nechtěné reklamy při kliknutí vewebovém prohlížeči

[Blondarson]

Malware je stále v PC. Zakoupil jsem si plnou verzi Malware bytes a blokuje ho. Vyskakujou ale pořád upozorňovací tabulky.

[altrok]

V jakem umisteni je malware blokovan?

Pridejte prosim aktualni logy FRST.txt a Addition.txt.

[Blondarson]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by uzivatel (administrator) on UZIVATE-3T5RH9M (27-01-2016 08:41:17)
Running from C:\Users\uzivatel\Downloads
Loaded Profiles: uzivatel (Available Profiles: uzivatel & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Gaijin Entertainment) C:\Program Files (x86)\WarThunder\launcher.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-28] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2015-12-19] (Electronic Arts)
HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\Run: [GoogleChromeAutoLaunch_FA6F99A34873A093FA88EBF49A43251D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748360 2016-01-12] (Google Inc.)
HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-29] (Skype Technologies S.A.)
HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\Run: [WarThunderLauncher] => C:\Program Files (x86)\WarThunder\launcher.exe [6012464 2015-12-23] (Gaijin Entertainment)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-28] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-13] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{1892674f-8e87-4406-b5e3-7b4a1c8f3de9}: [DhcpNameServer] 192.168.99.251 192.168.99.243
Tcpip\..\Interfaces\{3ac208a5-0edb-4079-b53e-98b185f01385}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{a87ae84e-8b50-491f-8fdc-62cf94aa03bf}: [DhcpNameServer] 192.168.99.251 192.168.99.243

Internet Explorer:
==================
HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130889328807330835&GUID=2E52DB38-611C-459A-BFF6-5A3D475378AE
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001 -> DefaultScope {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL =
SearchScopes: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001 -> {2A744E05-083F-4A30-A51C-9EFBC2D27142} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_20808
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-28] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-28] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-28]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-28]

