 22:23:57 ----D---- C:\Program Files (x86)\Common Files
2015-12-07 16:09:41 ----D---- C:\Windows\Tasks
2015-12-06 19:54:28 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdisFlt;@oem23.inf,%AfwDescriptionFree%;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2015-11-04 466400]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-11-04 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-11-04 273784]
R0 hpdskflt;@oem14.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2013-07-23 30520]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2015-11-04 28144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-11-04 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-04 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-04 449992]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2013-03-05 91712]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-08-18 498512]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-11-04 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-11-04 97648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-11-04 154256]
R3 Accelerometer;@oem14.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2013-07-23 43320]
R3 AmdAS4;@oem3.inf,%AmdAS4.SVCDESC%;AmdAS4 service; C:\Windows\System32\drivers\AmdAS4.sys [2013-02-07 17504]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-09-26 12533760]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-09-26 619008]
R3 AtiHDAudioService;@oem2.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWB6.sys [2013-06-23 138240]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2015-07-10 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 clwvd;@oem16.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2013-03-05 41408]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-21 3591000]
R3 netr28x;@oem18.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-02 2483376]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RSP2STOR;@oem6.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2013-07-05 290008]
R3 rtbth;@oem17.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem8.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-08-15 830680]
R3 SynTP;@oem5.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-07-26 524016]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 dg_ssudbus;@oem26.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-07-26 30448]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-07-26 34544]
S3 ssudmdm;@oem31.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdaptiveSleepService;AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [2013-09-25 99328]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-09-26 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-09-25 344064]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2014-10-29 38792]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-11-04 174416]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-11-04 109520]
R2 BackupStack;Computer Backup (MyPC Backup); C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-09-26 36936]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 Cachedrv server; HP SimplePass Cachedrv Service; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [2013-09-26 109568]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-09-05 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-09-05 298760]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-08-29 92160]
R2 hpsrv;@oem14.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2013-07-23 43320]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-10-08 1039160]
R2 omniserv; HP SimplePass Service; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [2013-09-26 87552]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-06-19 246488]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-23 43696]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-09-10 1129760]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-16 50864]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-10-11 194032]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\Windows\system32\svchost.exe [2014-10-29 38792]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2014-10-29 38792]

-----------------EOF-----------------
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka - podezření na viry

#2 Příspěvek od Márty84 »

Zdravim :)


:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.


:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Josef Kratochvíl
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 28 dub 2013 13:26

Re: Preventivka - podezření na viry

#3 Příspěvek od Josef Kratochvíl »

Děkuji za odpověď, kontrolu z MBAM jsem dělal včera, tak posílám log ze včerejška, cleaner je aktuální - z dneška.
1. Cleaner:
# AdwCleaner v5.027 - Logfile created 01/01/2016 at 16:50:20
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_5.027.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\iMesh Applications

