Prosím preventivní kontrolu

[Zemos]

Prosil bych preventivní kontrolu pc. Avastem projeto, Malwarem také.

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Péťa (administrator) on PC-PETA (01-04-2016 18:57:35)
Running from C:\Users\Péťa\Desktop\Programy
Loaded Profiles: Péťa (Available Profiles: Péťa & Guest)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(LogMeIn Inc.) D:\Programy\hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Overwolf LTD) D:\Programy\Overwolf\Overwolf.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.92.229.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.92.229.0\OverwolfHelper64.exe
(Overwolf LTD) D:\Programy\Overwolf\0.92.229.0\Purplizer\Purplizer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(LogMeIn Inc.) D:\Programy\hamachi\hamachi-2-ui.exe
(Dropbox, Inc.) C:\Users\Péťa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
() C:\Users\Péťa\AppData\Roaming\Tawk\tawk-desktop-version-1.0.0\tawk-desktop.exe
() C:\Users\Péťa\AppData\Roaming\Tawk\tawk-desktop-version-1.0.0\tawk-desktop.exe
() C:\Users\Péťa\AppData\Roaming\Tawk\tawk-desktop-version-1.0.0\tawk-desktop.exe
() C:\Users\Péťa\AppData\Roaming\Tawk\tawk-desktop-version-1.0.0\tawk-desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13663448 2014-01-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programy\hamachi\hamachi-2-ui.exe [5565448 2016-03-22] (LogMeIn Inc.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-14] (Nero AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Spotify Web Helper] => C:\Users\Péťa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-11] (Spotify Ltd)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Dropbox Update] => C:\Users\Péťa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2016-01-19] (Acer)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Programy\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Clownfish] => [X]
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Overwolf] => D:\Programy\Overwolf\Overwolf.exe [45296 2016-03-21] (Overwolf LTD)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Spotify] => C:\Users\Péťa\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-03-11] (Spotify Ltd)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [RemoteFilesTrayIcon] => C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe [2289880 2015-11-10] (acer)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Péťa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Péťa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Péťa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Péťa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Péťa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Péťa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Péťa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Péťa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-16] (AVAST Software)
Startup: C:\Users\Péťa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Péťa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3783AFFC-F2B4-440D-9137-4FB4E616A3AB}: [DhcpNameServer] 10.77.0.254
Tcpip\..\Interfaces\{6EB4AC1E-4056-46FE-8AB6-7B467F56C03B}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{7E9227A9-8C09-4C6E-87B3-80E27532210B}: [DhcpNameServer] 10.0.0.138 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-16] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-24] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-16] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-24] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Péťa\AppData\Roaming\Mozilla\Firefox\Profiles\t4rih17k.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-24] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-12-27] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-621929646-1206955908-3885600500-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Péťa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-621929646-1206955908-3885600500-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-12]

Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-30]
CHR Extension: (Google Docs) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30]
CHR Extension: (Google Drive) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-30]
CHR Extension: (YouTube) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-30]
CHR Extension: (Google Search) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Give Up) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\diippoclinjdbklinhchgedilfncehbi [2015-05-09]
CHR Extension: (Google Sheets) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-30]
CHR Extension: (Google Docs Offline) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-30]
CHR Extension: (Gmail) - C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-16] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
S3 Disc Soft Lite Bus Service; D:\Programy\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-25] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 Hamachi2Svc; D:\Programy\hamachi\hamachi-2.exe [2550792 2016-03-22] (LogMeIn Inc.)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Origin Client Service; D:\Programy\origin\OriginClientService.exe [2119688 2016-03-31] (Electronic Arts)
S3 OverwolfUpdater; D:\Programy\Overwolf\OverwolfUpdater.exe [1284848 2016-03-21] (Overwolf LTD)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-24] (acer)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-16] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-22] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-03-22] (LogMeIn Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
S3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2015-12-16] () [File not signed]
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
R3 WinRing0_1_2_0; \??\D:\Programy\Overwolf\0.92.229.0\OverwolfBenchmarking.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-01 18:56 - 2016-04-01 18:57 - 00000000 ____D C:\FRST
2016-04-01 14:30 - 2016-04-01 14:30 - 00222412 _____ C:\Users\Péťa\Downloads\opensans-light.ttf
2016-04-01 14:09 - 2016-04-01 14:09 - 00000116 _____ C:\Windows\setupact.log
2016-04-01 14:09 - 2016-04-01 14:09 - 00000000 _____ C:\Windows\setuperr.log
2016-04-01 06:43 - 2016-04-01 06:43 - 00001961 _____ C:\Users\Public\Desktop\abMusic.lnk
2016-03-31 17:26 - 2016-03-31 17:26 - 02268672 _____ C:\Users\Péťa\Downloads\vy_32_inovace_26-08(vesmir).ppt
2016-03-30 20:27 - 2016-03-30 20:27 - 00000863 _____ C:\Users\Péťa\Downloads\server.properties
2016-03-30 19:10 - 2016-03-30 19:10 - 00325807 _____ C:\Users\Péťa\Downloads\Multiverse-Core-2.4.jar
2016-03-30 19:06 - 2016-03-30 19:06 - 03489657 _____ C:\Users\Péťa\Downloads\City.rar
2016-03-30 13:43 - 2016-03-30 13:45 - 00000000 ____D C:\Users\Péťa\AppData\Local\Ubisoft Game Launcher
2016-03-30 13:41 - 2016-03-30 13:41 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Ubisoft
2016-03-30 13:37 - 2016-03-30 14:35 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-03-30 13:04 - 2016-03-30 13:24 - 1038090240 _____ C:\Users\Péťa\Downloads\IGG-AsAsCre222.part6.rar
2016-03-30 07:24 - 2016-03-30 09:27 - 1038090240 _____ C:\Users\Péťa\Downloads\IGG-AsAsCre222.part5.rar
2016-03-30 07:24 - 2016-03-30 09:27 - 1038090240 _____ C:\Users\Péťa\Downloads\IGG-AsAsCre222.part4.rar
2016-03-30 07:24 - 2016-03-30 09:27 - 1038090240 _____ C:\Users\Péťa\Downloads\IGG-AsAsCre222.part3.rar
2016-03-30 07:24 - 2016-03-30 09:26 - 1038090240 _____ C:\Users\Péťa\Downloads\IGG-AsAsCre222.part2.rar
2016-03-30 07:24 - 2016-03-30 09:02 - 751559047 _____ C:\Users\Péťa\Downloads\IGG-AsAsCre222.part7.rar
2016-03-30 07:23 - 2016-03-30 09:24 - 1038090240 _____ C:\Users\Péťa\Downloads\IGG-AsAsCre222.part1.rar
2016-03-29 18:12 - 2016-03-29 18:12 - 01076298 _____ C:\Users\Péťa\Downloads\AuthMe (2).jar
2016-03-29 17:35 - 2016-03-29 17:58 - 00119305 _____ C:\Users\Péťa\Desktop\př-zemánek.pptx
2016-03-29 17:33 - 2016-03-29 17:33 - 00068102 _____ C:\Users\Péťa\Downloads\AuthMe (1).jar
2016-03-29 16:51 - 2016-03-29 16:51 - 00444123 _____ C:\Users\Péťa\Downloads\JSONAPI.v5.6.0.for.1.8 (1).jar
2016-03-29 16:50 - 2016-03-29 16:50 - 01076298 _____ C:\Users\Péťa\Downloads\AuthMe.jar
2016-03-29 15:12 - 2016-03-29 15:12 - 01195284 _____ C:\Users\Péťa\Downloads\Market.rar
2016-03-28 19:44 - 2016-03-28 19:44 - 01519616 _____ C:\Users\Péťa\Downloads\Kde_to_vlastne_zijeme.ppt
2016-03-28 19:44 - 2016-03-28 19:44 - 01497144 _____ C:\Users\Péťa\Downloads\vesma-r-x.pptx
2016-03-28 19:43 - 2016-03-28 19:43 - 00259584 _____ C:\Users\Péťa\Downloads\Mléčná Dráha - Klárka (1).ppt
2016-03-28 19:39 - 2016-03-31 20:30 - 00600097 _____ C:\Users\Péťa\Desktop\milkaway.pptx
2016-03-28 15:01 - 2016-03-28 15:01 - 00082707 _____ C:\Users\Péťa\Downloads\jablonec-nad-nisou.xlsx
2016-03-24 16:09 - 2016-03-24 16:10 - 21356632 _____ C:\Users\Péťa\Downloads\minecraft-extended-punishment-list-4-0-0-beta5.zip
2016-03-24 16:02 - 2016-03-24 16:03 - 00524401 _____ C:\Users\Péťa\Downloads\SkinsRestorer-v11.0-v2.zip
2016-03-24 16:02 - 2016-03-24 16:02 - 00046837 _____ C:\Users\Péťa\Downloads\BannerMaker.jar
2016-03-24 16:01 - 2016-03-24 16:01 - 00040508 _____ C:\Users\Péťa\Downloads\Figadmin_Reloaded.jar
2016-03-24 15:55 - 2016-03-24 15:55 - 00107271 _____ C:\Users\Péťa\Downloads\Ultrabans (1).jar
2016-03-24 15:52 - 2016-03-24 15:52 - 00140404 _____ C:\Users\Péťa\Downloads\Ultrabans.jar
2016-03-24 15:40 - 2016-03-24 15:40 - 00001276 _____ C:\Users\Péťa\Downloads\seznam-vip-hracu-1.1.0 (1).rar
2016-03-24 15:38 - 2016-03-24 15:38 - 00001316 _____ C:\Users\Péťa\Downloads\minecraft-player-list-1.1.3.rar
2016-03-24 15:33 - 2016-03-24 15:33 - 00001276 _____ C:\Users\Péťa\Downloads\seznam-vip-hracu-1.1.0.rar
2016-03-24 15:04 - 2016-03-24 15:04 - 00001615 _____ C:\Users\Péťa\Downloads\server-status-table-2.0.0.rar
2016-03-24 14:39 - 2016-03-24 14:39 - 00444123 _____ C:\Users\Péťa\Downloads\JSONAPI.v5.6.0.for.1.8.jar
2016-03-24 12:19 - 2016-03-24 12:19 - 00117821 _____ C:\Users\Péťa\Downloads\WorldBorder.jar
2016-03-24 12:09 - 2016-03-24 12:09 - 00001692 _____ C:\Users\Péťa\Downloads\server-status-extended-2.0.1.rar
2016-03-24 09:31 - 2016-03-24 09:32 - 07504999 _____ C:\Users\Péťa\Downloads\wordpress-4.3.3-cs_CZ.zip
2016-03-23 18:58 - 2016-03-23 18:59 - 04102422 _____ C:\Users\Péťa\Downloads\dynmap-2.2.jar
2016-03-23 18:54 - 2016-03-23 18:55 - 17262294 _____ C:\Users\Péťa\Downloads\Plugins (1).rar
2016-03-23 18:15 - 2016-03-23 19:17 - 00003046 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458749721
2016-03-23 18:15 - 2016-03-23 18:15 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-22 20:56 - 2016-03-22 20:56 - 00000707 _____ C:\Users\Péťa\Downloads\authme-database-converter-1.0.0.rar
2016-03-22 16:16 - 2016-03-22 16:16 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2016-03-20 19:55 - 2016-03-20 19:56 - 16803945 _____ C:\Users\Péťa\Downloads\craftbukkit-1.8.8.jar
2016-03-20 19:25 - 2016-03-20 19:26 - 19556772 _____ C:\Users\Péťa\Downloads\spigot-1.8.8.jar
2016-03-20 17:48 - 2016-03-20 17:49 - 20478885 _____ C:\Users\Péťa\Downloads\spigot-1.9.jar
2016-03-20 15:51 - 2016-03-20 15:52 - 22555431 _____ C:\Users\Péťa\Downloads\spigot-1.7.2-R0.4-SNAPSHOT-1339.jar
2016-03-19 21:42 - 2016-03-19 21:44 - 03411487 _____ C:\Users\Péťa\Downloads\builder-1.0-SNAPSHOT.jar
2016-03-18 23:46 - 2016-03-18 23:46 - 06516656 _____ (Tim Kosse) C:\Users\Péťa\Downloads\FileZilla_3.16.1_win64-setup.exe
2016-03-18 20:16 - 2016-03-18 20:16 - 00575918 _____ C:\Users\Péťa\Downloads\ck_zemánek.pptx
2016-03-17 16:19 - 2016-03-17 16:20 - 54955106 _____ C:\Users\Péťa\Downloads\LoganKart0.8.0Windows.zip
2016-03-17 15:23 - 2016-03-17 15:23 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-16 21:49 - 2016-03-16 21:49 - 00000000 ____D C:\Users\Péťa\AppData\Local\UnrealEngine
2016-03-16 21:49 - 2016-03-16 21:49 - 00000000 ____D C:\Users\Péťa\AppData\Local\LudumDare34
2016-03-16 21:30 - 2016-03-16 21:39 - 291399959 _____ C:\Users\Péťa\Downloads\SAAAM.zip
2016-03-16 21:29 - 2016-03-16 21:33 - 68900184 _____ C:\Users\Péťa\Downloads\RadicalRockits_Win.zip
2016-03-16 21:13 - 2016-03-16 21:13 - 00000000 ____D C:\Users\Péťa\Documents\SimCity
2016-03-15 15:54 - 2016-03-15 15:54 - 00259584 _____ C:\Users\Péťa\Downloads\Mléčná Dráha - Klárka.ppt
2016-03-14 20:35 - 2016-03-14 20:36 - 29971195 _____ C:\Users\Péťa\Downloads\client_20800.zip
2016-03-12 17:33 - 2016-03-16 20:12 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-03-12 15:53 - 2016-03-12 17:10 - 1038090240 _____ C:\Users\Péťa\Downloads\IGG-SimmCitiii.part2.rar
2016-03-12 15:53 - 2016-03-12 16:37 - 464574759 _____ C:\Users\Péťa\Downloads\IGG-SimmCitiii.part3.rar
2016-03-12 15:52 - 2016-03-12 17:10 - 1038090240 _____ C:\Users\Péťa\Downloads\IGG-SimmCitiii.part1.rar
2016-03-11 15:58 - 2016-03-11 15:58 - 02089335 _____ C:\Users\Péťa\Downloads\cz_rct3_soaked_wild.zip
2016-03-11 07:50 - 2016-03-11 07:50 - 00000000 ____D C:\Users\Péťa\Desktop\Nová složka
2016-03-10 20:02 - 2016-03-10 20:02 - 00233283 _____ C:\Users\Péťa\Downloads\RollercoasterTycoon3_soaked_wild_updatecz.zip
2016-03-10 20:00 - 2016-03-10 20:01 - 02089317 _____ C:\Users\Péťa\Downloads\RollercoasterTycoon3_soaked_wild_cz.zip
2016-03-10 19:56 - 2016-03-10 19:56 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2016-03-10 19:56 - 2016-03-10 19:56 - 00003096 _____ C:\Windows\System32\Tasks\{3772D30A-1029-43C1-888C-02A36C767FD0}
2016-03-10 19:54 - 2016-03-10 19:54 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Atari
2016-03-10 19:52 - 2016-03-10 20:04 - 00000000 ____D C:\Users\Péťa\Documents\RCT3
2016-03-10 19:52 - 2002-02-27 18:50 - 00197120 _____ C:\Windows\patchw32.dll
2016-03-09 17:24 - 2016-04-01 17:54 - 00001143 _____ C:\Users\Péťa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tawk-desktop.lnk
2016-03-09 17:24 - 2016-03-09 17:24 - 00001128 _____ C:\Users\Péťa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tawk.to.lnk
2016-03-09 17:24 - 2016-03-09 17:24 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Tawk
2016-03-09 17:23 - 2016-03-09 17:24 - 35308978 _____ C:\Users\Péťa\Downloads\TawktoSetup64.zip
2016-03-09 15:30 - 2016-02-20 17:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 15:30 - 2016-02-20 17:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 15:30 - 2016-02-20 17:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 15:30 - 2016-02-20 17:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 15:30 - 2016-02-20 17:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 15:30 - 2016-02-20 17:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 15:30 - 2016-02-08 23:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 15:30 - 2016-02-08 22:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 15:30 - 2016-02-08 20:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 15:30 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-09 15:30 - 2016-02-08 19:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 15:30 - 2016-02-08 19:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 15:30 - 2016-02-08 19:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 15:30 - 2016-02-08 18:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 15:30 - 2016-02-05 21:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 15:30 - 2016-01-06 20:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-03-09 15:30 - 2015-12-30 23:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 15:29 - 2016-02-08 22:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 15:29 - 2016-02-08 22:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 15:29 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-09 15:29 - 2016-02-08 22:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 15:29 - 2016-02-08 22:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 15:29 - 2016-02-08 22:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-09 15:29 - 2016-02-08 22:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 15:29 - 2016-02-08 22:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 15:29 - 2016-02-08 22:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 15:29 - 2016-02-08 22:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 15:29 - 2016-02-08 21:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 15:29 - 2016-02-08 21:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 15:29 - 2016-02-08 21:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 15:29 - 2016-02-08 20:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 15:29 - 2016-02-08 20:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 15:29 - 2016-02-08 20:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 15:29 - 2016-02-08 19:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 15:29 - 2016-02-08 19:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-09 15:29 - 2016-02-08 19:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 15:29 - 2016-02-08 19:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 15:29 - 2016-02-08 19:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 15:29 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-09 15:29 - 2015-11-08 23:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 15:28 - 2016-02-12 21:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 15:28 - 2016-02-12 17:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 15:28 - 2016-02-12 16:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-09 15:28 - 2016-02-12 16:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 15:28 - 2016-02-12 16:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 15:28 - 2016-02-12 16:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 15:28 - 2016-02-12 16:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 15:28 - 2016-02-12 16:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 15:28 - 2016-02-12 16:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 15:28 - 2016-02-12 16:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 15:28 - 2016-02-12 16:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 15:28 - 2016-02-12 16:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 15:28 - 2016-02-11 16:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-09 15:28 - 2016-02-11 16:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-09 15:28 - 2016-02-11 16:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-09 15:28 - 2016-02-11 16:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-09 15:28 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 15:28 - 2016-02-06 18:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 15:28 - 2016-02-06 18:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 15:28 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-09 15:28 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-09 15:28 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 15:28 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 15:28 - 2016-02-05 16:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-09 15:28 - 2016-02-05 16:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 15:28 - 2016-02-05 16:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-09 15:28 - 2016-02-05 16:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-09 15:28 - 2016-02-04 20:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 15:28 - 2016-02-04 20:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 15:28 - 2016-02-04 20:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 15:28 - 2016-02-04 19:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 15:28 - 2016-02-04 19:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 15:28 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 15:28 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 15:28 - 2016-02-03 22:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-09 15:28 - 2016-02-03 22:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-09 15:28 - 2016-02-03 17:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-09 15:28 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 15:28 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 15:28 - 2016-01-31 21:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 15:28 - 2016-01-24 20:19 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-03-09 15:28 - 2016-01-24 20:19 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-09 15:28 - 2016-01-24 20:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-03-09 15:28 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-03-09 15:28 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-03-09 15:28 - 2016-01-10 18:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-09 15:28 - 2016-01-10 18:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-09 15:28 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-03-09 15:28 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-03-09 15:28 - 2016-01-09 03:38 - 00091992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-03-09 15:28 - 2016-01-07 01:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-03-09 15:28 - 2016-01-07 01:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-03-09 15:28 - 2016-01-06 18:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-03-09 15:28 - 2016-01-05 17:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-03-09 15:28 - 2015-12-30 22:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-03-09 15:28 - 2015-12-20 16:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-03-09 15:28 - 2015-12-20 16:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-03-09 15:28 - 2015-12-20 16:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-03-09 15:28 - 2015-11-19 16:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 15:28 - 2015-11-19 16:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 15:27 - 2016-01-15 18:56 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-03-09 15:27 - 2016-01-15 18:45 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-03-07 19:51 - 2016-03-07 19:51 - 00457216 _____ C:\Users\Péťa\Downloads\Optika II..ppt
2016-03-05 12:09 - 2016-03-05 12:09 - 00000000 ____D C:\Program Files (x86)\AMD
2016-03-05 12:08 - 2014-02-16 18:23 - 00060640 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2016-03-05 11:54 - 2016-03-05 11:54 - 00627844 _____ C:\Users\Péťa\Downloads\contact-form-7.4.4.zip
2016-03-05 11:08 - 2016-03-05 11:08 - 00276188 _____ C:\Users\Péťa\Downloads\wp-support-plus-responsive-ticket-system.zip
2016-03-05 10:20 - 2016-03-05 10:20 - 01442150 _____ C:\Users\Péťa\Downloads\adamos.2.8.zip
2016-03-05 10:18 - 2016-03-05 10:18 - 00786309 _____ C:\Users\Péťa\Downloads\bota.2.2.zip
2016-03-05 10:12 - 2016-03-05 10:12 - 00817039 _____ C:\Users\Péťa\Downloads\premier.1.5.1.zip
2016-03-05 09:21 - 2016-03-05 09:21 - 00028595 _____ C:\Users\Péťa\Downloads\Dynmap-Factions-0.90.jar
2016-03-05 09:11 - 2016-03-05 09:12 - 17262294 _____ C:\Users\Péťa\Downloads\Plugins.rar
2016-03-04 18:47 - 2016-03-04 18:47 - 00268351 _____ C:\Users\Péťa\Downloads\extremedarkred_1.0.4.zip
2016-03-04 18:44 - 2016-03-04 18:45 - 06568344 _____ (Tim Kosse) C:\Users\Péťa\Downloads\FileZilla_3.16.0_win64-setup.exe
2016-03-04 18:43 - 2016-03-04 18:43 - 00459901 _____ C:\Users\Péťa\Downloads\twilightBB_1.0.18.zip
2016-03-04 18:00 - 2016-03-04 18:00 - 04184914 _____ C:\Users\Péťa\Downloads\phpbb3.1.8_cs.zip
2016-03-03 17:48 - 2016-03-03 17:48 - 06567264 _____ (Tim Kosse) C:\Users\Péťa\Downloads\FileZilla_3.15.0.2_win64-setup.exe
2016-03-03 17:46 - 2016-03-03 17:46 - 00003434 _____ C:\Users\Péťa\Downloads\mobilni-platby-1.0.0-beta2.rar
2016-03-03 17:45 - 2016-03-03 17:45 - 00002511 _____ C:\Users\Péťa\Downloads\fh.zip
2016-03-03 15:38 - 2016-03-03 15:39 - 07937915 _____ C:\Users\Péťa\Downloads\FTBLauncher_32bit.zip
2016-03-02 21:24 - 2016-03-02 21:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-02 21:23 - 2016-03-02 21:23 - 00001510 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-03-02 21:21 - 2016-03-02 21:21 - 00000000 ____D C:\Program Files\Adobe
2016-03-02 20:37 - 2016-03-02 20:37 - 00019473 _____ C:\Users\Péťa\Downloads\adobe animate cc 2015 1 multilingual incl patch amp keygen sadeempc.torrent
2016-03-02 20:28 - 2016-03-02 20:28 - 00012642 _____ C:\Users\Péťa\Downloads\adobe flash cs5 5 professional with crack.torrent
2016-03-02 15:45 - 2016-03-02 15:51 - 00000000 ____D C:\Users\Péťa\Desktop\Nargbox.1.7.10.v0.8_server
2016-03-02 15:42 - 2016-03-02 15:44 - 68899557 _____ C:\Users\Péťa\Downloads\Nargbox.1.7.10.v0.8_server.zip
2016-03-02 15:30 - 2016-03-02 20:37 - 00000000 ____D C:\Users\Péťa\Downloads\keygen

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-01 18:55 - 2014-12-29 11:04 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Skype
2016-04-01 18:48 - 2015-12-20 13:20 - 00000000 ____D C:\Users\Péťa\AppData\Local\LogMeIn Hamachi
2016-04-01 18:32 - 2016-02-24 22:48 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-01 18:12 - 2014-12-26 19:04 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-621929646-1206955908-3885600500-1001
2016-04-01 18:08 - 2015-09-18 14:49 - 00000976 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-01 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2016-04-01 17:54 - 2016-02-06 13:37 - 00000000 ____D C:\Users\Péťa\AppData\Local\Purplizer
2016-04-01 15:08 - 2015-09-18 14:49 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-01 14:39 - 2015-10-27 19:10 - 01587364 _____ C:\Windows\WindowsUpdate.log
2016-04-01 14:39 - 2015-03-10 19:29 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\FileZilla
2016-04-01 14:31 - 2014-12-26 19:18 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{12B12331-4303-4ADD-B940-510EDB01C12D}
2016-04-01 14:16 - 2014-12-26 19:19 - 00000000 __RDO C:\Users\Péťa\OneDrive
2016-04-01 14:11 - 2016-02-05 21:17 - 00000000 ____D C:\Users\Péťa\AppData\Local\Overwolf
2016-04-01 07:15 - 2015-05-19 20:11 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Audacity
2016-04-01 06:42 - 2014-09-12 15:32 - 00000000 ____D C:\Program Files (x86)\Acer
2016-04-01 06:40 - 2014-12-26 18:59 - 00000000 ____D C:\Users\Péťa\AppData\Local\clear.fi
2016-03-31 21:41 - 2014-12-26 18:58 - 00000000 ____D C:\Users\Péťa
2016-03-31 19:35 - 2014-12-26 19:05 - 00000000 ____D C:\Users\Péťa\AppData\Local\CrashDumps
2016-03-31 16:39 - 2015-09-02 15:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-31 16:36 - 2015-09-02 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-31 16:25 - 2014-12-26 19:06 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Foxit Software
2016-03-31 16:25 - 2014-09-12 15:43 - 00000000 ____D C:\Program Files (x86)\Foxit PhantomPDF
2016-03-31 16:24 - 2014-07-14 17:38 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-03-31 16:18 - 2016-01-12 19:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-31 16:18 - 2014-09-12 15:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-31 15:50 - 2015-08-22 10:11 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\DAEMON Tools Lite
2016-03-31 15:39 - 2016-03-01 15:33 - 00000000 ____D C:\Users\Péťa\Desktop\server
2016-03-31 15:39 - 2016-03-01 15:30 - 00000000 ____D C:\Users\Péťa\Desktop\YouTube
2016-03-31 15:39 - 2015-04-09 15:45 - 00000000 ____D C:\Users\Péťa\Desktop\Programy
2016-03-31 15:38 - 2015-04-09 15:45 - 00000000 ____D C:\Users\Péťa\Desktop\Hry
2016-03-31 15:33 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-31 14:55 - 2015-01-03 21:45 - 00000000 ____D C:\Users\Péťa\Documents\Euro Truck Simulator 2
2016-03-30 21:22 - 2015-11-17 17:36 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\.minecraft
2016-03-30 09:16 - 2016-01-24 15:10 - 00219336 _____ C:\Windows\SysWOW64\generic_uninstaller.log
2016-03-29 18:04 - 2014-09-12 15:43 - 00772496 _____ C:\Windows\system32\perfh005.dat
2016-03-29 18:04 - 2014-09-12 15:43 - 00168614 _____ C:\Windows\system32\perfc005.dat
2016-03-29 18:04 - 2014-03-18 12:03 - 01847990 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-29 16:09 - 2016-02-20 20:16 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\OBS
2016-03-24 11:11 - 2015-04-08 14:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-24 11:11 - 2015-04-08 14:09 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-24 11:11 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-23 18:15 - 2015-01-08 16:33 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-19 23:10 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-19 12:47 - 2015-01-14 20:21 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\TS3Client
2016-03-18 23:17 - 2015-03-05 19:27 - 00000000 ____D C:\Users\Péťa\AppData\Local\Spotify
2016-03-18 23:12 - 2015-03-05 19:27 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Spotify
2016-03-18 21:40 - 2015-12-20 10:18 - 00000000 ____D C:\Users\Péťa\AppData\Local\Adobe
2016-03-18 19:44 - 2015-04-09 15:46 - 00000000 ____D C:\Users\Péťa\Desktop\škola
2016-03-18 07:45 - 2015-12-29 10:47 - 00000000 ____D C:\Users\Péťa\Documents\ETS2MP
2016-03-17 22:22 - 2015-08-31 17:57 - 00000000 ____D C:\Users\Péťa\Desktop\fotky dovolena
2016-03-17 15:23 - 2015-01-12 20:28 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Dropbox
2016-03-16 20:16 - 2016-02-28 17:48 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\SimCity
2016-03-16 18:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-13 10:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-03-11 07:37 - 2013-08-22 16:44 - 05168544 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 21:45 - 2014-12-28 22:53 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 16:07 - 2014-12-26 20:54 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-10 16:07 - 2014-12-26 20:54 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 07:37 - 2015-01-08 16:47 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-10 07:37 - 2015-01-08 16:47 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-08 09:00 - 2015-11-14 09:49 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 09:00 - 2015-11-14 09:49 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-05 12:06 - 2015-08-23 10:04 - 00000000 ____D C:\Program Files\AMD
2016-03-05 12:00 - 2014-09-12 15:23 - 00000000 ____D C:\AMD
2016-03-04 17:54 - 2014-07-14 18:17 - 00000000 ____D C:\Windows\Panther
2016-03-04 17:51 - 2015-10-30 21:11 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-03 15:35 - 2015-01-05 17:40 - 00000000 ____D C:\Users\Péťa\AppData\Local\ftblauncher
2016-03-02 22:11 - 2014-12-26 18:58 - 00000000 ____D C:\Users\Péťa\AppData\Roaming\Adobe
2016-03-02 20:54 - 2015-03-20 15:14 - 00000000 ____D C:\Users\Péťa\Desktop\fotky

==================== Files in the root of some directories =======

2015-03-30 15:51 - 2015-04-08 14:13 - 0009662 _____ () C:\Users\Péťa\AppData\Roaming\em_64x64.ico
2015-03-22 18:46 - 2015-12-16 21:52 - 0000000 _____ () C:\Users\Péťa\AppData\Roaming\FileIn.cns
2015-03-22 18:46 - 2015-12-16 21:52 - 0000000 _____ () C:\Users\Péťa\AppData\Roaming\FileOut.cns
2015-10-01 18:37 - 2015-10-01 18:37 - 0000000 ___SH () C:\Users\Péťa\AppData\Local\LumaEmu
2016-02-25 17:41 - 2016-02-25 17:41 - 0006563 _____ () C:\Users\Péťa\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Péťa\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Péťa\AppData\Local\Temp\jansi-64-git-Spigot-550ebac-7019900-5602111438638948999.dll
C:\Users\Péťa\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-31 17:01

==================== End of FRST.txt ============================

[Zemos]

Přikládám ještě log z ADWCleaner

Kód: Vybrat vše

# AdwCleaner v5.025 - Logfile created 14/12/2015 at 14:23:36
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Péťa - PC-PETA
# Running from : C:\Users\Péťa\Downloads\adwcleaner_5.025.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\F02E86A01F2B578001972AA5A6BF125C
[-] Folder Deleted : C:\Users\Péťa\AppData\Roaming\Elex-tech

***** [ Files ] *****

[-] File Deleted : C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.spigotmc.org_0.localstorage
[-] File Deleted : C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.spigotmc.org_0.localstorage-journal
[-] File Deleted : C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hi.ru_0.localstorage
[-] File Deleted : C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hi.ru_0.localstorage-journal
[-] File Deleted : C:\Users\Péťa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk
[-] File Deleted : C:\Windows\SysNative\log\iSafeKrnlCall.log

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahlfahldnilidgnlikdckbfehhca
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahaeginbdcckocjkhbciadcafnep
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5429 bytes] ##########
# AdwCleaner v5.108 - Log soubor vytvořen 01/04/2016 o 20:34:06
# Aktualizováno 30/03/2016 by Xplode
# Databáze : 2016-03-30.1 [Server]
# Operační systém : Windows 8.1  (x64)
# Jméno uživatele : Péťa - PC-PETA
# Spuštěno z : C:\Users\Péťa\Downloads\adwcleaner_5.108.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****

[-] Složka smazáno : C:\Program Files\Booking.com

***** [ Soubory ] *****

[-] Soubor smazáno : C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] Soubor smazáno : C:\Users\Péťa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Public\Desktop\Booking.com.lnk

***** [ DLLs ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****

[-] Klávesa smazáno : HKU\S-1-5-21-621929646-1206955908-3885600500-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Installer\Features\D2A425F405350054677A7A857BC07100
[-] Hodnota smazáno : HKU\S-1-5-21-621929646-1206955908-3885600500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7195 bytes] - [14/12/2015 15:23:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [7021 bytes] - [14/12/2015 15:21:23]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7341 bytes] ##########

[altrok]

Krasny den Vam preju


Pozorujete na PC nejake konkretni problemy, ci jde pouze o preventivku?


V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).


Spustte MBAM -> zalozka History -> vlevo Application Logs -> tam pohledejte Scan Log -> pokud nejaky takovy bude, dvakrat na nej poklepejte -> Export a ulozte jako .txt


Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

[Zemos]

Je to jen preventivka.
Přikládám všechny tři logy, ale u MBAM jich bylo více, dal jsem ten nejnovější (4.4.2016)

[altrok]

Odinstalujte starou a zranitelnou verzi javy. Pokud javu potrebujete, pak v PC ponechte jen tu aktualni 8U74. Z hlediska bezpecnosti (exploity) je lepsi ji nemit. Zranitelne verze Javy, ktere v PC mate nainstalovane:

• Java 8 Update 66 (64-bit)
• Java 8 Update 66

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  File: C:\Windows\system32\invagent.dll
  HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
  HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Programy\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
  HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Clownfish] => [X]
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
  SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
  S3 WinRing0_1_2_0; \??\D:\Programy\Overwolf\0.92.229.0\OverwolfBenchmarking.sys [X]
  2016-04-04 19:12 - 2016-04-04 19:12 - 00001383 _____ C:\Users\Péťa\Desktop\MBAM.txt
  2016-04-01 20:31 - 2016-04-01 20:31 - 03102720 _____ C:\Users\Péťa\Downloads\adwcleaner_5.108.exe
  Task: {01A4BD9B-61FE-4196-91EC-C0847F038119} - \Software Update Application -> No File <==== ATTENTION
  Task: {376F5CEA-F8EA-40F6-8A5E-D540AD84D412} - System32\Tasks\{9EFE7FEF-9E84-4ECE-A641-02C826AF4E25} => pcalua.exe -a D:\Hry\trainsimulator\launcher.exe -d D:\Hry\trainsimulator -c -rungame
  Task: {B50BA45F-6AE9-4E27-B8F8-F0BB3C9D0D5E} - System32\Tasks\{3772D30A-1029-43C1-888C-02A36C767FD0} => pcalua.exe -a D:\Hry\Rollercoaster\RCT3.exe -d D:\Hry\Rollercoaster
  Task: {E69F2B0B-AA4F-4288-85D7-4EAE90CA904A} - \avastBCLRestartS-1-5-21-621929646-1206955908-3885600500-1001 -> No File <==== ATTENTION
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  FirewallRules: [TCP Query User{262238CC-038C-4440-9764-DCB316F71130}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
  FirewallRules: [UDP Query User{C94A22B7-6773-4DD2-9864-CF498EE020CA}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
  Hosts:
  EmptyTemp:
  End

[Zemos]

Po zadání se počítač restartoval jinak, než obvykle. Naskočila modrá obrazovka, kde byly nepravidelné bíle obdélníčky a mezi nimi se skrýval text Restartovat 20% atd. Po restartu naběhl úvod Acer a posléze černá obrazovka. cca 2 min. trvalo než se ukázalo přihlášení a poté dalších cca 5 min. než se načetla plocha.
Tady přikládám ten log:

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Péťa (2016-04-05 16:10:30) Run:1
Running from C:\Users\Péťa\Desktop
Loaded Profiles: Péťa (Available Profiles: Péťa & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\system32\invagent.dll
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Programy\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Clownfish] => [X]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
S3 WinRing0_1_2_0; \??\D:\Programy\Overwolf\0.92.229.0\OverwolfBenchmarking.sys [X]
2016-04-04 19:12 - 2016-04-04 19:12 - 00001383 _____ C:\Users\Péťa\Desktop\MBAM.txt
2016-04-01 20:31 - 2016-04-01 20:31 - 03102720 _____ C:\Users\Péťa\Downloads\adwcleaner_5.108.exe
Task: {01A4BD9B-61FE-4196-91EC-C0847F038119} - \Software Update Application -> No File <==== ATTENTION
Task: {376F5CEA-F8EA-40F6-8A5E-D540AD84D412} - System32\Tasks\{9EFE7FEF-9E84-4ECE-A641-02C826AF4E25} => pcalua.exe -a D:\Hry\trainsimulator\launcher.exe -d D:\Hry\trainsimulator -c -rungame
Task: {B50BA45F-6AE9-4E27-B8F8-F0BB3C9D0D5E} - System32\Tasks\{3772D30A-1029-43C1-888C-02A36C767FD0} => pcalua.exe -a D:\Hry\Rollercoaster\RCT3.exe -d D:\Hry\Rollercoaster
Task: {E69F2B0B-AA4F-4288-85D7-4EAE90CA904A} - \avastBCLRestartS-1-5-21-621929646-1206955908-3885600500-1001 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
FirewallRules: [TCP Query User{262238CC-038C-4440-9764-DCB316F71130}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{C94A22B7-6773-4DD2-9864-CF498EE020CA}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          

[altrok]

Toto je opravdu cely obsah fixlogu? Po dalsim restartu se pocitac chova v poradku? Pokud ne, obnovte pomoci bodu obnoveni PC ke stavu, ktery byl pri zahajeni skriptu vytvoren a vytvorte nove logy FRST.txt a Addition.txt.

[Zemos]

Ano, počítač nabíhá do minuty a log je celí. Pak tam jsou na konci jen NULL,NULL,NULL, co notepad nerozpozná

[altrok]

Slozku C:\WINDOWS\Minidump zkopirujte na plochu a nasledne tuto slozku zabalte do raru/zipu a upnete ji na leteckaposta.cz - link ke stazeni dejte do pristiho postu (pripadne muzete archiv k pristimu prispevku pridat jako prilohu).

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  File: C:\Windows\system32\invagent.dll
  HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
  HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Programy\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
  HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Clownfish] => [X]
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
  SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
  S3 WinRing0_1_2_0; \??\D:\Programy\Overwolf\0.92.229.0\OverwolfBenchmarking.sys [X]
  2016-04-04 19:12 - 2016-04-04 19:12 - 00001383 _____ C:\Users\Péťa\Desktop\MBAM.txt
  2016-04-01 20:31 - 2016-04-01 20:31 - 03102720 _____ C:\Users\Péťa\Downloads\adwcleaner_5.108.exe
  Task: {01A4BD9B-61FE-4196-91EC-C0847F038119} - \Software Update Application -> No File <==== ATTENTION
  Task: {376F5CEA-F8EA-40F6-8A5E-D540AD84D412} - System32\Tasks\{9EFE7FEF-9E84-4ECE-A641-02C826AF4E25} => pcalua.exe -a D:\Hry\trainsimulator\launcher.exe -d D:\Hry\trainsimulator -c -rungame
  Task: {B50BA45F-6AE9-4E27-B8F8-F0BB3C9D0D5E} - System32\Tasks\{3772D30A-1029-43C1-888C-02A36C767FD0} => pcalua.exe -a D:\Hry\Rollercoaster\RCT3.exe -d D:\Hry\Rollercoaster
  Task: {E69F2B0B-AA4F-4288-85D7-4EAE90CA904A} - \avastBCLRestartS-1-5-21-621929646-1206955908-3885600500-1001 -> No File <==== ATTENTION
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  FirewallRules: [TCP Query User{262238CC-038C-4440-9764-DCB316F71130}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
  FirewallRules: [UDP Query User{C94A22B7-6773-4DD2-9864-CF498EE020CA}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
  Hosts:
  EmptyTemp:
  End

[Zemos]

Přikládám tu složku do přílohy.
Zde je log:

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Péťa (2016-04-08 14:28:13) Run:2
Running from C:\Users\Péťa\Desktop
Loaded Profiles: Péťa (Available Profiles: Péťa & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
File: C:\Windows\system32\invagent.dll
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Programy\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\...\Run: [Clownfish] => [X]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-621929646-1206955908-3885600500-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
S3 WinRing0_1_2_0; \??\D:\Programy\Overwolf\0.92.229.0\OverwolfBenchmarking.sys [X]
2016-04-04 19:12 - 2016-04-04 19:12 - 00001383 _____ C:\Users\Péťa\Desktop\MBAM.txt
2016-04-01 20:31 - 2016-04-01 20:31 - 03102720 _____ C:\Users\Péťa\Downloads\adwcleaner_5.108.exe
Task: {01A4BD9B-61FE-4196-91EC-C0847F038119} - \Software Update Application -> No File <==== ATTENTION
Task: {376F5CEA-F8EA-40F6-8A5E-D540AD84D412} - System32\Tasks\{9EFE7FEF-9E84-4ECE-A641-02C826AF4E25} => pcalua.exe -a D:\Hry\trainsimulator\launcher.exe -d D:\Hry\trainsimulator -c -rungame
Task: {B50BA45F-6AE9-4E27-B8F8-F0BB3C9D0D5E} - System32\Tasks\{3772D30A-1029-43C1-888C-02A36C767FD0} => pcalua.exe -a D:\Hry\Rollercoaster\RCT3.exe -d D:\Hry\Rollercoaster
Task: {E69F2B0B-AA4F-4288-85D7-4EAE90CA904A} - \avastBCLRestartS-1-5-21-621929646-1206955908-3885600500-1001 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
FirewallRules: [TCP Query User{262238CC-038C-4440-9764-DCB316F71130}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{C94A22B7-6773-4DD2-9864-CF498EE020CA}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.

========================= File: C:\Windows\system32\invagent.dll ========================

File is digitally signed
MD5: 4A4C972237F6F087021AA0F43CD9B41D
Creation and modification date: 2016-03-09 15:30 - 2016-02-20 17:45
Size: 0696832
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: 
Original Name: 
Product: Operační systém Microsoft® Windows®
Description: Program Compatibility Data Updater
File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
Product Version: 6.3.9600.16384
Copyright: © Microsoft Corporation. Všechna práva vyhrazena.

====== End of File: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value removed successfully
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Clownfish => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-621929646-1206955908-3885600500-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-621929646-1206955908-3885600500-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. 
WinRing0_1_2_0 => service removed successfully
"C:\Users\Péťa\Desktop\MBAM.txt" => File/Folder not found.
"C:\Users\Péťa\Downloads\adwcleaner_5.108.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01A4BD9B-61FE-4196-91EC-C0847F038119}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01A4BD9B-61FE-4196-91EC-C0847F038119}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Update Application" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{376F5CEA-F8EA-40F6-8A5E-D540AD84D412}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{376F5CEA-F8EA-40F6-8A5E-D540AD84D412}" => key removed successfully
C:\Windows\System32\Tasks\{9EFE7FEF-9E84-4ECE-A641-02C826AF4E25} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9EFE7FEF-9E84-4ECE-A641-02C826AF4E25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B50BA45F-6AE9-4E27-B8F8-F0BB3C9D0D5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B50BA45F-6AE9-4E27-B8F8-F0BB3C9D0D5E}" => key removed successfully
C:\Windows\System32\Tasks\{3772D30A-1029-43C1-888C-02A36C767FD0} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3772D30A-1029-43C1-888C-02A36C767FD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E69F2B0B-AA4F-4288-85D7-4EAE90CA904A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E69F2B0B-AA4F-4288-85D7-4EAE90CA904A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-621929646-1206955908-3885600500-1001" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{262238CC-038C-4440-9764-DCB316F71130}C:\program files\java\jre7\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C94A22B7-6773-4DD2-9864-CF498EE020CA}C:\program files\java\jre7\bin\javaw.exe => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 996.3 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 14:29:17 ====

[altrok]

Dejte prosim nove logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

[Zemos]

Omlouvám se za pozdější odpověď. Logy jsou v příloze

[altrok]

Odinstalujte starou a zranitelnou verzi javy. Pokud javu potrebujete, pak v PC ponechte jen tu aktualni 8U77. Z hlediska bezpecnosti (exploity) je lepsi ji nemit. Zranitelne verze Javy, ktere v PC mate nainstalovane:

• Java 8 Update 66 (64-bit)
• Java 8 Update 66

Jine nesrovnalosti v logu jiz nevidim, takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.