Chrome:
=======
CHR Profile: C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Avast Online Security) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-29]
CHR Extension: (Tlačítko Pin It) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-01-04]
CHR Extension: (Skype) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-28] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-19] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-28] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-29] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 08:41 - 2016-01-27 08:41 - 00019891 _____ C:\Users\uzivatel\Downloads\FRST.txt
2016-01-27 08:38 - 2016-01-27 08:41 - 00000000 ____D C:\FRST
2016-01-27 08:38 - 2016-01-27 08:38 - 02370560 _____ (Farbar) C:\Users\uzivatel\Downloads\FRST64.exe
2016-01-26 08:37 - 2016-01-26 08:37 - 00000992 _____ C:\DelFix.txt
2016-01-25 10:48 - 2016-01-25 10:48 - 04499968 _____ C:\Users\uzivatel\Downloads\-UserFiles-file-Clanky_2009-2012-y74e2l1w0y.ppt
2016-01-19 20:28 - 2016-01-19 20:28 - 00001068 _____ C:\Users\uzivatel\Desktop\BadWimpfen-Blondi – zástupce.lnk
2016-01-19 20:14 - 2016-01-19 20:14 - 00000000 ____D C:\Users\uzivatel\Downloads\BadWimpfen-Blondi (1)
2016-01-19 19:19 - 2016-01-19 19:42 - 899184287 _____ C:\Users\uzivatel\Downloads\BadWimpfen-Blondi (1).zip
2016-01-19 07:49 - 2016-01-19 07:49 - 22908888 _____ (Malwarebytes ) C:\Users\uzivatel\Downloads\mbam-setup-web.NT-2.2.0.1024.exe
2016-01-15 09:08 - 2016-01-15 09:40 - 00000000 ____D C:\Users\uzivatel\Desktop\Brühl
2016-01-15 08:42 - 2016-01-15 08:53 - 348226598 _____ C:\Users\uzivatel\Downloads\Sraz2015.zip
2016-01-14 08:22 - 2016-01-14 08:22 - 00001666 _____ C:\Users\uzivatel\Desktop\12507556_1346362382047872_7752710583446397349_n – zástupce.lnk
2016-01-13 20:01 - 2016-01-19 20:45 - 00000000 ____D C:\Users\uzivatel\Desktop\Waffen SS
2016-01-13 16:25 - 2016-01-14 08:29 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-13 15:05 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 15:05 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 15:05 - 2016-01-05 02:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 15:05 - 2016-01-05 02:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-13 15:05 - 2016-01-05 02:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-13 15:05 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 15:04 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 15:04 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 15:04 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 15:04 - 2016-01-05 03:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 15:04 - 2016-01-05 03:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 15:04 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 15:04 - 2016-01-05 03:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 15:04 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 15:04 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 15:04 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 15:04 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 15:04 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 15:04 - 2016-01-05 03:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 15:04 - 2016-01-05 03:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 15:04 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 15:04 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 15:04 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 15:04 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 15:04 - 2016-01-05 03:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 15:04 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 15:04 - 2016-01-05 03:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 15:04 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 15:04 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 15:04 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 15:04 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 15:04 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 15:04 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 15:04 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 15:04 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 15:04 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 15:04 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 15:04 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 15:04 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 15:04 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 15:04 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 15:04 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 15:04 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 15:04 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 15:04 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 15:04 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 15:04 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 15:04 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 15:04 - 2016-01-05 02:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-13 15:04 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 15:04 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 15:04 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 15:04 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 15:04 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 15:04 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 15:04 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 15:04 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 15:04 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 15:04 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 15:04 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 15:04 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 15:04 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 15:04 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 15:04 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 15:04 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 15:04 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 15:04 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 15:04 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 15:04 - 2016-01-05 02:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 15:04 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 15:04 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 15:04 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 15:04 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 15:04 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 15:04 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 15:04 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 15:04 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 15:04 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 15:04 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 15:04 - 2016-01-05 02:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 15:04 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 15:04 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 15:04 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 15:04 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 15:04 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 15:04 - 2016-01-05 02:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 15:04 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 11:46 - 2016-01-12 11:47 - 00000000 ____D C:\Users\uzivatel\Desktop\Vzteklina
2016-01-12 10:01 - 2016-01-12 10:01 - 02626834 _____ C:\Users\uzivatel\Downloads\video-1450025560.mp4.mp4
2016-01-08 09:41 - 2016-01-08 09:41 - 00002658 _____ C:\Users\uzivatel\Downloads\já-a-MP43.wlmp