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : LaunchSignup

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [771 bytes] ##########





MBAM:
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:00:41.271657+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="c11799dc-0585-441c-8eaf-243092cca7c9" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:00:41.286658+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="8475e127-acc8-437c-b7cd-9ccff96c1b6c" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:00:41.461673+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="6233c20d-b727-4dab-9789-5e7bcac53538" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:00:42.994095+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="480810c5-c828-4512-8358-8b2d1976d714" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-31T16:01:24.374583+01:00" source="Manual" type="Update" username="SYSTEM" systemname="USER-PC" fromVersion="2015.9.16.1" last_modified_tag="78a80243-b262-4a74-9436-aca5d0eebcc2" name="Remediation Database" toVersion="2015.12.15.2"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-31T16:01:25.858964+01:00" source="Manual" type="Update" username="SYSTEM" systemname="USER-PC" fromVersion="2015.9.18.1" last_modified_tag="f1d02a69-735c-4a9d-9585-f3b51f05e990" name="Rootkit Database" toVersion="2015.12.26.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-31T16:01:26.577716+01:00" source="Manual" type="Update" username="SYSTEM" systemname="USER-PC" fromVersion="2015.9.21.2" last_modified_tag="6e4c1808-36ac-46d9-b3b3-433a72eef79c" name="IP Database" toVersion="2015.12.30.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-31T16:01:27.155842+01:00" source="Manual" type="Update" username="SYSTEM" systemname="USER-PC" fromVersion="2015.9.22.3" last_modified_tag="e4e71395-74ce-4624-aef1-3b0d2c12c526" name="Domain Database" toVersion="2015.12.30.13"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-31T16:01:39.070577+01:00" source="Manual" type="Update" username="SYSTEM" systemname="USER-PC" fromVersion="2015.9.22.5" last_modified_tag="cf90a4f5-7ae3-4c82-805e-57411cb001b5" name="Malware Database" toVersion="2015.12.31.4"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:01:39.851828+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="1219d256-88b5-4f52-9cad-9a8ebcf1c0ea" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:01:39.867454+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="9dea71bc-a14a-4f02-beb3-e2b25069d60d" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:01:40.398707+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="526efc94-f566-419e-b0db-eff77cdb2bbc" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:02:02.914407+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="054bf816-370f-4f08-9ca2-c0233e92fd2b" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:02:03.039407+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="be591306-ad6b-4a50-9c53-7b1b294720e4" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T16:02:06.273792+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="8d1fb1ee-0d90-4072-9f26-f6959dba4f50" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" datetime="2015-12-31T16:23:47.889854+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="5db94121-daa3-462b-b28e-d421e74ba1c5" subtype="Malware Protection" action="Quarantine" filename="C:\Program Files (x86)\MyPC Backup\Updater.exe" hash="6040b1fafe8d1d195f52d9ccc63cf40c" malwaretype="File" message=""></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-31T17:43:11.679688+01:00" source="Scheduler" type="Update" username="SYSTEM" systemname="USER-PC" fromVersion="2015.12.30.13" last_modified_tag="2ddedcdf-e884-4193-840a-ba1b04ed3e10" name="Domain Database" toVersion="2015.12.31.1"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T17:43:12.648446+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="bf299387-6d39-4eee-9140-b122680f57fd" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T17:43:12.679690+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="4f0566dc-3f88-4d6c-a78e-02dc9ba0e857" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T17:43:14.960951+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="7697c30c-2154-45a8-a929-b5cf6573aff5" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T17:48:39.856902+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="d29fc2c6-fd4b-458a-917d-05834c94d5bd" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T17:48:39.935026+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="6606409e-16a4-41cd-b616-399c8220a49f" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T17:48:42.481911+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="c0c76540-1219-42ae-876c-d6347a8f73e6" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:27:36.188181+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="be05b303-6ca1-4aaf-a1db-6ab95a7afe41" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:27:39.607647+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="88609d29-9f82-4cf7-b3e1-8c7f0fae8d4d" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:27:57.356213+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="4e411d82-a0e8-4aa7-af26-f575172f3e8a" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:27:57.560225+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="1b2ddfd5-7869-40a6-abef-0f4d41fda5d2" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:12.669294+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="abd7de92-54b3-4fbc-b69a-a30134da27bf" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:12.868303+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="c97a2454-ee38-4567-8005-5bf69810cb10" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:17.392228+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="847308d5-f063-48f4-9daf-52af538bb8a6" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:17.754250+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="506c2a0f-25b0-4610-a3b8-4676a54977f6" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:21.194875+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="c0f7fc9d-606a-40f5-8c4a-4f41813d2fb1" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:23.730180+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="a7ce57f5-31fc-4830-b5af-62548d6121ac" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:27.036533+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="bca1fc06-7cfe-47f7-abaa-8488d95d8b16" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:27.130536+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="2577b85c-c753-49d7-88b3-ac7116da0eae" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:34.601349+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="c5d37bee-2099-4e74-86aa-cd057379955d" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:34.960724+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="3ab317d8-2257-43f0-8c65-2f61c4678b51" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:40.984817+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="71042540-cd7a-431c-90fd-f4283ece67ed" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:41.367837+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="a5ca70ca-3ea5-4f86-ac69-34eabd1e6171" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:49.697183+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="5d687996-29a9-461d-be18-17b8a5e8cd19" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:49.790934+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="d91232bf-d4d6-4748-a348-35aa32934d85" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:54.920750+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="f6ec1142-6adf-4a58-811e-1cb2ffe18bf0" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:29:55.206766+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="e2bd7fe3-4b54-4321-ab52-285cb9e8fc5e" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:00.112482+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="b47d6325-1f7e-45bf-a8d2-428b9af757a0" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:03.313361+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="04b60add-04ac-4bb3-bece-4d3941d82702" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:03.453988+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="dd279295-eab8-41ae-b5ec-5e47b9ebe243" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:11.015495+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="ea312d74-402c-49da-a026-2e88d32262c1" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:15.418874+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="8e647b62-02b1-4e3c-a0f8-076629cf2c6a" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:15.519880+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="324597fe-ac46-4a66-98c9-88f6d3b79042" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:24.295227+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="91ae2f1c-6b95-4712-806b-0e8576b4afbf" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:24.810852+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="e5346a61-df69-4d8a-8a14-985dbf79d73e" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:28.318238+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="ead1b440-4413-416c-b873-b7c78c18a297" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:28.495247+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="7c5e4db3-3034-485a-b9ab-8b91a979c7ff" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:35.994260+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="d9227da4-9312-483b-9dfc-ca9daf666d4b" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:30:36.195273+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="c1217156-3bb7-4f82-afe0-5e97aa3bf642" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:32:36.871394+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="d4d17473-512b-499a-a258-d450ae22c859" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:32:37.362425+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="c922a0c0-51ab-4d87-8851-26a9fdb06651" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:32:44.804281+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="6630d5b9-c29e-4669-8f36-4abdbbbff8a3" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:32:45.257405+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="dd3ca51b-8bcc-4295-81a6-158fc15ba629" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:33:33.267276+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="052e1263-8e23-47db-9a05-572b1e4d3deb" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:33:33.616297+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="b27817dd-a95d-48a2-9959-cd48e6c3528d" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:33:47.420738+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="848bc4ed-2dcd-4375-9247-cc9c2935b4cb" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:33:47.996773+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="df296b90-d73b-442f-8fc7-e262ca455712" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:33:58.364603+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="76167709-5b5a-4910-9d22-4c7a1b85c46b" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:33:58.397604+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="42ca774d-12a4-4cf0-b57d-7f91d50c90a6" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:34:06.362661+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="d3b0f4c0-6a72-4539-8975-f31e40fb36bb" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:34:06.898693+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="78c48f01-fb7e-499c-a7a2-71b5c85a5f0c" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:34:21.527164+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="3f0d4ec5-826f-4459-9565-8abdbd287237" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:34:22.078197+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="d760ee9b-08ce-445f-b63d-d84e85c0226f" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:34:35.087130+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="65f4c3f0-f38d-4893-a909-6bbeec166e58" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:34:35.369150+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="d9144675-5ce2-40b1-a803-8b28b7b10646" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:34:42.488691+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="04aba140-a010-4fc2-b61a-fc6be1ba6348" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:34:42.938717+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="717579f9-c671-4f9c-9e22-38714f70130d" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:42:43.659613+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="9e27c535-9677-4b0b-b74b-09346ed516af" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" hash="c1dfb1fa48437fb7c7ea208554aed62a" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" vendor="PUP.Optional.MyPCBackup" LoggingEventType="0" error="5" datetime="2015-12-31T18:42:44.149640+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="USER-PC" last_modified_tag="735c6e95-fcd7-47d6-97bd-a89a2e4d6a7a" subtype="Malware Protection" action="Quarantine Failed" filename="C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" hash="752b3c6f4546261096319b974cb52ad6" malwaretype="File" message="Přístup byl odepřen.

"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-31T18:49:15.727985+01:00" source="Scheduler" type="Update" username="SYSTEM" systemname="USER-PC" fromVersion="2015.12.31.1" last_modified_tag="2eb4aec8-dc3d-4816-b6e9-f73280c0c9e7" name="Domain Database" toVersion="2015.12.31.2"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-31T18:49:30.618660+01:00" source="Scheduler" type="Update" username="SYSTEM" systemname="USER-PC" fromVersion="2015.12.31.4" last_modified_tag="6277065e-50bc-4896-b184-0ab4addb0c74" name="Malware Database" toVersion="2015.12.31.5"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T18:49:30.712409+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="249e59af-a47d-44ed-b3ca-fbfcb684e12e" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T18:49:30.728034+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="fbebfdeb-e1b7-4879-9b42-a309bc77575a" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T18:49:32.978041+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="607f94e6-f8ae-4477-974d-c608005898bf" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T18:52:26.508314+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="331749d2-f692-42c7-b86a-df0781398914" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T18:52:26.711439+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="d3e44c56-42d8-49a6-9a31-bc8e01f90e8a" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T18:52:29.477074+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="c8f05dcf-b84c-4f65-9c31-69d6f9530e2f" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-31T20:51:13.056379+01:00" source="Scheduler" type="Update" username="SYSTEM" systemname="USER-PC" fromVersion="2015.12.31.2" last_modified_tag="0324d6f4-fc9f-4cf8-9e23-9e0d40fc9151" name="Domain Database" toVersion="2015.12.31.3"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T20:51:13.665754+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="b42b77ec-a8e9-43e7-9ed1-ca27f6dbd030" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T20:51:13.697006+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="6ca960fe-3fd6-4390-8830-b5d40c22a463" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T20:51:17.165765+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="6315ece0-4e54-4128-8b78-ac1b8a4b43a7" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T20:54:53.364378+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="2ac3f27f-c401-465a-8ec5-5ae7ac2cd174" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T20:54:53.489380+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="fe03f5b2-149d-439f-be15-548ab60a4711" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-31T20:54:56.317512+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="USER-PC" last_modified_tag="bd228c6f-dccd-4600-a9ee-8da21d08798a" result="Started" subtype="Malicious Website Protection"></record>
</logs>
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka - podezření na viry

#4 Příspěvek od Márty84 »

Log z MBAM vypda jinak (treba http://forum.viry.cz/viewtopic.php?f=30 ... 6#p1431149 ). Udelejte novou kontrolu podle toho navodu a podle vysledku zvolim dalsi postup.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Josef Kratochvíl
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 28 dub 2013 13:26

Re: Preventivka - podezření na viry

#5 Příspěvek od Josef Kratochvíl »

Omlouvám se, zde by měl být již onen log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 2. 1. 2016
Čas skenování: 15:05
Protokol: log.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.01.02.04
Databáze rootkitů: v2015.12.26.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: user

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 581045
Uplynulý čas: 5 hod, 35 min, 29 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka - podezření na viry

#6 Příspěvek od Márty84 »

:arrow: MBAM odinstalujte.

Josef Kratochvíl píše:i když je poměrně nový a podle parametrů celkem výkonný, je dost zasekaný a nefunguje, jak má
:???: Muzete to trosku upresnit?