2016-01-04 20:51 - 2016-01-18 16:40 - 00000000 ____D C:\Users\uzivatel\AppData\Local\CrashDumps
2016-01-04 19:29 - 2016-01-27 08:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-04 19:27 - 2016-01-19 07:53 - 00001181 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-04 19:27 - 2016-01-19 07:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-04 19:27 - 2016-01-19 07:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-04 19:27 - 2016-01-04 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-04 19:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-04 19:27 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-04 19:27 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-04 19:25 - 2016-01-04 19:27 - 22908888 _____ (Malwarebytes ) C:\Users\uzivatel\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-31 19:33 - 2015-12-31 19:33 - 00288103 _____ C:\Users\uzivatel\Downloads\422757954 (1).pdf
2015-12-31 19:30 - 2015-12-31 19:30 - 00288796 _____ C:\Users\uzivatel\Downloads\418319520.pdf
2015-12-31 02:15 - 2015-12-31 02:15 - 00288103 _____ C:\Users\uzivatel\Downloads\422757954.pdf
2015-12-31 02:15 - 2015-12-31 02:15 - 00288070 _____ C:\Users\uzivatel\Downloads\427157384.pdf
2015-12-29 20:25 - 2015-12-29 23:07 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-29 20:25 - 2015-12-29 20:25 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-29 18:33 - 2015-12-29 18:33 - 00000000 ____D C:\Users\uzivatel\AppData\Local\PeerDistRepub
2015-12-29 12:06 - 2015-12-29 12:06 - 00000000 ____D C:\Users\uzivatel\AppData\Local\NetworkTiles
2015-12-29 10:07 - 2016-01-20 08:36 - 00000000 ____D C:\Users\uzivatel\Desktop\Luftwaffe
2015-12-29 09:05 - 2015-12-29 09:05 - 00000000 ____D C:\Users\uzivatel\AppData\Local\ActiveSync
2015-12-29 09:04 - 2015-12-29 09:04 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2015-12-29 09:04 - 2015-12-29 09:04 - 00000000 ___HD C:\ProgramData\CanonEPP
2015-12-29 08:55 - 2015-12-29 08:36 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-12-28 08:01 - 2015-12-28 08:01 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-12-28 07:53 - 2015-12-28 07:50 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-28 07:51 - 2016-01-20 18:48 - 01065208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-12-28 07:51 - 2016-01-20 18:48 - 00464256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-28 07:51 - 2016-01-03 08:54 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-12-28 07:51 - 2015-12-28 07:51 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-12-28 07:51 - 2015-12-28 07:51 - 00001985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2015-12-28 07:51 - 2015-12-28 07:51 - 00001973 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-28 07:51 - 2015-12-28 07:51 - 00000000 ____D C:\Users\uzivatel\AppData\Roaming\AVAST Software
2015-12-28 07:51 - 2015-12-28 07:50 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-28 07:51 - 2015-12-28 07:50 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-12-28 07:51 - 2015-12-28 07:50 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-12-28 07:51 - 2015-12-28 07:50 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-28 07:51 - 2015-12-28 07:50 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-12-28 07:50 - 2015-12-28 07:50 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-28 07:46 - 2015-12-28 07:46 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-28 07:45 - 2015-12-28 07:46 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-28 07:45 - 2015-12-28 07:45 - 05066104 _____ (AVAST Software) C:\Users\uzivatel\Downloads\avast_free_antivirus_setup_online.exe
2015-12-28 00:49 - 2015-12-28 00:49 - 00000000 _____ C:\Users\uzivatel\Desktop\Nový textový dokument.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 08:41 - 2014-07-08 12:45 - 00000000 ____D C:\ProgramData\Origin
2016-01-27 08:39 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-27 08:36 - 2015-08-27 15:40 - 00004218 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ECEE36A5-191A-4AAC-AEFF-8C4875BBCD4F}
2016-01-27 08:27 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-27 08:19 - 2014-06-11 14:31 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-27 08:12 - 2014-07-15 08:40 - 00000000 ____D C:\Program Files (x86)\WarThunder
2016-01-27 08:11 - 2014-06-29 17:33 - 00000000 ____D C:\Users\uzivatel\AppData\Roaming\Skype
2016-01-26 08:24 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-26 08:08 - 2014-06-29 16:21 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-25 09:04 - 2015-12-13 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-25 09:03 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-23 20:25 - 2015-12-13 11:39 - 00000000 ____D C:\Users\uzivatel
2016-01-23 10:37 - 2015-04-13 07:46 - 00000000 ____D C:\Users\uzivatel\Desktop\Veteranen
2016-01-20 15:20 - 2015-10-18 15:01 - 00000000 ____D C:\Users\uzivatel\Desktop\Ree
2016-01-18 16:51 - 2014-06-11 14:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-15 07:52 - 2014-07-01 07:10 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-15 07:44 - 2015-12-13 11:38 - 02039646 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-15 07:44 - 2015-10-30 19:31 - 00843542 _____ C:\WINDOWS\system32\perfh005.dat
2016-01-15 07:44 - 2015-10-30 19:31 - 00192556 _____ C:\WINDOWS\system32\perfc005.dat
2016-01-15 07:44 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-15 07:35 - 2014-12-06 10:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 07:35 - 2014-12-06 10:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 22:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-14 19:07 - 2014-09-28 15:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 08:34 - 2014-12-06 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-14 08:34 - 2014-06-12 10:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-14 08:32 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 16:27 - 2014-06-12 11:06 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 16:27 - 2014-06-12 11:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 16:27 - 2009-07-14 03:34 - 00000580 _____ C:\WINDOWS\win.ini
2016-01-12 18:23 - 2014-12-26 05:45 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-12 11:51 - 2015-03-28 09:44 - 00000000 ____D C:\Users\uzivatel\Desktop\Military
2016-01-12 11:48 - 2015-03-28 09:43 - 00000000 ____D C:\Users\uzivatel\Desktop\Akce
2016-01-12 11:46 - 2015-04-01 07:03 - 00000000 ____D C:\Users\uzivatel\Desktop\Veteráni
2016-01-12 11:46 - 2014-07-06 20:41 - 00000000 ____D C:\Users\uzivatel\Desktop\Práce
2016-01-10 13:50 - 2014-06-29 17:32 - 00000000 ____D C:\ProgramData\Skype
2016-01-05 21:24 - 2015-01-02 08:39 - 00000000 ____D C:\Users\uzivatel\Desktop\Zündapp
2016-01-04 21:12 - 2015-10-30 19:41 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-01-03 02:40 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-01 20:04 - 2015-01-02 07:38 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-12-29 23:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-28 17:19 - 2015-08-23 23:42 - 00000000 ____D C:\Users\uzivatel\AppData\Local\Comms
2015-12-28 17:04 - 2015-08-23 10:43 - 00000000 ____D C:\Users\uzivatel\AppData\Local\Packages
2015-12-28 08:14 - 2015-08-27 15:17 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-12-28 08:14 - 2014-07-01 07:04 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-28 08:08 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-12-28 08:01 - 2015-12-13 11:39 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-28 00:40 - 2015-09-01 17:22 - 00000000 ____D C:\Users\uzivatel\AppData\Roaming\Seznam.cz
2015-12-28 00:38 - 2014-07-01 07:04 - 00000000 ____D C:\Users\uzivatel\AppData\Local\Google
2015-12-28 00:38 - 2014-07-01 07:04 - 00000000 ____D C:\ProgramData\Google