:arrow: Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)


:arrow: Dejte novy log z RSIT

a k tomu

:arrow: Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach :)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Josef Kratochvíl
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 28 dub 2013 13:26

Re: Preventivka - podezření na viry

#7 Příspěvek od Josef Kratochvíl »

Zde zasílám všechny tři logy. Co se týče specifikace - čas od času se nevysvětlitelně zmrazí, nereaguje na nic a obyčejné spouštění elementárních programů trvá dvakrát déle, než například na mém o 5 let starším a několikanásobně méněvýkonnějším stroji. Samozřejmě to nemusí být otázka malware, chci se však ujistit, že opravdu není. Mockrát děkuji! :)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by user (administrator) on USER-PC (03-01-2016 10:24:44)
Running from C:\Users\user\Desktop
Loaded Profiles: user & (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(© 2015 Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Crystal Dew World) D:\DiskInfo.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-04] (AVAST Software)
HKU\S-1-5-21-3669894556-41839068-1907635314-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3669894556-41839068-1907635314-1002\...\Run: [BingSvc] => C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3669894556-41839068-1907635314-1002\...\MountPoints2: {2a3c9a6c-26ea-11e5-8291-485ab6818f4a} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3669894556-41839068-1907635314-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2a3c9a6c-26ea-11e5-8291-485ab6818f4a} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-04] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60E27956-E567-48A5-A96F-55D226FAA440}: [DhcpNameServer] 81.200.55.114 81.200.55.34
Tcpip\..\Interfaces\{BE91AC44-213D-422D-ABBE-AC81AB7D784A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3669894556-41839068-1907635314-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3669894556-41839068-1907635314-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {EF4A2C97-65E2-41C5-A0EF-AC2A58B60CF9} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {EF4A2C97-65E2-41C5-A0EF-AC2A58B60CF9} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3669894556-41839068-1907635314-1002 -> {EF4A2C97-65E2-41C5-A0EF-AC2A58B60CF9} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EF4A2C97-65E2-41C5-A0EF-AC2A58B60CF9} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-04] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vdgp1ph1.default-1451742318840
FF Homepage: www.seznam.cz
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-11-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-04]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-04]

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Disk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-24]
CHR Extension: (Peněženka Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-24]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-04] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-04] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-18] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-03 10:24 - 2016-01-03 10:25 - 00018427 _____ C:\Users\user\Desktop\FRST.txt
2016-01-03 10:24 - 2016-01-03 10:24 - 00000000 ____D C:\FRST
2016-01-03 10:23 - 2016-01-03 10:23 - 02370560 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-01-03 10:22 - 2016-01-03 10:22 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2016-01-02 14:45 - 2016-01-02 14:45 - 00000000 ____D C:\Users\user\Desktop\Původní data aplikace Firefox
2016-01-01 21:34 - 2016-01-01 22:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-01 21:34 - 2016-01-01 21:34 - 00002074 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-01-01 21:34 - 2016-01-01 21:34 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-01 16:49 - 2016-01-01 16:50 - 00000000 ____D C:\AdwCleaner
2016-01-01 16:48 - 2016-01-01 16:48 - 01745920 _____ C:\Users\user\Desktop\adwcleaner_5.027.exe
2015-12-31 15:59 - 2015-12-31 15:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-31 15:58 - 2015-12-31 15:59 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-31 15:06 - 2016-01-03 10:16 - 00000000 ____D C:\Program Files\trend micro
2015-12-31 15:06 - 2015-12-31 15:06 - 01222144 _____ C:\Users\user\Downloads\RSITx64(2).exe
2015-12-31 15:06 - 2015-12-31 15:06 - 00000000 ____D C:\rsit
2015-12-31 15:05 - 2015-12-31 15:05 - 01222144 _____ C:\Users\user\Downloads\RSITx64.exe
2015-12-31 15:05 - 2015-12-31 15:05 - 01222144 _____ C:\Users\user\Downloads\RSITx64(1).exe
2015-12-31 15:01 - 2015-12-31 15:08 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
2015-12-31 15:01 - 2015-12-31 15:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2015-12-31 15:01 - 2015-12-31 15:01 - 00001166 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-31 15:01 - 2015-12-31 15:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-31 14:58 - 2015-12-31 15:00 - 45512080 _____ C:\Users\user\Downloads\FirefoxSetup43.0.2cz.exe
2015-12-29 11:45 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-12-29 11:45 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-12-27 17:41 - 2015-12-27 18:28 - 881746782 _____ C:\Users\user\Desktop\Scény z manželského života - Paula - 2. obsazení.mp4
2015-12-27 16:49 - 2015-12-27 17:40 - 961931427 _____ C:\Users\user\Desktop\Scény z manželského života - Paula - 1. obsazení.mp4
2015-12-25 13:58 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-25 13:58 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-25 13:58 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-25 13:58 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-25 13:58 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-25 13:58 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-25 13:58 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-25 13:58 - 2015-10-10 19:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-25 13:58 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-25 13:58 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-25 13:58 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-25 13:58 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-25 13:58 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-25 13:58 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-25 13:58 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-25 13:29 - 2015-12-25 13:31 - 00000000 ____D C:\Users\user\Desktop\berlin
2015-12-23 08:51 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-23 08:51 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-23 08:51 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-23 08:50 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-23 08:50 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-23 08:50 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-23 08:50 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-23 08:50 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-23 08:50 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-23 08:50 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-23 08:50 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-23 08:50 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-23 08:50 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-23 08:50 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-23 08:50 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-23 08:50 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-23 08:50 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-23 08:50 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-23 08:50 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-23 08:50 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-23 08:50 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-23 08:50 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-23 08:50 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-23 08:50 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-23 08:50 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-23 08:50 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-23 08:50 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-23 08:50 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-23 08:50 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-23 08:50 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-23 08:50 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-23 08:50 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-23 08:50 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-23 08:50 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-23 08:50 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-23 08:50 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-23 08:50 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-23 08:50 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-23 08:50 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-23 08:50 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-23 08:48 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-23 08:48 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-23 08:48 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-23 08:48 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-23 08:48 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-23 08:48 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-23 08:48 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-23 08:48 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-23 08:48 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-23 08:48 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-23 08:48 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-23 08:48 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-23 08:48 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-23 08:48 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-23 08:48 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-23 08:48 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-23 08:48 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-23 08:48 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-23 08:48 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-23 08:48 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-23 08:48 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-23 08:48 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-23 08:48 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-23 08:48 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-23 08:48 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-23 08:48 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-23 08:48 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-23 08:48 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-23 08:48 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-23 08:48 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-23 08:48 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-23 08:48 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-23 08:48 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-23 08:48 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-23 08:47 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-23 08:47 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-14 22:24 - 2015-12-14 22:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-14 22:23 - 2015-12-14 22:23 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-07 16:19 - 2015-12-07 15:07 - 02923968 ____N C:\Users\user\Desktop\Hlas 004.m4a
2015-12-07 16:19 - 2015-12-07 14:30 - 01567145 ____N C:\Users\user\Desktop\Hlas 002.m4a
2015-12-07 16:19 - 2015-12-05 19:12 - 14651175 ____N C:\Users\user\Desktop\Hlas 001.m4a