Some files in TEMP:
====================
C:\Users\uzivatel\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-19 18:07

==================== End of FRST.txt ============================

[Blondarson]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by uzivatel (2016-01-27 08:42:36)
Running from C:\Users\uzivatel\Downloads
Windows 10 Pro (X64) (2015-12-13 11:05:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4112901673-1865571380-2406517598-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4112901673-1865571380-2406517598-503 - Limited - Disabled)
Guest (S-1-5-21-4112901673-1865571380-2406517598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4112901673-1865571380-2406517598-1003 - Limited - Enabled)
uzivatel (S-1-5-21-4112901673-1865571380-2406517598-1001 - Administrator - Enabled) => C:\Users\uzivatel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
IL-2 Sturmovik: Cliffs of Dover (HKLM-x32\...\Steam App 63950) (Version: - 1C: Maddox Games)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0405-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Prostředí Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Registrace uživatele zařízení Canon MG5300 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG5300 series) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder Launcher 1.0.1.376 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {007A0541-6FD5-4C72-A158-2A872DE6DAE5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-28] (AVAST Software)
Task: {011FA347-585B-4A6D-BFCC-E4270F74BC60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {02E3EE98-4456-4DD5-A7A5-33D5F9C97213} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {066A9894-B411-4416-8699-7AB367258A91} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {070F2E7E-E16C-496C-800B-63FBC65926F2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {08D101C0-4859-4EF8-8F3C-CFC570CFFB4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0E1A058A-5CEB-4FD4-B01E-BF77F628F57F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-16] (Adobe Systems Incorporated)
Task: {0ED05B75-484F-452D-BD67-19F6B22A8164} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0F3E3232-C934-4AC2-A7F6-3761839606CB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1572F8C6-87F4-4596-868F-0A99B984078A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {17308D94-792B-4AFD-974B-6D2BB8D15D19} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1778BBB2-C6D6-4557-9662-97157A1282E8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {181CA63B-6F58-4C9B-BB8F-DC9218722F63} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {1D47ACCA-4D19-4623-965F-F64D8D9940F3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {33C99A8C-FC6E-4115-8902-1CD791B0121F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {3761F137-B5A7-435D-AAAD-1D1CABB1942D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4017DED6-BC89-4E3D-9ED6-0EE073DDEBF6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {465A0316-3C6E-4248-ABE4-EEA250B8529E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4E2BC656-67C2-42F3-92A9-6817D2A89D84} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {50137526-3981-4F95-9B7E-16FC04E790F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {52F7A4F7-206D-472A-972B-D74C5B791CAF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {53DC433E-C364-4769-92AC-41DD7556334B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {65BC39FC-F464-4BA0-9E88-2ED6A610B2FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {717ACBCE-C600-4C04-8B97-8020EE4D4699} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {99BEC8E9-21C2-481C-B291-F69E22301CE6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A49AE608-7DF8-485B-806F-08D02DDE5377} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AB192935-BAB1-4BDD-BCC4-37DBC296A2EE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {B9BF4072-80E7-44D7-9554-F37CC150B3E5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BC4F3A98-11E8-432C-803A-04B7C7139494} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {BF6498DD-EE25-4C10-9766-C94E8D6F7091} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C3C225A6-6E2A-4B42-9D7D-69D892144481} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C9808C23-7DA3-479C-B099-EBC07890250A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {CBD3C970-3228-4684-A270-163F6AA68D94} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D0462962-072C-4DAB-B863-5AEB85347BEA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {DAE7C5D8-3577-4B73-B56F-5042B41ABF85} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {DC1BE37E-FAC9-4D64-8CEB-B7375905B11D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {E33122A9-FBB0-4B8C-B0F0-BF65FC8F323D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E7EF8709-AED1-49E6-B2AB-265F2641587D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E8D3F32A-6FCF-4448-A0B3-50F14E406378} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {EDE438A1-7B8D-4073-8DED-C88C35E28D9D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {EFD71CC6-2410-42B4-B9BE-CD067DCB1291} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F0330C4E-EC6F-41A2-A923-40D5012B326A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F3223B82-BA10-4490-AC3E-230AD60154F2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-01-02 07:38 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-13 14:40 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-13 14:40 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-19 08:34 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-19 08:34 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 15:05 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 15:05 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-13 15:05 - 2016-01-05 02:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-13 15:04 - 2016-01-05 02:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-22 08:06 - 2016-01-22 08:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-28 07:50 - 2015-12-28 07:50 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-28 07:50 - 2015-12-28 07:50 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-25 08:27 - 2016-01-25 08:27 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012403\algo.dll
2015-12-28 07:50 - 2015-12-28 07:50 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-27 08:25 - 2016-01-27 08:25 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012700\algo.dll