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-03 10:24 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2016-01-03 10:11 - 2014-07-22 15:44 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5964F2B0-34EE-4FBF-9989-1AB4A89A1397}
2016-01-02 22:37 - 2013-11-27 06:31 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-01-02 16:56 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-01-02 12:05 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-01-01 22:08 - 2014-07-17 07:41 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3669894556-41839068-1907635314-1002
2016-01-01 21:51 - 2013-10-19 00:10 - 00768392 _____ C:\Windows\system32\perfh005.dat
2016-01-01 21:51 - 2013-10-19 00:10 - 00166490 _____ C:\Windows\system32\perfc005.dat
2016-01-01 21:51 - 2013-08-26 07:09 - 01883040 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-01 21:44 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-01 21:43 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-01 21:37 - 2014-07-23 22:14 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-01-01 21:34 - 2014-12-29 14:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-01 21:33 - 2014-07-17 07:44 - 00000000 ____D C:\ProgramData\Adobe
2016-01-01 17:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-01-01 16:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\ModemLogs
2015-12-31 14:40 - 2014-07-24 16:53 - 00000466 ____H C:\Windows\Tasks\Norton Security Scan for user.job
2015-12-31 14:40 - 2014-07-24 11:36 - 00000000 ____D C:\Users\user\AppData\Local\HPConnectedMusic
2015-12-31 14:38 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-29 23:10 - 2015-08-13 18:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-12-29 11:53 - 2015-04-05 18:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-29 11:53 - 2015-04-05 18:02 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-27 17:39 - 2014-07-24 14:47 - 00000000 ____D C:\Windows\system32\MRT
2015-12-27 17:18 - 2014-07-24 14:47 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-26 09:48 - 2015-06-14 21:12 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-26 09:48 - 2015-06-14 21:12 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-25 13:31 - 2015-11-08 16:28 - 00000000 ____D C:\Users\user\Desktop\fotky
2015-12-25 13:15 - 2013-08-22 15:44 - 00372712 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-15 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-14 23:59 - 2014-07-25 21:35 - 00000000 ____D C:\Users\user\Documents\Seznamy
2015-12-10 13:13 - 2014-11-30 20:14 - 00000000 ____D C:\Users\user\Documents\Dějiny světového divadla
2015-12-07 16:09 - 2014-10-11 13:10 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-07 16:09 - 2014-10-11 13:10 - 00003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-07 16:09 - 2014-10-11 13:10 - 00000976 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-07 16:09 - 2014-10-11 13:10 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2014-07-27 20:18 - 2014-07-28 13:25 - 0005120 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\BingSvc.exe
C:\Users\user\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\user\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\user\AppData\Local\Temp\COMAP.EXE
C:\Users\user\AppData\Local\Temp\EAD1210.exe
C:\Users\user\AppData\Local\Temp\EAD2898.exe
C:\Users\user\AppData\Local\Temp\EAD2CB4.exe
C:\Users\user\AppData\Local\Temp\EAD341C.exe
C:\Users\user\AppData\Local\Temp\EAD353.exe
C:\Users\user\AppData\Local\Temp\EAD37C3.exe
C:\Users\user\AppData\Local\Temp\EAD4C25.exe
C:\Users\user\AppData\Local\Temp\EAD6900.exe
C:\Users\user\AppData\Local\Temp\EAD80D8.exe
C:\Users\user\AppData\Local\Temp\EAD8A2A.exe
C:\Users\user\AppData\Local\Temp\EAD9F31.exe
C:\Users\user\AppData\Local\Temp\EADD81E.exe
C:\Users\user\AppData\Local\Temp\EADDCED.exe
C:\Users\user\AppData\Local\Temp\EADDF39.exe
C:\Users\user\AppData\Local\Temp\EADE832.exe
C:\Users\user\AppData\Local\Temp\EADEE95.exe
C:\Users\user\AppData\Local\Temp\EADF6E2.exe
C:\Users\user\AppData\Local\Temp\EADFB9B.exe
C:\Users\user\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
C:\Users\user\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\user\AppData\Local\Temp\UninstallEADM.dll
C:\Users\user\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for user.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\user\Desktop" je 3072 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================





RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by user at 2016-01-03 10:16:33
Microsoft Windows 8.1
System drive C: has 331 GB (72%) free of 462 GB
Total RAM: 3554 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:37, on 3. 1. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\DiskInfo.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BingSvc] C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKUS\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [BingSvc] C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe (User '?')
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP SimplePass Cachedrv Service (Cachedrv server) - Unknown owner - C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem14.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10193 bytes

======Listing Processes======





wininit.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe"
"C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {c06c6bbc-b798-44bb-a294fa4d9e60979c}
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {7EE252F6-9117-4769-B309-F19F87899AEB}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
atieclxx
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" /byrunkey
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"D:\DiskInfo.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="6448.4.1847796098\1893287079" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 6448 "\\.\pipe\gecko-crash-server-pipe.6448" tab
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\RunDll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -queuereporting
"C:\Users\user\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Norton Security Scan for user.job - C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe /scan-quick /scheduled

=========Mozilla firefox=========

ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vdgp1ph1.default-1451742318840

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-04 885152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12 2134656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-04 664184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12 1725056]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-08-20 7202520]
"SimplePass"=C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2013-09-26 2755640]
"OPBHOBroker"=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2013-09-26 155704]
"OPBHOBrokerDesktop"=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2013-09-26 155704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26 2771184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"BingSvc"=C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-17 144008]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-09-25 766208]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2013-07-24 77088]
"YouCam Service"=C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-09-02 267224]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2013-10-08 1045304]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-04 7004376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-01-01 21:34:05 ----D---- C:\Program Files (x86)\Adobe
2016-01-01 16:49:57 ----D---- C:\AdwCleaner
2015-12-31 15:59:52 ----D---- C:\ProgramData\Malwarebytes
2015-12-31 15:06:17 ----D---- C:\rsit
2015-12-31 15:06:17 ----D---- C:\Program Files\trend micro
2015-12-31 15:01:54 ----D---- C:\Users\user\AppData\Roaming\Mozilla
2015-12-31 15:01:33 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-12-29 11:45:29 ----A---- C:\Windows\system32\aspnet_counters.dll
2015-12-29 11:45:26 ----A---- C:\Windows\SYSWOW64\aspnet_counters.dll
2015-12-25 13:58:19 ----A---- C:\Windows\system32\dpapisrv.dll
2015-12-25 13:58:18 ----A---- C:\Windows\SYSWOW64\PCPKsp.dll
2015-12-25 13:58:18 ----A---- C:\Windows\system32\winlogon.exe
2015-12-25 13:58:18 ----A---- C:\Windows\system32\wininit.exe
2015-12-25 13:58:18 ----A---- C:\Windows\system32\PCPKsp.dll
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\usbport.sys
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\USBHUB3.SYS
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\usbhub.sys
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\usbehci.sys
2015-12-25 13:58:17 ----A---- C:\Windows\system32\drivers\usbd.sys
2015-12-25 13:58:16 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-12-25 13:58:16 ----A---- C:\Windows\system32\msctf.dll
2015-12-25 13:58:16 ----A---- C:\Windows\system32\drivers\winusb.sys
2015-12-25 13:58:16 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2015-12-25 13:58:16 ----A---- C:\Windows\system32\drivers\usbohci.sys
2015-12-23 08:51:23 ----A---- C:\Windows\system32\drivers\rmcast.sys
2015-12-23 08:51:12 ----A---- C:\Windows\system32\mshtml.dll
2015-12-23 08:51:09 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-12-23 08:50:32 ----A---- C:\Windows\system32\jscript9.dll
2015-12-23 08:50:29 ----A---- C:\Windows\system32\ieframe.dll
2015-12-23 08:50:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-12-23 08:50:23 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-12-23 08:50:21 ----A---- C:\Windows\system32\wininet.dll
2015-12-23 08:50:20 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-12-23 08:50:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-12-23 08:50:20 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-12-23 08:50:20 ----A---- C:\Windows\system32\vbscript.dll
2015-12-23 08:50:20 ----A---- C:\Windows\system32\ieui.dll
2015-12-23 08:50:19 ----A---- C:\Windows\system32\urlmon.dll
2015-12-23 08:50:18 ----A---- C:\Windows\system32\jscript.dll
2015-12-23 08:50:18 ----A---- C:\Windows\system32\iertutil.dll
2015-12-23 08:50:17 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-12-23 08:50:17 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-12-23 08:50:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-12-23 08:50:16 ----A---- C:\Windows\SYSWOW64\actxprxy.dll
2015-12-23 08:50:16 ----A---- C:\Windows\system32\msfeeds.dll
2015-12-23 08:50:15 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-12-23 08:50:15 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-12-23 08:50:14 ----A---- C:\Windows\system32\inetcomm.dll
2015-12-23 08:50:14 ----A---- C:\Windows\system32\iedkcs32.dll
2015-12-23 08:50:14 ----A---- C:\Windows\system32\ie4uinit.exe
2015-12-23 08:50:13 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-12-23 08:50:13 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-12-23 08:50:13 ----A---- C:\Windows\system32\mshtmled.dll
2015-12-23 08:50:13 ----A---- C:\Windows\system32\iepeers.dll
2015-12-23 08:50:13 ----A---- C:\Windows\system32\ieapfltr.dll
2015-12-23 08:50:12 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-12-23 08:50:12 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-12-23 08:50:12 ----A---- C:\Windows\system32\webcheck.dll
2015-12-23 08:50:12 ----A---- C:\Windows\system32\dxtrans.dll
2015-12-23 08:50:11 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-12-23 08:50:11 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-12-23 08:50:11 ----A---- C:\Windows\system32\actxprxy.dll
2015-12-23 08:48:52 ----A---- C:\Windows\system32\win32k.sys
2015-12-23 08:48:51 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-12-23 08:48:51 ----A---- C:\Windows\system32\user32.dll
2015-12-23 08:48:51 ----A---- C:\Windows\system32\GdiPlus.dll
2015-12-23 08:48:51 ----A---- C:\Windows\system32\FntCache.dll
2015-12-23 08:48:51 ----A---- C:\Windows\system32\DWrite.dll
2015-12-23 08:48:50 ----A---- C:\Windows\SYSWOW64\user32.dll
2015-12-23 08:48:50 ----A---- C:\Windows\SYSWOW64\GdiPlus.dll
2015-12-23 08:48:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-12-23 08:48:48 ----A---- C:\Windows\system32\ntdll.dll
2015-12-23 08:48:48 ----A---- C:\Windows\system32\comsvcs.dll
2015-12-23 08:48:47 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-12-23 08:48:47 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2015-12-23 08:48:47 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2015-12-23 08:48:47 ----A---- C:\Windows\system32\winresume.exe
2015-12-23 08:48:47 ----A---- C:\Windows\system32\winload.exe
2015-12-23 08:48:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-12-23 08:48:46 ----A---- C:\Windows\system32\ntvdm64.dll
2015-12-23 08:48:46 ----A---- C:\Windows\system32\catsrvut.dll
2015-12-23 08:48:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-23 08:48:20 ----A---- C:\Windows\system32\wucltux.dll
2015-12-23 08:48:20 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-23 08:48:20 ----A---- C:\Windows\system32\wuapi.dll
2015-12-23 08:48:19 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-23 08:48:19 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-23 08:48:19 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-23 08:48:19 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wups2.dll
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wudriver.dll
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-23 08:48:19 ----A---- C:\Windows\system32\wuapp.exe
2015-12-23 08:47:34 ----A---- C:\Windows\system32\authui.dll
2015-12-23 08:47:33 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-12-14 22:23:57 ----D---- C:\Program Files\Common Files\AV