2015-12-27 12:35 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-27 12:35 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-27 12:35 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-12-27 12:35 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-27 12:35 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-15 07:51 - 2016-01-12 17:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-15 07:51 - 2016-01-12 17:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2014-05-16 16:36 - 2015-11-10 20:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-11 15:58 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-29 08:37 - 2015-12-14 21:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-11 15:58 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-11 15:58 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-09-15 18:00 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-15 18:00 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-15 18:00 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-15 18:00 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-15 18:00 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-05-29 08:36 - 2015-12-14 21:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-09 08:55 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-12-28 07:50 - 2015-12-28 07:50 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-22 08:06 - 2016-01-22 08:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 08:06 - 2016-01-22 08:07 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00278208 _____ () C:\Program Files (x86)\Windows Live\Writer\cs\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-12-27 16:54 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15461 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4112901673-1865571380-2406517598-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\uzivatel\Desktop\klinovec-v-zime-dc85-.jpeg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "ApnTBMon"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{91D4C72D-8C83-4D08-943A-3F551B48CF5B}C:\program files (x86)\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{6C9D8847-392D-460E-9AE1-BF9C1FD896A4}C:\program files (x86)\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\warthunder\win64\aces.exe
FirewallRules: [{ED86B7E2-FC10-44A6-8E6E-13354104E54B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{83C8E7B7-8626-4B7F-B43C-DD1085469DCC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17F50FB9-23FE-48BC-913D-7BAD454C3C33}] => (Allow) C:\Users\uzivatel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{074CA26E-2A75-4858-B67A-F1B0D3E3CDF1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{19BCCD38-B5EB-45BB-854A-0739AD12CC33}] => (Allow) LPort=2869
FirewallRules: [{FB1E9532-FFF6-428F-81A3-58C87732592A}] => (Allow) LPort=1900
FirewallRules: [{615276AE-9947-4D69-A7F6-45C8ECFD6322}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B5CD2EC3-6401-411F-9D0F-986B9743BFFF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{72ED8E53-B7C0-4E58-A75D-9B4C23B0813A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\IL-2 Sturmovik Cliffs of Dover\Launcher.exe
FirewallRules: [{17EB095C-06EE-4275-AA3B-AA6A2FDDF922}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\IL-2 Sturmovik Cliffs of Dover\Launcher.exe
FirewallRules: [{13627104-A54B-4305-885B-3E28E2791726}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9759D0B4-334C-40C6-8791-6E33DCF9E59B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{035EF86E-C246-4280-BE0A-21532B8F764A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4B0C9F96-0578-44E6-BDCB-617D68219755}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{67E42BE9-EFF7-4B35-8C45-8DF5755180D4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{BBBDADCD-60C8-47E7-ADFC-380A19E9C9F0}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{12FC15B3-FE6A-433E-AB1E-709E4E44A74B}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{F82D9B7B-D915-4D26-8033-8ECCC8950062}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{CF0D98D9-461C-4DE6-BD7F-D14B275CDE87}] => (Allow) LPort=80
FirewallRules: [{E9E52AE3-29C8-4938-9D45-183323E0943D}] => (Allow) LPort=443
FirewallRules: [{5E1F8B56-88D7-42EE-B9A8-3B285E5B2455}] => (Allow) LPort=20010
FirewallRules: [{0E497A10-B786-43BE-A2A8-9271C0621A8A}] => (Allow) LPort=3478
FirewallRules: [{0650B022-0AAF-4FA8-AF1D-340465B03865}] => (Allow) LPort=7850
FirewallRules: [{001F2F4E-0942-4A78-A909-065319121E62}] => (Allow) LPort=7852
FirewallRules: [{A480288D-E629-4949-A9E7-997822F96C4A}] => (Allow) LPort=7853
FirewallRules: [{6C58B760-A873-4E7B-9BD4-B89B9FF986CD}] => (Allow) LPort=27022
FirewallRules: [{965C54E0-CF2C-46C1-8D1C-E59A8F95A2ED}] => (Allow) LPort=6881
FirewallRules: [{E3D8F123-2DCB-471D-98BB-A7133A7CC183}] => (Allow) LPort=33333
FirewallRules: [{D204E4EE-09E3-45D9-932C-045C36B655A3}] => (Allow) LPort=20443
FirewallRules: [{3C12EB5D-029D-4BC5-B81D-EF03078557A1}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{3A7539A6-EF10-4ED2-8727-FBBEFAFE6AFC}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{A473EFD5-53AA-4846-B114-4FB06207D99D}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{659624BC-8DB8-4E4C-93A7-69249CCBC599}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{7DC664EB-8932-4AFC-A2EA-AC72FC4FF24F}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{9A4EEF04-39F3-41E1-95CD-EBC979DC43EE}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{7184B837-162B-47AC-AEA5-D92E30DF4C13}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [TCP Query User{05CD235E-0B64-4934-BC43-D5D8CD479998}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{AB6BDD65-00DA-4E74-976A-EA82F29685BB}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [{624233A1-3E00-4647-9314-FF2F29CB32E2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{69254415-EFA3-423C-825F-1210F1C0DBF7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{AF354DE5-C8DF-4B3E-8E77-A860F2F7F143}C:\program files (x86)\warthunder\launcher.exe] => (Allow) C:\program files (x86)\warthunder\launcher.exe
FirewallRules: [UDP Query User{4E996B5E-D77A-4AFE-9C21-AEDA95E7FF8F}C:\program files (x86)\warthunder\launcher.exe] => (Allow) C:\program files (x86)\warthunder\launcher.exe
FirewallRules: [TCP Query User{971EB48D-1481-492E-9B7F-B1CCF1956407}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{DF84A2B3-56FF-4777-A4E6-3A0CEC369EE6}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{6D81A391-84DF-4E01-A4B7-2237B5D37707}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6187CC5F-7B57-4C3B-BF0D-8C1A52916BD4}C:\program files (x86)\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{827CF606-C576-439C-81F4-793F384B9DF6}C:\program files (x86)\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\warthunder\win64\aces.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