======List of files/folders modified in the last 1 month======

2016-01-03 10:16:13 ----D---- C:\Windows\Temp
2016-01-03 10:13:52 ----D---- C:\Windows\Prefetch
2016-01-03 10:11:49 ----RD---- C:\Program Files (x86)
2016-01-03 10:11:49 ----D---- C:\Windows\system32\drivers
2016-01-03 10:02:40 ----D---- C:\Windows\system32\sru
2016-01-02 16:56:25 ----D---- C:\Windows\system32\NDF
2016-01-02 12:05:56 ----D---- C:\Windows\Inf
2016-01-01 22:01:26 ----SHD---- C:\Windows\Installer
2016-01-01 22:00:21 ----D---- C:\Windows\SysWOW64
2016-01-01 21:51:51 ----RD---- C:\Windows\System32
2016-01-01 21:51:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-01 21:43:12 ----D---- C:\Windows\system32\catroot2
2016-01-01 21:34:47 ----D---- C:\Windows\system32\Tasks
2016-01-01 21:33:48 ----D---- C:\ProgramData\Adobe
2016-01-01 17:31:55 ----D---- C:\Windows\rescache
2016-01-01 17:01:40 ----D---- C:\Windows\Microsoft.NET
2016-01-01 16:56:22 ----D---- C:\Windows\system32\config
2016-01-01 16:35:08 ----D---- C:\Windows\WinSxS
2016-01-01 16:33:52 ----D---- C:\Windows\ModemLogs
2015-12-31 15:59:52 ----HD---- C:\ProgramData
2015-12-31 15:31:58 ----SHD---- C:\System Volume Information
2015-12-31 15:06:17 ----D---- C:\Program Files
2015-12-31 14:38:47 ----D---- C:\Windows\CbsTemp
2015-12-29 23:10:33 ----D---- C:\Users\user\AppData\Roaming\Skype
2015-12-29 11:53:00 ----SD---- C:\Windows\SYSWOW64\GWX
2015-12-29 11:53:00 ----SD---- C:\Windows\system32\GWX
2015-12-29 11:53:00 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-29 11:52:59 ----D---- C:\Windows\system32\cs-CZ
2015-12-29 11:52:51 ----D---- C:\Windows\system32\DriverStore
2015-12-27 17:39:41 ----D---- C:\Windows\system32\MRT
2015-12-27 17:18:40 ----A---- C:\Windows\system32\MRT.exe
2015-12-26 09:48:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-12-25 14:13:40 ----RSD---- C:\Windows\assembly
2015-12-23 10:35:50 ----D---- C:\Program Files\Internet Explorer
2015-12-23 10:35:50 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-15 22:18:57 ----D---- C:\Windows\AppReadiness
2015-12-14 22:23:57 ----D---- C:\Program Files\Common Files
2015-12-14 22:23:57 ----D---- C:\Program Files (x86)\Common Files
2015-12-07 16:09:41 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdisFlt;@oem23.inf,%AfwDescriptionFree%;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2015-11-04 466400]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-11-04 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-11-04 273784]
R0 hpdskflt;@oem14.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2013-07-23 30520]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2015-11-04 28144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-11-04 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-04 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-04 449992]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2013-03-05 91712]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-08-18 498512]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-11-04 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-11-04 97648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-11-04 154256]
R3 Accelerometer;@oem14.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2013-07-23 43320]
R3 AmdAS4;@oem3.inf,%AmdAS4.SVCDESC%;AmdAS4 service; C:\Windows\System32\drivers\AmdAS4.sys [2013-02-07 17504]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-09-26 12533760]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-09-26 619008]
R3 AtiHDAudioService;@oem2.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWB6.sys [2013-06-23 138240]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2015-07-10 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 clwvd;@oem16.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2013-03-05 41408]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-21 3591000]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
R3 netr28x;@oem18.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-02 2483376]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RSP2STOR;@oem6.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2013-07-05 290008]
R3 rtbth;@oem17.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem8.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-08-15 830680]
R3 SynTP;@oem5.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-07-26 524016]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 dg_ssudbus;@oem26.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-07-26 30448]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-07-26 34544]
S3 ssudmdm;@oem31.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdaptiveSleepService;AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [2013-09-25 99328]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-09-26 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-09-25 344064]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2014-10-29 38792]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-11-04 174416]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-11-04 109520]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 Cachedrv server; HP SimplePass Cachedrv Service; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [2013-09-26 109568]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-09-05 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-09-05 298760]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-08-29 92160]
R2 hpsrv;@oem14.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2013-07-23 43320]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-10-08 1039160]
R2 omniserv; HP SimplePass Service; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [2013-09-26 87552]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-06-19 246488]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-09-10 1129760]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-16 50864]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-23 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-10-11 194032]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\Windows\system32\svchost.exe [2014-10-29 38792]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2014-10-29 38792]

-----------------EOF-----------------











CRYSTAL LOG:
----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8 [6.2 Build 9200] (x64)
Date : 2016/01/03 10:14:08

-- Controller Map ----------------------------------------------------------
+ Řadič SATA AMD [ATA]
- ST500LT012-1DG14 SATA Disk Device
- hp DVDRAM GU70N SATA CdRom Device
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST500LT012-1DG142 : 500,1 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST500LT012-1DG142
----------------------------------------------------------------------------
Model : ST500LT012-1DG142
Firmware : 1002YAM1
Serial Number : W3P0SB4Z
Disk Size : 500,1 GB (8,4/137,4/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/600
Power On Hours : 1369 hod.
Power On Count : 944 krát
Temparature : 30 C (86 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 111 _99 __6 000002293128 Počet chyb čtení
03 _99 _99 __0 000000000000 Čas na roztočení ploten
04 100 100 __0 0000000003B2 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _75 _60 _30 000203963B6E Počet chybných hledání
09 _99 _99 __0 000000000559 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 0000000003B0 Počet cyklů zapnutí zařízení
B7 100 100 __0 000000000000 Neznámý
B8 100 100 _97 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000001 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _70 _58 _45 00001E15001E Teplota toku vzduchu
BF 100 100 __0 000000000024 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000004 Počet vypnutí disku
C1 _91 _91 __0 0000000047B1 Počet cyklů načítání/vymazání
C2 _30 _42 __0 00100000001E Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 5733 5030 5342 345A 2020 2020 2020 2020 2020 2020
020: 0000 8000 0004 3130 3032 4D31 4D31 5354 3530 304C
030: 5430 3132 2D31 4447 3134 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 8D0E 8D0E 0006 004C 004C
080: 01F8 0029 306B 7C69 6123 BC49 BC49 6123 407F 0030
090: 0030 8080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 6003 6003 0000 5000 C500
110: 6E15 6E1E 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6030
130: 3A38 6030 3A38 2020 0002 0108 0108 5000 3C06 3C0A
140: 0000 0078 0000 0008 0000 7CFF 7CFF 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 7500 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 103D 103D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 1000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 04A5
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka - podezření na viry

#8 Příspěvek od Márty84 »

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\user\Desktop" je 3072 MB.
:arrow: Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku :)




:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3669894556-41839068-1907635314-1002\...\Run: [BingSvc] => C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3669894556-41839068-1907635314-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {EF4A2C97-65E2-41C5-A0EF-AC2A58B60CF9} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {EF4A2C97-65E2-41C5-A0EF-AC2A58B60CF9} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3669894556-41839068-1907635314-1002 -> {EF4A2C97-65E2-41C5-A0EF-AC2A58B60CF9} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3669894556-41839068-1907635314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EF4A2C97-65E2-41C5-A0EF-AC2A58B60CF9} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-10-11 194032]

2015-12-31 15:59 - 2015-12-31 15:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-31 15:58 - 2015-12-31 15:59 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for user.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.





20.2. pro neaktivitu :lock: http://forum.viry.cz/viewtopic.php?f=12&t=123975
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“