25-01-2016 07:45:33 Windows Zálohování

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2016 09:52:14 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/25/2016 07:45:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (01/22/2016 08:20:49 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/20/2016 07:38:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/20/2016 09:02:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 47.0.2526.111 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: fac

Čas spuštění: 01d1534f8b951e3a

Čas ukončení: 8

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: fa226fc5-bf4b-11e5-9c0f-f04da229a4b5

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (01/18/2016 05:21:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: UZIVATE-3T5RH9M)
Description: Balíček Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe+App se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (01/18/2016 04:49:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: UZIVATE-3T5RH9M)
Description: Aktualizaci {AC76BA86-7AD7-FFFF-2550-7A8C40011014} produktu Adobe Reader XI (11.0.13) MUI nebylo možné nainstalovat. Kód chyby: 1625. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/18/2016 04:40:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (01/18/2016 04:39:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CNQMUPDT.EXE, verze: 2.3.0.0, časové razítko: 0x51ee1f87
Název chybujícího modulu: CNMDWLD.DLL, verze: 1.0.0.0, časové razítko: 0x4f5eedc8
Kód výjimky: 0xc0000005
Posun chyby: 0x000023c6
ID chybujícího procesu: 0x1ce4
Čas spuštění chybující aplikace: 0xCNQMUPDT.EXE0
Cesta k chybující aplikaci: CNQMUPDT.EXE1
Cesta k chybujícímu modulu: CNQMUPDT.EXE2
ID zprávy: CNQMUPDT.EXE3
Úplný název chybujícího balíčku: CNQMUPDT.EXE4
ID aplikace související s chybujícím balíčkem: CNQMUPDT.EXE5

Error: (01/13/2016 08:44:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_OneSyncSvc_65780e5, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: InternetMail.dll, verze: 10.0.10586.0, časové razítko: 0x5632d398
Kód výjimky: 0xe0464645
Posun chyby: 0x0000000000005e90
ID chybujícího procesu: 0x644
Čas spuštění chybující aplikace: 0xsvchost.exe_OneSyncSvc_65780e50
Cesta k chybující aplikaci: svchost.exe_OneSyncSvc_65780e51
Cesta k chybujícímu modulu: svchost.exe_OneSyncSvc_65780e52
ID zprávy: svchost.exe_OneSyncSvc_65780e53
Úplný název chybujícího balíčku: svchost.exe_OneSyncSvc_65780e54
ID aplikace související s chybujícím balíčkem: svchost.exe_OneSyncSvc_65780e55


System errors:
=============
Error: (01/27/2016 08:12:06 AM) (Source: DCOM) (EventID: 10016) (User: UZIVATE-3T5RH9M)
Description: výchozí pro počítačMístníAktivace{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UZIVATE-3T5RH9MuzivatelS-1-5-21-4112901673-1865571380-2406517598-1001LocalHost (pomocí LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/27/2016 08:12:06 AM) (Source: DCOM) (EventID: 10016) (User: UZIVATE-3T5RH9M)
Description: výchozí pro počítačMístníAktivace{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UZIVATE-3T5RH9MuzivatelS-1-5-21-4112901673-1865571380-2406517598-1001LocalHost (pomocí LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/27/2016 08:12:06 AM) (Source: DCOM) (EventID: 10016) (User: UZIVATE-3T5RH9M)
Description: výchozí pro počítačMístníAktivace{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UZIVATE-3T5RH9MuzivatelS-1-5-21-4112901673-1865571380-2406517598-1001LocalHost (pomocí LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/27/2016 08:10:57 AM) (Source: DCOM) (EventID: 10016) (User: UZIVATE-3T5RH9M)
Description: výchozí pro počítačMístníAktivace{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UZIVATE-3T5RH9MuzivatelS-1-5-21-4112901673-1865571380-2406517598-1001LocalHost (pomocí LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/27/2016 08:10:57 AM) (Source: DCOM) (EventID: 10016) (User: UZIVATE-3T5RH9M)
Description: výchozí pro počítačMístníAktivace{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UZIVATE-3T5RH9MuzivatelS-1-5-21-4112901673-1865571380-2406517598-1001LocalHost (pomocí LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/27/2016 08:10:57 AM) (Source: DCOM) (EventID: 10016) (User: UZIVATE-3T5RH9M)
Description: výchozí pro počítačMístníAktivace{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UZIVATE-3T5RH9MuzivatelS-1-5-21-4112901673-1865571380-2406517598-1001LocalHost (pomocí LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/26/2016 07:57:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Hostitel synchronizace_2397b7a bylo dosaženo časového limitu (30000 ms).

Error: (01/26/2016 07:57:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Úložiště uživatelských dat_2397b7a bylo dosaženo časového limitu (30000 ms).

Error: (01/26/2016 07:57:37 PM) (Source: DCOM) (EventID: 10010) (User: UZIVATE-3T5RH9M)
Description: {0002DF02-0000-0000-C000-000000000046}

Error: (01/26/2016 07:57:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_2397b7a byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
Date: 2016-01-15 07:43:13.854
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-07 16:10:01.957
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 14:07:10.132
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-01 14:35:50.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-30 21:21:24.467
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-27 09:26:35.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-27 09:26:35.629
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-27 09:26:34.713
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-27 09:26:34.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-27 09:26:34.664
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 70%
Total physical RAM: 4029.61 MB
Available physical RAM: 1174.01 MB
Total Virtual: 8125.61 MB
Available Virtual: 3938.14 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:148.57 GB) (Free:30.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 9D79893D)
Partition 1: (Active) - (Size=148.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

[altrok]

Kdy Malwarebytes hlasi malware? I v necinnosti nebo jen pri spustenem konkretnim prohlizeci? V jakem umisteni hlasi malware?


Odinstalujte

• Skype Click to Call - adware z instalace Skypu http://forum.viry.cz/viewtopic.php?p=1374439#p1374439

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi