Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

problem s malwarem (vyskakující okna v prohlížeči)

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
zdenka
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 14 dub 2016 20:30

problem s malwarem (vyskakující okna v prohlížeči)

#1 Příspěvek od zdenka »

Dobrý den, potřebovala bych poradit. V prohlížeči (chrome), mi často vyskakují okna s nevyžádanou reklamou, různé falešné soutěžní a výherní stránky. Tyto se také objevují po kliknutí na nějaký odkaz. Místo požadované stránky, na kterou odkaz směřoval se načte nějaký balast. Mohli byste mi, prosím, poradit jak toho zbavit? (snažila jsem se počítač vyčistit CCleanerem a Win. defenderem - obojí smazalo nějaký závadný software, nicméně problém přetrvává).

Logfile of random's system information tool 1.10 (written by random/random)
Run by Zdenka at 2016-04-14 21:25:18
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 349 GB (59%) free of 588 GB
Total RAM: 4030 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:25:26, on 14.4.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe
C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Zdenka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://un-stop.biz/wpad.dat?22a996bb3f3 ... a588854145
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3213;https=127.0.0.1:3213
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe
O4 - HKLM\..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{588C40A4-7334-4CD0-9FB0-9BB2C92B894A}: NameServer = 82.163.143.177,82.163.142.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{A22CCA76-6D0B-4BDC-B1A6-3D0A36C1AFAD}: NameServer = 82.163.143.177,82.163.142.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE10215E-90B6-44C8-B73F-E1F301C9A8A1}: NameServer = 82.163.143.177,82.163.142.179
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: BugreportW - Unknown owner - C:\Program Files (x86)\hohobnd\ghabuk.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Sosition Reports (SstrprSrv) - Unknown owner - C:\Program Files (x86)\Sosition\SstrprSrv.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 18327 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 21502016
\??\C:\windows\system32\conhost.exe "-2103151062-1022624637-1478915046894930005-201361662-36898754-6075238571404089770
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe"
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2580
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /c /a /s UserSession
taskeng.exe {94BA0055-2116-47A7-B20F-CDBFC7613268}
"C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe"
"C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
-Minimized
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\Samsung\PanelMgr\caller64.exe Samsung PanelMgr
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe" -Embedding
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\igfxext.exe -Embedding
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Connection Manager</Title><Text>Wi-Fi: Připojeno
Bluetooth®: Zapnuto
Síť LAN: Nepřipojeno</Text><IconPath>C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe</IconPath><ID>1</ID><Path>C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe</Path><Parameters>OpenMainWindow</Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\windows\system32\wuauclt.exe"
"C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe" -Embedding
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2661.75 --handshake-handle=0xcc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1404.0.466096277\1041291251" --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,10,12,15,24,53,71 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2342 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A7_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingIncidentReportingServiceFeatures/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="1404.2.513678562\1213116415" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A7_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingIncidentReportingServiceFeatures/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="1404.10.174420691\897129748" /prefetch:1

"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Zdenka\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job - C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\windows\tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job - C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job - C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job - C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\HPCeeScheduleForZDENKA-HP$.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForZDENKA-HP$ (null)
C:\windows\tasks\HPCeeScheduleForZdenka.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForZdenka (null)

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-04-07 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07 436192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31 210872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-01 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-07 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21 3853984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-01 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07 436192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe [2011-01-27 13880]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-04 2679592]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-01-07 615584]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-01-07 379040]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-03-31 167960]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-03-31 391704]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-03-31 418840]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30 144200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 134512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPQuickWebProxy]
c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-02-11 76344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MfeEpePcMonitor]
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [2011-02-09 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-02-01 656920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2012-04-07 296056]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2011-01-29 299576]
"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2011-02-07 12274688]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-01-26 283160]
"NUSB3MON"=c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"HP HD Webcam [Fixed]_Monitor"=C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [2010-11-26 267128]
"DTRun"=c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [2010-11-24 517456]
"HPConnectionManager"=c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2011-04-05 94264]
""= []
"Samsung PanelMgr"=C:\windows\Samsung\PanelMgr\ssmmgr.exe [2010-06-07 618496]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2011-06-15 307200]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-03-07 335232]

C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-03-26 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=EpePcNp64
DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-14 21:25:19 ----D---- C:\Program Files\trend micro
2016-04-14 21:25:18 ----D---- C:\rsit
2016-04-14 20:33:35 ----N---- C:\windows\system32\MpSigStub.exe
2016-04-14 09:00:42 ----D---- C:\Users\Zdenka\AppData\Roaming\SpringFiles
2016-04-14 08:59:16 ----D---- C:\Program Files (x86)\Google
2016-04-14 08:59:02 ----D---- C:\extensions
2016-04-14 08:58:54 ----D---- C:\ProgramData\LuckyBrowse
2016-04-14 08:58:54 ----D---- C:\Program Files (x86)\LuckyBrowse
2016-04-14 08:58:47 ----D---- C:\Program Files (x86)\Sosition
2016-04-14 08:58:47 ----D---- C:\Program Files (x86)\hohobnd
2016-04-14 08:58:28 ----D---- C:\ProgramData\d6184b0d-4ca7-1
2016-04-14 08:58:28 ----D---- C:\ProgramData\d6184b0d-2fe5-0

======List of files/folders modified in the last 1 month======

2016-04-14 21:25:20 ----D---- C:\windows\Temp
2016-04-14 21:25:19 ----RD---- C:\Program Files
2016-04-14 20:54:54 ----D---- C:\windows\inf
2016-04-14 20:54:54 ----D---- C:\Windows
2016-04-14 20:48:26 ----D---- C:\ProgramData\FlexiblleeShopper
2016-04-14 20:48:20 ----SHD---- C:\System Volume Information
2016-04-14 20:43:56 ----D---- C:\windows\system32\config
2016-04-14 20:40:08 ----D---- C:\windows\system32\Tasks
2016-04-14 20:39:51 ----HD---- C:\ProgramData
2016-04-14 20:33:35 ----D---- C:\windows\System32
2016-04-14 16:55:03 ----SHD---- C:\windows\Installer
2016-04-14 16:51:25 ----RD---- C:\Program Files (x86)
2016-04-14 16:50:16 ----D---- C:\windows\Tasks
2016-04-14 16:49:58 ----D---- C:\Program Files (x86)\Opera
2016-04-14 16:48:33 ----A---- C:\windows\system32\PerfStringBackup.INI
2016-04-14 16:45:39 ----D---- C:\Users\Zdenka\AppData\Roaming\Dropbox
2016-04-14 16:43:55 ----A---- C:\windows\SYSWOW64\log.txt
2016-04-14 16:42:02 ----D---- C:\ProgramData\PDFC
2016-04-14 16:41:53 ----D---- C:\ProgramData\HPQLOG
2016-04-14 09:34:45 ----D---- C:\windows\Prefetch
2016-04-14 09:22:32 ----D---- C:\Program Files (x86)\Common Files
2016-04-14 09:00:53 ----D---- C:\windows\system32\GroupPolicy
2016-04-08 19:18:31 ----D---- C:\windows\SysWOW64
2016-04-08 19:18:29 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2016-04-07 23:23:43 ----D---- C:\ProgramData\Norton
2016-03-28 18:46:46 ----D---- C:\windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2011-01-27 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-13 439320]
R0 MfeEpePc;MfeEpePc; C:\windows\system32\drivers\MfeEpePc.sys [2011-02-09 168008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-10-15 1155704]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-11-09 482936]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111111.030\IDSvia64.sys [2011-09-12 488568]
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2011-06-15 93240]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [2011-03-31 40568]
R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2011-01-27 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2011-01-08 2698240]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-12-03 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-03-26 12262336]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 406632]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2011-01-12 2611704]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\windows\system32\DRIVERS\stwrt64.sys [2011-01-27 520192]
R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2011-09-13 174200]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-04 1413680]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 asvpndrv;Astrill SSL VPN Adapter; C:\windows\system32\DRIVERS\asvpndrv.sys [2012-02-29 31744]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111111.036\ENG64.SYS [2011-09-13 117880]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111111.036\EX64.SYS [2011-09-13 2048632]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [2011-03-31 744568]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2011-02-12 481104]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-12-10 126520]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-29 281656]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2011-01-27 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-01-17 326168]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2011-01-27 296448]
R2 uArcCapture;ArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
R3 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
R3 hpCMSrv;HP Connection Manager 4 Service; c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-29 799800]
S2 BugreportW;BugreportW; C:\Program Files (x86)\hohobnd\ghabuk.exe [2016-04-14 989760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S2 SstrprSrv;Sosition Reports; C:\Program Files (x86)\Sosition\SstrprSrv.exe [2016-04-14 310360]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2011-02-04 464480]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-10-04 655624]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2010-09-30 246520]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-07-25 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-09-15 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: problem s malwarem (vyskakující okna v prohlížeči)

#2 Příspěvek od altrok »

Krasny den Vam preju :bye:


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Cleaning
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
zdenka
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 14 dub 2016 20:30

Re: problem s malwarem (vyskakující okna v prohlížeči)

#3 Příspěvek od zdenka »

# AdwCleaner v5.111 - Log soubor vytvořen 14/04/2016 o 22:47:38
# Aktualizováno 14/04/2016 by Xplode
# Databáze : 2016-04-11.4 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Jméno uživatele : Zdenka - ZDENKA-HP
# Spuštěno z : C:\Users\Zdenka\Downloads\adwcleaner_5.111.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

[-] Služba smazáno : BugreportW

***** [ Složky ] *****

[-] Složka smazáno : C:\Program Files (x86)\LuckyBrowse
[-] Složka smazáno : C:\ProgramData\LuckyBrowse
[-] Složka smazáno : C:\ProgramData\818c48adba2e7914
[-] Složka smazáno : C:\ProgramData\d6184b0d-2fe5-0
[-] Složka smazáno : C:\ProgramData\d6184b0d-4ca7-1
[-] Složka smazáno : C:\ProgramData\FlexiblleeShopper
[#] Složka smazáno : C:\ProgramData\Application Data\LuckyBrowse
[#] Složka smazáno : C:\ProgramData\Application Data\818c48adba2e7914
[#] Složka smazáno : C:\ProgramData\Application Data\d6184b0d-2fe5-0
[#] Složka smazáno : C:\ProgramData\Application Data\d6184b0d-4ca7-1
[#] Složka smazáno : C:\ProgramData\Application Data\FlexiblleeShopper
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
[-] Složka smazáno : C:\Users\Zdenka\AppData\Local\FileViewPro
[-] Složka smazáno : C:\Users\Zdenka\AppData\Roaming\Solvusoft
[-] Složka smazáno : C:\Users\Zdenka\AppData\Roaming\SpringFiles
[-] Složka smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkngndnaapockfepbpokeainjpmhlfbh

***** [ Soubory ] *****

[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_dkngndnaapockfepbpokeainjpmhlfbh_0.localstorage
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_dkngndnaapockfepbpokeainjpmhlfbh_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\dkngndnaapockfepbpokeainjpmhlfbh
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
[-] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
[#] Soubor smazáno : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
[-] Soubor smazáno : C:\windows\SysNative\roboot64.exe

***** [ DLLs ] *****


***** [ Zástupci ] *****

[-] Zástupce odvirováno : C:\Users\Public\Desktop\Opera.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Zástupce odvirováno : C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce odvirováno : C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce odvirováno : C:\Users\Zdenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce odvirováno : C:\Users\Zdenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk

***** [ Naplánované úkoly ] *****

[-] Úkol smazáno : LuckyBrowse

***** [ Registr ] *****

[-] Klávesa smazáno : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Klávesa smazáno : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klávesa smazáno : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Klávesa smazáno : HKCU\Software\APN PIP
[-] Klávesa smazáno : HKCU\Software\BI
[-] Klávesa smazáno : HKCU\Software\Conduit
[-] Klávesa smazáno : HKCU\Software\Video Player
[-] Klávesa smazáno : HKCU\Software\SrpnFiles
[-] Klávesa smazáno : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Klávesa smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Klávesa smazáno : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Klávesa smazáno : HKLM\SOFTWARE\Conduit
[-] Klávesa smazáno : HKLM\SOFTWARE\LuckyBrowse
[-] Klávesa smazáno : HKLM\SOFTWARE\hohosearchSoftware
[-] Klávesa smazáno : HKLM\SOFTWARE\SrpnFiles
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE139F4C-CE5B-121A-8A2D-191FA2226094}
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Klávesa smazáno : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Klávesa smazáno : HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Klávesa smazáno : HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Hodnota smazáno : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{991E6B61-793E-4F77-84D0-E41AEA279B7B}]
[-] Hodnota smazáno : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1B344799-ED2C-49A6-B21E-520DC46199EA}]
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Data Obnoveno : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{588C40A4-7334-4CD0-9FB0-9BB2C92B894A} [NameServer]
[-] Data Obnoveno : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A22CCA76-6D0B-4BDC-B1A6-3D0A36C1AFAD} [NameServer]
[-] Data Obnoveno : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{AE10215E-90B6-44C8-B73F-E1F301C9A8A1} [NameServer]

***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
:: Chrome preferences reset : C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default
:: Chrome preferences reset : C:\Users\Zdenka\AppData\Local\Chromium\User Data\Default
:: Chrome preferences reset : C:\Users\Zdenka\AppData\Roaming\Opera Software\Opera Stable

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [10928 bytes] - [14/04/2016 22:47:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [11880 bytes] - [14/04/2016 22:45:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11076 bytes] ##########
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: problem s malwarem (vyskakující okna v prohlížeči)

#4 Příspěvek od altrok »

:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
zdenka
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 14 dub 2016 20:30

Re: problem s malwarem (vyskakující okna v prohlížeči)

#5 Příspěvek od zdenka »

Zde je log FRST a Addition. Moc Vám děkuji za rady a pomoc! :)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Zdenka (administrator) on ZDENKA-HP (15-04-2016 16:45:52)
Running from C:\Users\Zdenka\Downloads
Loaded Profiles: Zdenka (Available Profiles: Zdenka)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-07] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-07] (Atheros Commnucations)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] => C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\Run: [Google Update] => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2012-09-17]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1435834558-3399890420-224863321-1001] => http=127.0.0.1:3213;https=127.0.0.1:3213
AutoConfigURL: [S-1-5-21-1435834558-3399890420-224863321-1001] => hxxp://un-stop.biz/wpad.dat?22a996bb3f318a33b1358790c3fc7a588854145
Winsock: Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224 2012-01-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 08 C:\windows\SysWOW64\mswsock.dll [231424 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 09 C:\windows\SysWOW64\winrnr.dll [20992 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{588C40A4-7334-4CD0-9FB0-9BB2C92B894A}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{AE10215E-90B6-44C8-B73F-E1F301C9A8A1}: [DhcpNameServer] 58.17.39.219 218.87.6.206 210.35.207.8
ManualProxies: 0hxxp://un-stop.biz/wpad.dat?22a996bb3f318a33b1358790c3fc7a588854145

Internet Explorer:
==================
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131051333067331080&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDF
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> DefaultScope {80AE6209-510D-40E5-843F-33B01D421721} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> {80AE6209-510D-40E5-843F-33B01D421721} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> {CA881421-2F2D-439B-A02F-D4E4C0E15CCE} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-04-07] (RealPlayer)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-01] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-07] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-01] (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1435834558-3399890420-224863321-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Zdenka\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1435834558-3399890420-224863321-1001: @talk.google.com/O1DPlugin -> C:\Users\Zdenka\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1435834558-3399890420-224863321-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Zdenka\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1435834558-3399890420-224863321-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Zdenka\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Zdenka\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Zdenka\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2011-09-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2016-04-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-05-28] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-14]
CHR Extension: (Dokumenty Google) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-14]
CHR Extension: (Disk Google) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-14]
CHR Extension: (YouTube) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-14]
CHR Extension: (Tabulky Google) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-14]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2016-04-14]
CHR Extension: (ICBCChromeExtension) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2016-04-14]
CHR Extension: (Skype) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Gmail) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-14]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-04-07]
CHR HKLM-x32\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2012-11-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-09-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S2 SstrprSrv; C:\Program Files (x86)\Sosition\SstrprSrv.exe [310360 2016-04-14] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [1155704 2011-10-15] (Symantec Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-11-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111111.030\IDSvia64.sys [488568 2011-09-12] (Symantec Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111111.036\ENG64.SYS [117880 2011-09-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111111.036\EX64.SYS [2048632 2011-09-13] (Symantec Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2611704 2011-01-12] (Sunplus Technology)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
S2 SSPORT; C:\windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-15 16:45 - 2016-04-15 16:47 - 00030687 _____ C:\Users\Zdenka\Downloads\FRST.txt
2016-04-15 16:45 - 2016-04-15 16:45 - 00000000 ____D C:\FRST
2016-04-15 16:44 - 2016-04-15 16:44 - 02375168 _____ (Farbar) C:\Users\Zdenka\Downloads\FRST64.exe
2016-04-14 22:44 - 2016-04-14 22:47 - 00000000 ____D C:\AdwCleaner
2016-04-14 22:44 - 2016-04-14 22:44 - 03670016 _____ C:\Users\Zdenka\Downloads\adwcleaner_5.111.exe
2016-04-14 21:25 - 2016-04-14 21:25 - 01222144 _____ C:\Users\Zdenka\Downloads\RSITx64.exe
2016-04-14 21:25 - 2016-04-14 21:25 - 00000000 ____D C:\rsit
2016-04-14 21:25 - 2016-04-14 21:25 - 00000000 ____D C:\Program Files\trend micro
2016-04-14 21:23 - 2016-04-14 21:23 - 00112107 _____ (forum.viry.cz) C:\Users\Zdenka\Downloads\Nepotvrzeno 465056.crdownload
2016-04-14 20:33 - 2016-04-06 10:18 - 00453280 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-14 16:51 - 2016-04-14 16:51 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-14 16:51 - 2016-04-14 16:51 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-14 16:50 - 2016-04-15 16:37 - 00000952 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 16:50 - 2016-04-14 23:06 - 00000948 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 16:50 - 2016-04-14 16:50 - 00987728 _____ (Google Inc.) C:\Users\Zdenka\Downloads\ChromeSetup.exe
2016-04-14 16:50 - 2016-04-14 16:50 - 00003948 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-14 16:50 - 2016-04-14 16:50 - 00003696 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-14 09:34 - 2016-04-14 09:34 - 00000476 __RSH C:\ProgramData\ntuser.pol
2016-04-14 09:25 - 2016-04-14 09:26 - 00000000 ____D C:\Users\Zdenka\Desktop\čína 2016
2016-04-14 09:00 - 2016-04-14 09:05 - 00000000 ____D C:\Users\Zdenka\AppData\Local\Chromium
2016-04-14 08:59 - 2016-04-14 16:51 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-14 08:59 - 2016-04-14 09:05 - 00000000 ____D C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-14 08:59 - 2016-04-14 08:59 - 00014634 _____ C:\windows\System32\Tasks\Sosition Reports
2016-04-14 08:59 - 2016-04-14 08:59 - 00000000 ____D C:\extensions
2016-04-14 08:58 - 2016-04-14 09:31 - 00000000 ____D C:\Program Files (x86)\hohobnd
2016-04-14 08:58 - 2016-04-14 08:58 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-14 08:58 - 2016-04-14 08:58 - 00000000 ____D C:\Program Files (x86)\Sosition
2016-04-14 08:57 - 2016-04-14 08:57 - 03910424 _____ (Zurumbia Incorpatated) C:\Users\Zdenka\Downloads\New_Practical_Chinese_Reader_3_Textbook_downloader.exe
2016-04-07 22:26 - 2016-04-07 22:26 - 06609843 _____ C:\Users\Zdenka\Desktop\NewPracticalChineseReader-vol3_Workbook.pdf
2016-04-04 22:40 - 2016-04-10 01:09 - 00000958 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-04 22:40 - 2016-04-08 19:18 - 00003956 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-03 23:37 - 2016-04-03 23:37 - 02436568 _____ C:\Users\Zdenka\Downloads\FormApps_Signing_Extension.exe
2016-04-03 23:24 - 2016-04-03 23:24 - 00001282 _____ C:\Users\Zdenka\Downloads\xdp-osvc-2013.xdp
2016-03-30 22:00 - 2016-03-30 22:01 - 55412736 _____ C:\Users\Zdenka\Downloads\FontPack1500720033_XtdAlf_Lang_DC.msi
2016-03-28 18:09 - 2016-03-28 18:10 - 07928604 _____ C:\Users\Zdenka\Downloads\docslide.us_npcr-3pdf.pdf
2016-03-21 19:12 - 2016-03-21 19:12 - 00000000 ____D C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-18 17:20 - 2016-03-18 17:21 - 00765753 _____ C:\Users\Zdenka\Downloads\227588.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-15 16:38 - 2015-06-16 19:05 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job
2016-04-15 16:38 - 2011-09-13 15:28 - 00000966 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job
2016-04-15 16:37 - 2013-02-28 15:21 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-15 16:36 - 2011-08-23 16:15 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-04-14 23:16 - 2015-06-16 19:04 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job
2016-04-14 23:07 - 2013-04-09 16:06 - 00000000 ___RD C:\Users\Zdenka\Dropbox
2016-04-14 23:07 - 2013-04-09 15:54 - 00000000 ____D C:\Users\Zdenka\AppData\Roaming\Dropbox
2016-04-14 23:02 - 2009-07-14 06:45 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 23:02 - 2009-07-14 06:45 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 22:57 - 2015-08-19 21:48 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-04-14 22:54 - 2011-05-12 02:05 - 00000000 ____D C:\ProgramData\PDFC
2016-04-14 22:54 - 2011-05-12 02:01 - 00000000 ____D C:\ProgramData\HPQLOG
2016-04-14 22:54 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf
2016-04-14 22:53 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-14 22:53 - 2009-07-14 06:45 - 00417312 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-14 22:47 - 2015-05-27 16:34 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-14 22:47 - 2015-05-27 16:34 - 00000982 _____ C:\Users\Public\Desktop\Opera.lnk
2016-04-14 22:47 - 2011-09-12 19:30 - 00000971 _____ C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-14 21:13 - 2011-09-13 15:28 - 00000914 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job
2016-04-14 20:28 - 2012-05-13 09:01 - 00000000 ____D C:\Users\Zdenka\Desktop\zálohy registrů
2016-04-14 16:49 - 2015-05-27 16:34 - 00003848 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1432737268
2016-04-14 16:49 - 2015-05-27 16:33 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-14 16:48 - 2011-05-12 02:04 - 00670908 _____ C:\windows\system32\perfh005.dat
2016-04-14 16:48 - 2011-05-12 02:04 - 00142488 _____ C:\windows\system32\perfc005.dat
2016-04-14 16:48 - 2009-07-14 07:13 - 01584554 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-14 09:25 - 2015-10-07 10:58 - 00000000 ____D C:\Users\Zdenka\Desktop\literární seminář čínská povídka andrš
2016-04-14 09:25 - 2014-10-13 11:48 - 00000000 ___RD C:\Users\Zdenka\Desktop\SINO
2016-04-14 09:25 - 2011-09-25 10:38 - 00000000 ____D C:\Users\Zdenka\Desktop\work
2016-04-14 09:12 - 2012-02-27 13:34 - 00000000 ____D C:\Users\Zdenka\AppData\Local\CrashDumps
2016-04-14 09:00 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\GroupPolicy
2016-04-13 20:26 - 2012-03-07 14:39 - 00003192 _____ C:\windows\System32\Tasks\HPCeeScheduleForZdenka
2016-04-13 20:26 - 2012-03-07 14:39 - 00000336 _____ C:\windows\Tasks\HPCeeScheduleForZdenka.job
2016-04-11 20:06 - 2011-09-24 11:53 - 00003220 _____ C:\windows\System32\Tasks\HPCeeScheduleForZDENKA-HP$
2016-04-11 20:06 - 2011-09-24 11:53 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForZDENKA-HP$.job
2016-04-08 19:18 - 2013-02-28 15:21 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 19:18 - 2013-02-28 15:21 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 19:18 - 2013-02-28 15:21 - 00003852 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 23:23 - 2011-08-23 16:24 - 00000000 ____D C:\ProgramData\Norton
2016-04-04 22:48 - 2012-03-27 09:52 - 00000000 ____D C:\Users\Zdenka\AppData\Local\Adobe
2016-03-30 20:29 - 2015-10-07 10:55 - 00000000 ____D C:\Users\Zdenka\Desktop\klasická čínština
2016-03-28 18:46 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF

==================== Files in the root of some directories =======

2011-09-24 12:20 - 2011-09-24 12:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-06-09 07:38 - 2013-06-09 07:39 - 0213328 _____ () C:\ProgramData\TestPreferences

Some files in TEMP:
====================
C:\Users\Zdenka\AppData\Local\Temp\FdD8gYlvpY.exe
C:\Users\Zdenka\AppData\Local\Temp\gXlh6UYQaA.exe
C:\Users\Zdenka\AppData\Local\Temp\hibEB71.exe
C:\Users\Zdenka\AppData\Local\Temp\iNGWo7S6OZ.exe
C:\Users\Zdenka\AppData\Local\Temp\libeay32.dll
C:\Users\Zdenka\AppData\Local\Temp\msvcr120.dll
C:\Users\Zdenka\AppData\Local\Temp\PfmGerG2bB.exe
C:\Users\Zdenka\AppData\Local\Temp\sqlite3.dll
C:\Users\Zdenka\AppData\Local\Temp\tmp91AE.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-08 21:39

==================== End of FRST.txt ============================


Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Zdenka (2016-04-15 16:48:06)
Running from C:\Users\Zdenka\Downloads
Windows 7 Professional Service Pack 1 (X64) (2011-09-12 17:18:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1435834558-3399890420-224863321-500 - Administrator - Disabled)
Guest (S-1-5-21-1435834558-3399890420-224863321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1435834558-3399890420-224863321-1003 - Limited - Enabled)
Zdenka (S-1-5-21-1435834558-3399890420-224863321-1001 - Administrator - Enabled) => C:\Users\Zdenka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.57.1051 - Webteh, d.o.o.)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HD Webcam [Fixed] (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.3.4.07 - SunplusIT)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}) (Version: 5.2.3.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ICBCChromeExtension (HKLM-x32\...\{3561742A-2478-4FAB-A44B-38A26E1FE14F}) (Version: 1.0.1.4 - ICBC) <==== ATTENTION
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MKV Player 2.0 (HKLM-x32\...\MKV Player_is1) (Version: - vsevensoft.com)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.33 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: - RealNetworks)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8312 - Skype Technologies S.A.)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Údržba Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version: - Samsung Electronics Co., Ltd.)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Zdenka\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Zdenka\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F80A18F-9572-42E3-B272-837ABDEFB3E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2016-04-12] (Microsoft)
Task: {136899AE-2706-405B-A16D-B8BBFD92EC3D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1435834558-3399890420-224863321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {1502997B-CCD1-4321-973C-D0EBCD4B71D1} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {2102BEAA-6675-4C9F-8CC4-C74D4AF54BB4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-10] (Hewlett-Packard Company)
Task: {304A5450-A583-4B42-82C9-51048738130A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
Task: {329979D7-6900-407F-8E91-14B90C296DED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {412E9D77-B202-4B9D-A67B-B883A48D184E} - System32\Tasks\HPCeeScheduleForZdenka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5C6D2C7B-F668-4068-92FE-67AB0719EFBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-10] (Hewlett-Packard Company)
Task: {5FFBED6A-BA96-4124-96E9-5D30AE6F8E56} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1435834558-3399890420-224863321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {7305D3CA-00BA-49CC-B3E5-978E9D11CC83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
Task: {77A98B80-BA28-41EE-98CD-C141CB09D08F} - System32\Tasks\Sosition Reports => C:\Program Files (x86)\Sosition\SstrprTsk.exe [2016-04-14] ()
Task: {7EB63894-5248-4947-8A3A-09331AC31FB3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {7F0D6699-1833-47E1-8C2A-1752D4D30043} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
Task: {7F2B03F9-1C01-4CE8-9500-0B276AAD3C07} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8DC69858-B565-4D01-B258-B7E5C1204574} - System32\Tasks\{A7DB6B32-79EB-4262-8876-00DFD18FE4AC} => pcalua.exe -a C:\Users\Zdenka\Desktop\Rosetta.Stone\RosettaStoneSetup.exe -d C:\Users\Zdenka\Desktop\Rosetta.Stone
Task: {9DCCBD29-B188-40D6-941A-AF9E353D604C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {BC4AE030-7BA3-45FA-A88C-2BB9DD58D336} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {BE8EB6B9-A6E3-46B0-BBED-7B4C61757B7D} - System32\Tasks\HPCeeScheduleForZDENKA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {C3B03923-E7FB-465B-9846-71EC2A4F1F24} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {C620CAF9-C4F9-4959-A6FA-7A9FDF7BD877} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C764B549-E565-4627-AAD6-EBE7AC928999} - System32\Tasks\Opera scheduled Autoupdate 1432737268 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {E4219423-A76B-4AFC-BA1A-80C0677A5B97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2016-04-12] (Microsoft)
Task: {EBC4B0AE-79C9-4A01-B3DA-E52AEEF14B9E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {FAF1A6B7-1162-457C-9F90-66AE3D065814} - System32\Tasks\{CA38A947-594B-434F-BBC1-0E624362ADAA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-10-14] (Skype Technologies S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForZDENKA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForZdenka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-09-13 16:43 - 2009-08-10 09:08 - 00027648 _____ () C:\windows\System32\ssp7ml6.dll
2011-01-31 20:54 - 2011-01-31 20:54 - 00107008 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 21:04 - 2011-02-09 21:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2011-02-09 20:27 - 2011-02-09 20:27 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-02-09 20:28 - 2011-02-09 20:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2011-05-12 02:07 - 2011-01-27 02:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-27 03:14 - 2011-01-27 03:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-26 05:28 - 2011-03-26 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-26 13:31 - 2010-11-26 13:31 - 00267128 _____ () C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
2011-09-13 16:42 - 2010-06-07 12:35 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2010-06-24 12:21 - 2010-06-24 12:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2011-09-13 16:42 - 2009-07-29 12:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2011-01-27 03:13 - 2011-01-27 03:13 - 00080440 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00047160 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2011-02-09 20:48 - 2011-02-09 20:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 20:27 - 2011-02-09 20:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 20:51 - 2011-02-09 20:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 20:29 - 2011-02-09 20:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 20:30 - 2011-02-09 20:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-08-14 21:33 - 2014-08-14 21:33 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1e70f9aada009e40c4f131cfdbe52126\IsdiInterop.ni.dll
2011-08-23 16:06 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-12-12 23:26 - 2016-02-23 20:19 - 00034768 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-03-21 19:12 - 2016-02-23 20:20 - 00019408 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-03-21 19:12 - 2016-02-23 20:19 - 00116688 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 23:26 - 2016-02-23 20:19 - 00093640 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 23:26 - 2016-02-23 20:19 - 00018376 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 23:26 - 2016-03-12 02:18 - 00019760 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00105928 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-03-21 19:12 - 2016-02-23 20:19 - 00392144 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 23:26 - 2016-03-12 02:18 - 00381752 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 23:26 - 2016-02-23 20:19 - 00692688 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00020816 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 23:26 - 2016-02-23 20:20 - 00112592 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 01682760 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00020808 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 23:26 - 2016-03-12 02:18 - 00020800 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 23:26 - 2016-03-12 02:18 - 00021840 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00038696 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-03-21 19:12 - 2016-02-23 20:21 - 00020936 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00024528 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00114640 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00124880 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-20 18:57 - 2016-03-12 02:18 - 00021832 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00024016 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00175560 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00030160 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00043472 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00028616 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00048592 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00026456 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00057808 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00024016 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00117056 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00024392 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-03-21 19:12 - 2016-02-23 20:21 - 00036296 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 23:26 - 2016-03-12 02:18 - 00023376 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 23:26 - 2016-02-23 20:19 - 00134608 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-03-21 19:12 - 2016-02-23 20:19 - 00134088 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-03-21 19:12 - 2016-02-23 20:20 - 00240584 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00052024 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-20 18:57 - 2016-03-12 02:18 - 00020800 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-20 18:57 - 2016-03-12 02:18 - 00021824 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-20 18:57 - 2016-03-12 02:18 - 00019776 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-20 18:57 - 2016-03-12 02:18 - 00020800 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00020280 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 23:26 - 2016-02-23 20:21 - 00350152 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-20 18:57 - 2016-03-12 02:18 - 00022352 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00084792 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-03-21 19:12 - 2016-03-12 02:18 - 01826096 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 23:26 - 2016-02-23 20:20 - 00083912 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\sip.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 03928880 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 01971504 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00531248 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00132912 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00223544 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00207672 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00158008 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00042808 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-03-21 19:12 - 2016-02-23 20:23 - 00017864 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-03-21 19:12 - 2016-02-23 20:23 - 01631184 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 23:26 - 2016-03-12 02:18 - 00024904 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00546096 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-03-21 19:12 - 2016-03-12 02:18 - 00357680 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-10-20 22:34 - 2016-02-23 20:25 - 00697304 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2010-06-24 12:19 - 2010-06-24 12:19 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-14 16:51 - 2016-04-13 10:37 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libglesv2.dll
2016-04-14 16:51 - 2016-04-13 10:36 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\mojebanka.cz -> hxxps://www.mojebanka.cz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1435834558-3399890420-224863321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Dropbox Update => "C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{26BF4BD7-019E-4B1F-8E41-CAB70586A44A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E8D16D2C-1296-483B-AAFD-4CD58A6DCB27}] => (Allow) LPort=2869
FirewallRules: [{915EDE72-61AA-4668-B29E-D43DBEEF312E}] => (Allow) LPort=1900
FirewallRules: [{F09D0B13-139F-4163-9662-DD458D7C44D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A7A37516-8B3E-425E-9F93-3544B5A49EE7}] => (Allow) C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7AB5FA31-AFF9-46A5-9874-4CE8AB6B4B13}] => (Allow) C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{AE346BCA-BC09-4BCE-BC8A-8DB22DA5C2B8}C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FC2FEFDC-1D84-4077-9DB6-5FB3F1CDF1A6}C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{09EA4EA5-5AC2-4912-8DB9-B3247A904ED8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-03-2016 10:29:48 Naplánovaný kontrolní bod
20-03-2016 00:06:18 Naplánovaný kontrolní bod
28-03-2016 14:52:39 Naplánovaný kontrolní bod
03-04-2016 23:37:58 Nainstalováno FormApps Signing Extension.
13-04-2016 12:17:17 Naplánovaný kontrolní bod
14-04-2016 20:32:57 Windows Update
14-04-2016 20:39:24 Chrome Cleanup Tool
14-04-2016 20:48:06 Windows Defender Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2016 10:54:38 PM) (Source: XobniService) (EventID: 0) (User: )
Description: Službu nelze spustit. Neplatný popisovač

Error: (04/14/2016 10:47:50 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4700} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Služba Windows Search neotevřela úložiště vlastností databázového stroje Jet.

Podrobnosti:
0x%08x (0xc0041800 - Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800))


System errors:
=============
Error: (04/15/2016 04:47:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f081f): Windows Update Core.

Error: (04/14/2016 10:54:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (04/14/2016 10:53:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (04/14/2016 10:49:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\windows\system32\athihvs.dll

Error: (04/14/2016 10:49:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\windows\system32\athihvs.dll

Error: (04/14/2016 10:49:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\windows\system32\athihvs.dll

Error: (04/14/2016 10:48:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
%%1056

Error: (04/14/2016 10:47:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (04/14/2016 10:47:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-1073473535, specifickou pro službu.

Error: (04/14/2016 10:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Connection Manager 4 Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 66%
Total physical RAM: 4030.37 MB
Available physical RAM: 1342.91 MB
Total Virtual: 8058.91 MB
Available Virtual: 4814.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:573.96 GB) (Free:340.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.92 GB) (Free:2.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: C2E30232)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=574 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: problem s malwarem (vyskakující okna v prohlížeči)

#6 Příspěvek od altrok »

:arrow: Doinstalujte dulezite aktualizace operacniho systemu, ktere Microsoft 12.4. uvolnil.



:arrow: Odinstalujte starou a zranitelnou verzi javy. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit. Aktualni je 8U77. Verze Javy, ktere v PC mate nainstalovane:

  • Java 8 Update 40



:arrow: Odinstalujte

:arrow: Otestujte na virustotal.com C:\Program Files (x86)\Sosition\SstrprSrv.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\Run: [Google Update] => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\MountPoints2: D - D:\SETUP.EXE
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (ICBCChromeExtension) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2016-04-14]
CHR HKLM-x32\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2012-11-15]
File: C:\Program Files (x86)\Sosition\SstrprSrv.exe
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [X]
2016-04-15 16:45 - 2016-04-15 16:47 - 00030687 _____ C:\Users\Zdenka\Downloads\FRST.txt
2016-04-14 22:44 - 2016-04-14 22:47 - 00000000 ____D C:\AdwCleaner
2016-04-14 22:44 - 2016-04-14 22:44 - 03670016 _____ C:\Users\Zdenka\Downloads\adwcleaner_5.111.exe
2016-04-14 21:25 - 2016-04-14 21:25 - 01222144 _____ C:\Users\Zdenka\Downloads\RSITx64.exe
2016-04-14 21:25 - 2016-04-14 21:25 - 00000000 ____D C:\rsit
2016-04-14 21:25 - 2016-04-14 21:25 - 00000000 ____D C:\Program Files\trend micro
Folder: C:\windows\System32\Tasks\Sosition Reports
Folder: C:\extensions
Folder: C:\Program Files (x86)\hohobnd
Folder: C:\Users\Public\Documents\dmp
Folder: C:\Program Files (x86)\Sosition
Folder: C:\ProgramData\PDFC
Folder: C:\ProgramData\HPQLOG
2011-09-24 12:20 - 2011-09-24 12:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
File: C:\ProgramData\TestPreferences
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForZDENKA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
zdenka
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 14 dub 2016 20:30

Re: problem s malwarem (vyskakující okna v prohlížeči)

#7 Příspěvek od zdenka »

Odinstalovala jsem Javu i Skype Click to Call.

Podle windows update jsem nainstalovala nejnovější aktualizaci. (jen myslím, že nebyla z 12.4 - protože z 12.4 jsem je našla jen pro Win10 a já mám Win7)

https://virustotal.com/cs/file/23f99a36 ... 460738538/

a zde je fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Zdenka (2016-04-15 18:30:31) Run:1
Running from C:\Users\Zdenka\Desktop
Loaded Profiles: Zdenka (Available Profiles: Zdenka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\Run: [Google Update] => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\MountPoints2: D - D:\SETUP.EXE
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (ICBCChromeExtension) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2016-04-14]
CHR HKLM-x32\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2012-11-15]
File: C:\Program Files (x86)\Sosition\SstrprSrv.exe
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [X]
2016-04-15 16:45 - 2016-04-15 16:47 - 00030687 _____ C:\Users\Zdenka\Downloads\FRST.txt
2016-04-14 22:44 - 2016-04-14 22:47 - 00000000 ____D C:\AdwCleaner
2016-04-14 22:44 - 2016-04-14 22:44 - 03670016 _____ C:\Users\Zdenka\Downloads\adwcleaner_5.111.exe
2016-04-14 21:25 - 2016-04-14 21:25 - 01222144 _____ C:\Users\Zdenka\Downloads\RSITx64.exe
2016-04-14 21:25 - 2016-04-14 21:25 - 00000000 ____D C:\rsit
2016-04-14 21:25 - 2016-04-14 21:25 - 00000000 ____D C:\Program Files\trend micro
Folder: C:\windows\System32\Tasks\Sosition Reports
Folder: C:\extensions
Folder: C:\Program Files (x86)\hohobnd
Folder: C:\Users\Public\Documents\dmp
Folder: C:\Program Files (x86)\Sosition
Folder: C:\ProgramData\PDFC
Folder: C:\ProgramData\HPQLOG
2011-09-24 12:20 - 2011-09-24 12:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
File: C:\ProgramData\TestPreferences
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForZDENKA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => key removed successfully
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
"HKU\S-1-5-21-1435834558-3399890420-224863321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lehjanbmddecbhgnnncapflmglinppcj" => key removed successfully
C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx => moved successfully

========================= File: C:\Program Files (x86)\Sosition\SstrprSrv.exe ========================

File is digitally signed
MD5: BF130E9E3191E039BFAD8F7C0DACFBE1
Creation and modification date: 2016-04-14 08:58 - 2016-04-14 06:21
Size: 0310360
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

DgiVecp => service removed successfully
C:\Users\Zdenka\Downloads\FRST.txt => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Zdenka\Downloads\adwcleaner_5.111.exe => moved successfully
C:\Users\Zdenka\Downloads\RSITx64.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully

========================= Folder: C:\windows\System32\Tasks\Sosition Reports ========================

C:\windows\System32\Tasks\Sosition Reports => File

====== End of Folder: ======


========================= Folder: C:\extensions ========================

2016-04-14 08:59 - 2016-04-14 07:28 - 0331500 _____ () C:\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\hohobnd ========================

2016-04-14 08:58 - 2016-04-14 07:28 - 0331500 _____ () C:\Program Files (x86)\hohobnd\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
2016-04-14 08:58 - 2016-04-14 08:58 - 0001696 _____ () C:\Program Files (x86)\hohobnd\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
2016-04-15 16:59 - 2016-04-08 09:26 - 0690144 _____ (Tencent) C:\Program Files (x86)\hohobnd\BrowserUpdate.exe65333047
2016-04-14 08:58 - 2016-04-14 07:28 - 0519744 _____ () C:\Program Files (x86)\hohobnd\CCeuter.exe
2016-04-14 08:58 - 2016-04-14 08:02 - 0001211 _____ () C:\Program Files (x86)\hohobnd\conf.json
2016-04-14 08:58 - 2016-04-14 07:28 - 0597056 _____ () C:\Program Files (x86)\hohobnd\FFeuter.exe
2016-04-14 08:58 - 2016-04-14 06:53 - 0989760 _____ () C:\Program Files (x86)\hohobnd\ghabuk.exe
2016-04-15 16:59 - 2016-04-12 10:02 - 0363568 _____ () C:\Program Files (x86)\hohobnd\chrome_elf.dll65333047
2016-04-15 16:59 - 2016-04-15 12:36 - 0689968 _____ (TSv) C:\Program Files (x86)\hohobnd\ihpul.exe
2016-04-15 16:59 - 2016-04-15 09:06 - 0248368 _____ (TODO: <公司名>) C:\Program Files (x86)\hohobnd\qks.exe
2016-04-15 16:59 - 2016-04-15 11:42 - 0208944 _____ (Winzipper Pvt Ltd.) C:\Program Files (x86)\hohobnd\winzipper.exe
2016-04-15 16:59 - 2016-04-15 12:37 - 0569344 _____ (WFini LIMITED) C:\Program Files (x86)\hohobnd\wpm.exe
2016-04-14 08:58 - 2016-04-14 08:58 - 0000000 ____D () C:\Program Files (x86)\hohobnd\dmp
2016-04-14 08:58 - 2016-04-14 08:58 - 0000000 ____D () C:\Program Files (x86)\hohobnd\dmp\CCeuter.exe
2016-04-14 08:58 - 2016-04-14 08:58 - 0000000 ____D () C:\Program Files (x86)\hohobnd\dmp\ghabuk.exe
2016-04-14 08:58 - 2016-04-14 08:58 - 0000000 ____D () C:\Program Files (x86)\hohobnd\dmp\SstrprSrv.exe
2016-04-14 08:58 - 2016-04-14 08:58 - 0000000 ____D () C:\Program Files (x86)\hohobnd\dmp\SstrprTsk.exe
2016-04-14 08:58 - 2016-04-14 08:58 - 0000000 ____D () C:\Program Files (x86)\hohobnd\dmp\vogish.exe

====== End of Folder: ======


========================= Folder: C:\Users\Public\Documents\dmp ========================

2016-04-14 08:58 - 2016-04-14 08:58 - 0000000 ____D () C:\Users\Public\Documents\dmp\dl
2016-04-14 08:58 - 2016-04-14 08:58 - 0000000 ____D () C:\Users\Public\Documents\dmp\un

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\Sosition ========================

2016-04-14 08:58 - 2016-04-15 16:59 - 0001744 _____ () C:\Program Files (x86)\Sosition\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
2016-04-14 08:58 - 2016-04-14 06:21 - 0310360 _____ () C:\Program Files (x86)\Sosition\SstrprSrv.exe
2016-04-14 08:58 - 2016-04-14 06:21 - 0360536 _____ () C:\Program Files (x86)\Sosition\SstrprTsk.exe

====== End of Folder: ======


========================= Folder: C:\ProgramData\PDFC ========================

2013-10-23 08:39 - 2013-10-23 08:43 - 0000000 ____D () C:\ProgramData\PDFC\Log
2011-05-12 02:05 - 2011-05-12 02:05 - 0000000 ____D () C:\ProgramData\PDFC\Patch

====== End of Folder: ======


========================= Folder: C:\ProgramData\HPQLOG ========================

2016-04-14 09:34 - 2016-04-13 09:30 - 0000000 _____ () C:\ProgramData\HPQLOG\HP ProtectTools Service.179beadb-e1d8-4947-92cc-3cbc03a890aa.CPTLog.BAK.xml
2016-04-14 22:47 - 2016-04-14 16:41 - 0000000 _____ () C:\ProgramData\HPQLOG\HP ProtectTools Service.21603fc7-5538-47b1-bc12-cb205ba46d78.CPTLog.BAK.xml
2016-04-14 22:54 - 2016-04-14 22:47 - 0000000 _____ () C:\ProgramData\HPQLOG\HP ProtectTools Service.4778fd92-e038-443b-ad8d-917ff438fced.CPTLog.BAK.xml
2016-04-14 16:41 - 2016-04-14 09:34 - 0000000 _____ () C:\ProgramData\HPQLOG\HP ProtectTools Service.790ff3be-82d2-40c3-b4ad-9a9bf4c50aec.CPTLog.BAK.xml
2016-04-13 09:30 - 2016-04-02 20:01 - 0000000 _____ () C:\ProgramData\HPQLOG\HP ProtectTools Service.d2f5702b-dfc4-4fb0-a5e5-cb285392d24c.CPTLog.BAK.xml
2011-05-12 02:01 - 2016-04-14 22:54 - 0000000 _____ () C:\ProgramData\HPQLOG\HP ProtectTools Service.xml
2011-08-23 15:55 - 2015-03-28 10:34 - 0011907 _____ () C:\ProgramData\HPQLOG\PTLOGS.xml

====== End of Folder: ======

C:\ProgramData\ezsidmv.dat => moved successfully

========================= File: C:\ProgramData\TestPreferences ========================

File not signed
MD5: BD84F49E4C2C2476E0C2842C0B60DF77
Creation and modification date: 2013-06-09 07:38 - 2013-06-09 07:39
Size: 0213328
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job => moved successfully
C:\windows\Tasks\HPCeeScheduleForZDENKA-HP$.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 883.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:31:44 ====
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: problem s malwarem (vyskakující okna v prohlížeči)

#8 Příspěvek od altrok »

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
C:\extensions
C:\Program Files (x86)\hohobnd
DisableService: SstrprSrv
Folder: C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
C:\Users\Zdenka\AppData\Local\Temp
Task: {77A98B80-BA28-41EE-98CD-C141CB09D08F} - System32\Tasks\Sosition Reports => C:\Program Files (x86)\Sosition\SstrprTsk.exe [2016-04-14] ()
Task: {8DC69858-B565-4D01-B258-B7E5C1204574} - System32\Tasks\{A7DB6B32-79EB-4262-8876-00DFD18FE4AC} => pcalua.exe -a C:\Users\Zdenka\Desktop\Rosetta.Stone\RosettaStoneSetup.exe -d C:\Users\Zdenka\Desktop\Rosetta.Stone
File: c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
zdenka
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 14 dub 2016 20:30

Re: problem s malwarem (vyskakující okna v prohlížeči)

#9 Příspěvek od zdenka »

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Zdenka (2016-04-17 18:27:23) Run:2
Running from C:\Users\Zdenka\Desktop
Loaded Profiles: Zdenka (Available Profiles: Zdenka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\extensions
C:\Program Files (x86)\hohobnd
DisableService: SstrprSrv
Folder: C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
C:\Users\Zdenka\AppData\Local\Temp
Task: {77A98B80-BA28-41EE-98CD-C141CB09D08F} - System32\Tasks\Sosition Reports => C:\Program Files (x86)\Sosition\SstrprTsk.exe [2016-04-14] ()
Task: {8DC69858-B565-4D01-B258-B7E5C1204574} - System32\Tasks\{A7DB6B32-79EB-4262-8876-00DFD18FE4AC} => pcalua.exe -a C:\Users\Zdenka\Desktop\Rosetta.Stone\RosettaStoneSetup.exe -d C:\Users\Zdenka\Desktop\Rosetta.Stone
File: c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\extensions => moved successfully
C:\Program Files (x86)\hohobnd => moved successfully
SstrprSrv => service was disabled

========================= Folder: C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 ========================

2016-04-14 08:59 - 2014-01-20 01:03 - 0065158 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\199F.tmp
2016-04-14 08:59 - 2013-02-27 18:09 - 0034150 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\2A23.tmp
2016-04-14 08:59 - 2013-05-28 12:34 - 0043135 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\3FEA.tmp
2016-04-14 08:59 - 2013-06-28 16:03 - 0047034 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\452E.tmp
2016-04-14 08:59 - 2014-01-05 01:13 - 0000000 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\5268.tmp
2016-04-14 08:59 - 2013-07-15 17:47 - 0042375 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\6214.tmp
2016-04-14 08:59 - 2014-07-04 18:22 - 0088585 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\633F.tmp
2016-04-14 08:59 - 2013-09-05 16:27 - 0052223 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\758A.tmp
2016-04-14 08:59 - 2013-08-09 05:13 - 0046883 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\8BE8.tmp
2016-04-14 08:59 - 2013-11-12 19:08 - 0056725 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\8FAD.tmp
2016-04-14 08:59 - 2013-07-18 16:31 - 0042790 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\8FE2.tmp
2016-04-14 08:59 - 2013-08-10 02:23 - 0046883 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\B3FE.tmp
2016-04-14 08:59 - 2013-09-07 14:55 - 0052502 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\B82.tmp
2016-04-14 08:59 - 2013-09-05 01:29 - 0051773 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\B877.tmp
2016-04-14 08:59 - 2013-04-09 18:55 - 0035310 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\BF04.tmp
2016-04-14 08:59 - 2013-03-14 07:53 - 0034168 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\C148.tmp
2016-04-14 08:59 - 2013-03-20 17:27 - 0034353 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\C207.tmp


tento seznam je strašně dlouhý, mnohokrát přesáhnul maximální délku zprávy. a .txt soubor mi nešlo ke zprávě připojit. proto jsem ten seznam zde ustřihla a dále dávám jen konec...

0000 ____D () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885
2016-04-14 09:01 - 2016-04-14 08:51 - 0000066 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\manifest.fingerprint
2016-04-14 09:01 - 2016-03-16 17:56 - 0000950 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\manifest.json
2016-04-14 09:01 - 2016-04-14 09:01 - 0000000 ____D () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\_metadata
2016-04-14 09:01 - 2016-03-16 17:56 - 0001509 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\_metadata\verified_contents.json
2016-04-14 09:01 - 2016-04-14 09:01 - 0000000 ____D () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\_platform_specific
2016-04-14 09:01 - 2016-04-14 09:01 - 0000000 ____D () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\_platform_specific\win_x86
2016-04-14 09:01 - 2016-04-14 08:51 - 0000012 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\_platform_specific\win_x86\CdmAdapterVersion
2016-04-14 09:01 - 2016-03-16 17:57 - 5780376 _____ (Google Inc.) C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdm.dll
2016-04-14 09:01 - 2016-04-13 10:37 - 0193688 _____ (Google Inc.) C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll
2016-04-14 09:01 - 2016-04-14 09:01 - 0000000 ____D () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\imgs
2016-04-14 09:01 - 2014-04-14 14:45 - 0001630 _____ () C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM\1.4.8.885\imgs\icon-128x128.png

====== End of Folder: ======


"C:\Users\Zdenka\AppData\Local\Temp" folder move:

Could not move "C:\Users\Zdenka\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77A98B80-BA28-41EE-98CD-C141CB09D08F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77A98B80-BA28-41EE-98CD-C141CB09D08F}" => key removed successfully
C:\windows\System32\Tasks\Sosition Reports => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sosition Reports" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DC69858-B565-4D01-B258-B7E5C1204574}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC69858-B565-4D01-B258-B7E5C1204574}" => key removed successfully
C:\windows\System32\Tasks\{A7DB6B32-79EB-4262-8876-00DFD18FE4AC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A7DB6B32-79EB-4262-8876-00DFD18FE4AC}" => key removed successfully

========================= File: c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe ========================

File is digitally signed
MD5: 6A6983390656B73226571BF79A1214AB
Creation and modification date: 2016-04-12 21:43 - 2016-04-12 21:43
Size: 0037176
Attributes: ----A
Company Name: Microsoft
Internal Name: HPResignFileLoader.exe
Original Name: HPResignFileLoader.exe
Product: HPResignFileLoader
Description: HPResignFileLoader
File Version: 1.0.0.2
Product Version: 1.0.0.2
Copyright: Copyright © Microsoft 2014

====== End of File: ======
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: problem s malwarem (vyskakující okna v prohlížeči)

#10 Příspěvek od altrok »

Jak se PC chova ted? Jake problemy na nem pozorujete?
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
zdenka
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 14 dub 2016 20:30

Re: problem s malwarem (vyskakující okna v prohlížeči)

#11 Příspěvek od zdenka »

Výrazně se to zlepšilo, moc děkuji za pomoc! Už se vůbec neotevírají v prohlížeči sama od sebe různá pochybná okna.

Avšak občas (s dost menší četností než předtím) se při kliknutí na odkaz objeví nějaká sázecí nebo výherní stránka. Ale jen při kliknutí na nějaký odkaz. (různé odkazy na různých stránkách) - když na ně kliknu poprvé, objeví se nějaká pochybná stránka, když ji zruším a kliknu na odkaz podruhé, už se objeví ta na kterou odkaz odkazoval :)

A také, když otevřu google chrome, tak se místo úvodní stránky (jen vyhledavač google - kterou mám přednastavenou v nastavení prohlížeče) opět objeví nějaká divnost.

To mi pořád trochu dělá starosti.
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: problem s malwarem (vyskakující okna v prohlížeči)

#12 Příspěvek od altrok »

:arrow: Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868
  • Upozorneni: tento sken zabere od 30 minut po nekolik hodin


:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
zdenka
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 14 dub 2016 20:30

Re: problem s malwarem (vyskakující okna v prohlížeči)

#13 Příspěvek od zdenka »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Zdenka (administrator) on ZDENKA-HP (18-04-2016 19:01:53)
Running from C:\Users\Zdenka\Desktop
Loaded Profiles: Zdenka (Available Profiles: Zdenka)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(tsvr.com) C:\Users\Zdenka\AppData\Roaming\TSv\TSvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-07] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-07] (Atheros Commnucations)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] => C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2012-09-17]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1435834558-3399890420-224863321-1001] => http=127.0.0.1:3213;https=127.0.0.1:3213
AutoConfigURL: [S-1-5-21-1435834558-3399890420-224863321-1001] => hxxp://un-stop.biz/wpad.dat?22a996bb3f318a33b1358790c3fc7a588854145
Winsock: Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224 2012-01-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 08 C:\windows\SysWOW64\mswsock.dll [231424 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 09 C:\windows\SysWOW64\winrnr.dll [20992 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{588C40A4-7334-4CD0-9FB0-9BB2C92B894A}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{AE10215E-90B6-44C8-B73F-E1F301C9A8A1}: [DhcpNameServer] 58.17.39.219 218.87.6.206 210.35.207.8
ManualProxies: 0hxxp://un-stop.biz/wpad.dat?22a996bb3f318a33b1358790c3fc7a588854145

Internet Explorer:
==================
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131051333067331080&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-1435834558-3399890420-224863321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDF
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> DefaultScope {80AE6209-510D-40E5-843F-33B01D421721} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> {80AE6209-510D-40E5-843F-33B01D421721} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> {CA881421-2F2D-439B-A02F-D4E4C0E15CCE} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-1435834558-3399890420-224863321-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-04-07] (RealPlayer)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-07] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.piesearch.com/?uid=0017d2f5-78c4-44 ... 787a0ccee9

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1435834558-3399890420-224863321-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Zdenka\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1435834558-3399890420-224863321-1001: @talk.google.com/O1DPlugin -> C:\Users\Zdenka\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1435834558-3399890420-224863321-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Zdenka\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1435834558-3399890420-224863321-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Zdenka\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Zdenka\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Zdenka\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2011-09-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2016-04-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-05-28] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-14]
CHR Extension: (Dokumenty Google) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-14]
CHR Extension: (Disk Google) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-14]
CHR Extension: (YouTube) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-14]
CHR Extension: (Tabulky Google) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2016-04-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Gmail) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-14]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-04-07]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.piesearch.com/?uid=0017d2f5-78c4-44 ... 787a0ccee9

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.piesearch.com/?uid=0017d2f5-78c4-44 ... 787a0ccee9

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
S2 DeskTop_F; C:\ProgramData\desktopfind\desktop154.exe [236728 2016-03-16] (DeskTopService)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company)
R2 IhPul; C:\Users\Zdenka\AppData\Roaming\TSv\TSvr.exe [359696 2016-04-15] (tsvr.com)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S4 SstrprSrv; C:\Program Files (x86)\Sosition\SstrprSrv.exe [310360 2016-04-14] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [1155704 2011-10-15] (Symantec Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-11-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111111.030\IDSvia64.sys [488568 2011-09-12] (Symantec Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-18] (Malwarebytes)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111111.036\ENG64.SYS [117880 2011-09-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111111.036\EX64.SYS [2048632 2011-09-13] (Symantec Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2611704 2011-01-12] (Sunplus Technology)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
S2 SSPORT; C:\windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 19:01 - 2016-04-18 19:05 - 00028760 _____ C:\Users\Zdenka\Desktop\FRST.txt
2016-04-18 19:00 - 2016-04-18 19:00 - 00001157 _____ C:\Users\Zdenka\Desktop\mbam.txt
2016-04-18 14:15 - 2016-04-18 16:15 - 00000001 _____ C:\windows\SysWOW64\en.html
2016-04-18 13:37 - 2016-04-18 13:41 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-18 13:37 - 2016-04-18 13:37 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-18 13:37 - 2016-04-18 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-18 13:37 - 2016-04-18 13:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-18 13:37 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-04-18 13:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-04-18 13:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-04-18 13:34 - 2016-04-18 13:34 - 22851472 _____ (Malwarebytes ) C:\Users\Zdenka\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-17 22:19 - 2016-04-17 22:19 - 03455924 _____ C:\Users\Zdenka\Downloads\FR_Barrot_LGV_3.část textu.pdf
2016-04-17 22:19 - 2016-04-17 22:19 - 01997297 _____ C:\Users\Zdenka\Downloads\FR_Barrot_LGV_1.část.pdf
2016-04-17 22:19 - 2016-04-17 22:19 - 01976828 _____ C:\Users\Zdenka\Downloads\FR_Barrot_LGV_2.část textu-1.pdf
2016-04-16 18:28 - 2016-04-16 18:28 - 00000000 ____D C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-15 20:17 - 2016-04-15 20:17 - 06571071 _____ C:\Users\Zdenka\Downloads\NPCR 3 Workbook.pdf
2016-04-15 18:30 - 2016-04-18 19:01 - 01088923 _____ C:\Users\Zdenka\Desktop\Fixlog.txt
2016-04-15 18:05 - 2016-04-15 18:07 - 00000000 ____D C:\windows\system32\MRT
2016-04-15 18:05 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-15 17:00 - 2016-04-15 18:19 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-04-15 17:00 - 2016-04-15 17:00 - 00000000 ____D C:\Users\Zdenka\AppData\Roaming\eCyber
2016-04-15 16:59 - 2016-04-15 16:59 - 00015128 _____ C:\windows\System32\Tasks\Browser Updater Task(Core)
2016-04-15 16:59 - 2016-04-15 16:59 - 00000000 ____D C:\Users\Zdenka\AppData\Roaming\TSv
2016-04-15 16:59 - 2016-04-15 16:59 - 00000000 ____D C:\ProgramData\desktopfind
2016-04-15 16:59 - 2016-04-15 16:59 - 00000000 ____D C:\ProgramData\1winp1
2016-04-15 16:59 - 2016-04-15 16:59 - 00000000 ____D C:\Program Files (x86)\QQBrowser
2016-04-15 16:48 - 2016-04-15 16:48 - 00046620 _____ C:\Users\Zdenka\Downloads\Addition.txt
2016-04-15 16:45 - 2016-04-18 19:01 - 00000000 ____D C:\FRST
2016-04-15 16:44 - 2016-04-15 16:44 - 02375168 _____ (Farbar) C:\Users\Zdenka\Desktop\FRST64.exe
2016-04-14 21:23 - 2016-04-14 21:23 - 00112107 _____ (forum.viry.cz) C:\Users\Zdenka\Downloads\Nepotvrzeno 465056.crdownload
2016-04-14 20:33 - 2016-04-06 10:18 - 00453280 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-14 16:51 - 2016-04-15 16:59 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-14 16:51 - 2016-04-15 16:59 - 00002389 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-14 16:50 - 2016-04-14 16:50 - 00987728 _____ (Google Inc.) C:\Users\Zdenka\Downloads\ChromeSetup.exe
2016-04-14 16:50 - 2016-04-14 16:50 - 00003948 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-14 16:50 - 2016-04-14 16:50 - 00003696 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-14 09:34 - 2016-04-15 18:35 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-04-14 09:25 - 2016-04-14 09:26 - 00000000 ____D C:\Users\Zdenka\Desktop\čína 2016
2016-04-14 09:00 - 2016-04-14 09:05 - 00000000 ____D C:\Users\Zdenka\AppData\Local\Chromium
2016-04-14 08:59 - 2016-04-14 16:51 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-14 08:59 - 2016-04-14 09:05 - 00000000 ____D C:\Users\Zdenka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-14 08:58 - 2016-04-14 08:58 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-14 08:58 - 2016-04-14 08:58 - 00000000 ____D C:\Program Files (x86)\Sosition
2016-04-14 08:57 - 2016-04-14 08:57 - 03910424 _____ C:\Users\Zdenka\Downloads\New_Practical_Chinese_Reader_3_Textbook_downloader.exe
2016-04-07 22:26 - 2016-04-07 22:26 - 06609843 _____ C:\Users\Zdenka\Desktop\NewPracticalChineseReader-vol3_Workbook.pdf
2016-04-04 22:40 - 2016-04-17 17:27 - 00000958 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-04 22:40 - 2016-04-08 19:18 - 00003956 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-03 23:37 - 2016-04-03 23:37 - 02436568 _____ C:\Users\Zdenka\Downloads\FormApps_Signing_Extension.exe
2016-04-03 23:24 - 2016-04-03 23:24 - 00001282 _____ C:\Users\Zdenka\Downloads\xdp-osvc-2013.xdp
2016-03-30 22:00 - 2016-03-30 22:01 - 55412736 _____ C:\Users\Zdenka\Downloads\FontPack1500720033_XtdAlf_Lang_DC.msi
2016-03-28 18:09 - 2016-03-28 18:10 - 07928604 _____ C:\Users\Zdenka\Downloads\docslide.us_npcr-3pdf.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 18:52 - 2011-08-23 16:15 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-04-18 18:51 - 2015-06-16 19:05 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job
2016-04-18 18:51 - 2013-02-28 15:21 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-18 08:33 - 2015-06-16 19:04 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job
2016-04-17 20:26 - 2012-03-07 14:39 - 00003192 _____ C:\windows\System32\Tasks\HPCeeScheduleForZdenka
2016-04-17 20:26 - 2012-03-07 14:39 - 00000336 _____ C:\windows\Tasks\HPCeeScheduleForZdenka.job
2016-04-17 19:34 - 2011-05-12 02:05 - 00000000 ____D C:\ProgramData\PDFC
2016-04-17 18:43 - 2009-07-14 06:45 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-17 18:43 - 2009-07-14 06:45 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-17 18:38 - 2015-08-19 21:48 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-04-17 18:38 - 2013-04-09 16:06 - 00000000 ___RD C:\Users\Zdenka\Dropbox
2016-04-17 18:34 - 2011-05-12 02:01 - 00000000 ____D C:\ProgramData\HPQLOG
2016-04-17 18:33 - 2009-07-14 06:45 - 00417312 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-17 18:32 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-16 18:28 - 2013-04-09 15:54 - 00000000 ____D C:\Users\Zdenka\AppData\Roaming\Dropbox
2016-04-16 18:26 - 2015-06-16 19:04 - 00000000 ____D C:\Users\Zdenka\AppData\Local\Dropbox
2016-04-15 18:30 - 2009-07-14 05:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-04-15 18:30 - 2009-07-14 05:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-04-15 18:17 - 2011-09-24 23:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-15 16:59 - 2015-05-27 16:34 - 00001116 _____ C:\Users\Public\Desktop\Opera.lnk
2016-04-14 22:54 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf
2016-04-14 22:47 - 2015-05-27 16:34 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-14 22:47 - 2011-09-12 19:30 - 00000971 _____ C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-14 20:28 - 2012-05-13 09:01 - 00000000 ____D C:\Users\Zdenka\Desktop\zálohy registrů
2016-04-14 16:49 - 2015-05-27 16:34 - 00003848 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1432737268
2016-04-14 16:49 - 2015-05-27 16:33 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-14 16:48 - 2011-05-12 02:04 - 00670908 _____ C:\windows\system32\perfh005.dat
2016-04-14 16:48 - 2011-05-12 02:04 - 00142488 _____ C:\windows\system32\perfc005.dat
2016-04-14 16:48 - 2009-07-14 07:13 - 01584554 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-14 09:25 - 2015-10-07 10:58 - 00000000 ____D C:\Users\Zdenka\Desktop\literární seminář čínská povídka andrš
2016-04-14 09:25 - 2014-10-13 11:48 - 00000000 ___RD C:\Users\Zdenka\Desktop\SINO
2016-04-14 09:25 - 2011-09-25 10:38 - 00000000 ____D C:\Users\Zdenka\Desktop\work
2016-04-14 09:12 - 2012-02-27 13:34 - 00000000 ____D C:\Users\Zdenka\AppData\Local\CrashDumps
2016-04-11 20:06 - 2011-09-24 11:53 - 00003220 _____ C:\windows\System32\Tasks\HPCeeScheduleForZDENKA-HP$
2016-04-08 19:18 - 2013-02-28 15:21 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 19:18 - 2013-02-28 15:21 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 19:18 - 2013-02-28 15:21 - 00003852 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 23:23 - 2011-08-23 16:24 - 00000000 ____D C:\ProgramData\Norton
2016-04-04 22:48 - 2012-03-27 09:52 - 00000000 ____D C:\Users\Zdenka\AppData\Local\Adobe
2016-03-30 20:29 - 2015-10-07 10:55 - 00000000 ____D C:\Users\Zdenka\Desktop\klasická čínština
2016-03-28 18:46 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-09 07:38 - 2013-06-09 07:39 - 0213328 _____ () C:\ProgramData\TestPreferences

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 10:48

==================== End of FRST.txt ============================
Nahoru
zdenka
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 14 dub 2016 20:30

Re: problem s malwarem (vyskakující okna v prohlížeči)

#14 Příspěvek od zdenka »

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Zdenka (2016-04-18 19:06:46)
Running from C:\Users\Zdenka\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-09-12 17:18:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1435834558-3399890420-224863321-500 - Administrator - Disabled)
Guest (S-1-5-21-1435834558-3399890420-224863321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1435834558-3399890420-224863321-1003 - Limited - Enabled)
Zdenka (S-1-5-21-1435834558-3399890420-224863321-1001 - Administrator - Enabled) => C:\Users\Zdenka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.57.1051 - Webteh, d.o.o.)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HD Webcam [Fixed] (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.3.4.07 - SunplusIT)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}) (Version: 5.2.3.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ICBCChromeExtension (HKLM-x32\...\{3561742A-2478-4FAB-A44B-38A26E1FE14F}) (Version: 1.0.1.4 - ICBC) <==== ATTENTION
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MKV Player 2.0 (HKLM-x32\...\MKV Player_is1) (Version: - vsevensoft.com)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.33 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: - RealNetworks)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Údržba Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version: - Samsung Electronics Co., Ltd.)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Zdenka\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Zdenka\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435834558-3399890420-224863321-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F80A18F-9572-42E3-B272-837ABDEFB3E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2016-04-12] (Microsoft)
Task: {136899AE-2706-405B-A16D-B8BBFD92EC3D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1435834558-3399890420-224863321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {1502997B-CCD1-4321-973C-D0EBCD4B71D1} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {2102BEAA-6675-4C9F-8CC4-C74D4AF54BB4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-10] (Hewlett-Packard Company)
Task: {329979D7-6900-407F-8E91-14B90C296DED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {412E9D77-B202-4B9D-A67B-B883A48D184E} - System32\Tasks\HPCeeScheduleForZdenka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5C6D2C7B-F668-4068-92FE-67AB0719EFBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-10] (Hewlett-Packard Company)
Task: {5FFBED6A-BA96-4124-96E9-5D30AE6F8E56} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1435834558-3399890420-224863321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {62ADE325-BACA-410A-92DB-B9C359884369} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\F279080C6EA158F5E52E6868A8CC77FC\Update\BrowserUpdate.exe [2016-04-08] (Tencent) <==== ATTENTION
Task: {7305D3CA-00BA-49CC-B3E5-978E9D11CC83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
Task: {78ED005D-BCF1-4008-B50F-B80B1A9E4443} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
Task: {7EB63894-5248-4947-8A3A-09331AC31FB3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {7F0D6699-1833-47E1-8C2A-1752D4D30043} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
Task: {7F2B03F9-1C01-4CE8-9500-0B276AAD3C07} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9DCCBD29-B188-40D6-941A-AF9E353D604C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {BC4AE030-7BA3-45FA-A88C-2BB9DD58D336} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {BE8EB6B9-A6E3-46B0-BBED-7B4C61757B7D} - System32\Tasks\HPCeeScheduleForZDENKA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {C3B03923-E7FB-465B-9846-71EC2A4F1F24} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {C620CAF9-C4F9-4959-A6FA-7A9FDF7BD877} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA => C:\Users\Zdenka\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C764B549-E565-4627-AAD6-EBE7AC928999} - System32\Tasks\Opera scheduled Autoupdate 1432737268 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {E4219423-A76B-4AFC-BA1A-80C0677A5B97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2016-04-12] (Microsoft)
Task: {EBC4B0AE-79C9-4A01-B3DA-E52AEEF14B9E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {FAF1A6B7-1162-457C-9F90-66AE3D065814} - System32\Tasks\{CA38A947-594B-434F-BBC1-0E624362ADAA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-10-14] (Skype Technologies S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001Core.job => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435834558-3399890420-224863321-1001UA.job => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForZdenka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Zdenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?uid=0017d2f5-78c4-44 ... 787a0ccee9
ShortcutWithArgument: C:\Users\Zdenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?uid=0017d2f5-78c4-44 ... 787a0ccee9
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?uid=0017d2f5-78c4-44 ... 787a0ccee9
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?uid=0017d2f5-78c4-44 ... 787a0ccee9
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.piesearch.com/?uid=0017d2f5-78c4-44 ... 787a0ccee9

==================== Loaded Modules (Whitelisted) ==============

2011-09-13 16:43 - 2009-08-10 09:08 - 00027648 _____ () C:\windows\System32\ssp7ml6.dll
2011-09-13 16:43 - 2009-12-15 10:26 - 00749568 _____ () C:\windows\system32\spool\DRIVERS\x64\3\ssp7mdu.dll
2011-01-31 20:54 - 2011-01-31 20:54 - 00107008 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 21:04 - 2011-02-09 21:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2011-02-09 20:27 - 2011-02-09 20:27 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-02-09 20:28 - 2011-02-09 20:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-26 05:28 - 2011-03-26 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-27 03:14 - 2011-01-27 03:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2010-11-26 13:31 - 2010-11-26 13:31 - 00267128 _____ () C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
2010-06-24 12:21 - 2010-06-24 12:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2011-09-13 16:42 - 2010-06-07 12:35 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2011-09-13 16:42 - 2009-07-29 12:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2011-05-12 02:07 - 2011-01-27 02:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00080440 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00047160 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2011-02-09 20:48 - 2011-02-09 20:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 20:27 - 2011-02-09 20:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 20:51 - 2011-02-09 20:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 20:29 - 2011-02-09 20:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 20:30 - 2011-02-09 20:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2016-04-16 18:28 - 2016-03-21 23:50 - 00034768 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-16 18:27 - 2016-03-21 23:51 - 00019408 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-16 18:27 - 2016-03-21 23:50 - 00116688 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-04-16 18:28 - 2016-03-21 23:50 - 00093640 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-04-16 18:28 - 2016-03-21 23:50 - 00018376 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\select.pyd
2016-04-16 18:28 - 2016-04-08 20:20 - 00019760 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00105928 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-16 18:27 - 2016-03-21 23:50 - 00392144 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-04-16 18:28 - 2016-04-08 20:20 - 00381752 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-04-16 18:28 - 2016-03-21 23:50 - 00692688 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-16 18:27 - 2016-04-08 20:19 - 00020816 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-04-16 18:28 - 2016-03-21 23:51 - 00112592 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-16 18:27 - 2016-04-08 20:19 - 01682760 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-16 18:27 - 2016-04-08 20:19 - 00020808 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-04-16 18:28 - 2016-04-08 20:20 - 00021840 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-16 18:27 - 2016-04-08 20:19 - 00038696 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-16 18:27 - 2016-03-21 23:52 - 00020936 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00024528 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00114640 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00124880 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-04-16 18:28 - 2016-04-08 20:20 - 00021832 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00175560 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00030160 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00043472 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00028616 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00048592 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-16 18:27 - 2016-04-08 20:19 - 00026456 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00057808 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-16 18:27 - 2016-04-08 20:19 - 00117056 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-04-16 18:28 - 2016-04-08 20:20 - 00023376 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-16 18:28 - 2016-03-21 23:50 - 00134608 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-16 18:27 - 2016-03-21 23:50 - 00134088 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-16 18:27 - 2016-03-21 23:51 - 00240584 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-16 18:27 - 2016-04-08 20:19 - 00024392 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-16 18:27 - 2016-03-21 23:52 - 00036296 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-16 18:27 - 2016-04-08 20:19 - 00052024 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-04-16 18:28 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-16 18:28 - 2016-04-08 20:20 - 00021824 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-04-16 18:28 - 2016-04-08 20:20 - 00019776 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-04-16 18:28 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-16 18:27 - 2016-04-08 20:19 - 00020280 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-04-16 18:28 - 2016-03-21 23:52 - 00350152 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-04-16 18:28 - 2016-04-08 20:20 - 00022352 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-16 18:27 - 2016-04-08 20:19 - 00084280 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-16 18:27 - 2016-04-08 20:20 - 01826096 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-04-16 18:28 - 2016-03-21 23:51 - 00083912 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 03928880 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 01971504 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 00531248 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 00132912 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 00223544 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 00207672 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 00158008 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 00042808 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-16 18:27 - 2016-03-21 23:54 - 00017864 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-16 18:27 - 2016-03-21 23:54 - 01631184 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-04-16 18:28 - 2016-04-08 20:20 - 00024904 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 00546096 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-04-16 18:27 - 2016-04-08 20:20 - 00357680 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-10-20 22:34 - 2016-03-21 23:56 - 00697304 _____ () C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2010-06-24 12:19 - 2010-06-24 12:19 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-08-14 21:33 - 2014-08-14 21:33 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1e70f9aada009e40c4f131cfdbe52126\IsdiInterop.ni.dll
2011-08-23 16:06 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-14 16:51 - 2016-04-13 10:37 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libglesv2.dll
2016-04-14 16:51 - 2016-04-13 10:36 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1435834558-3399890420-224863321-1001\...\mojebanka.cz -> hxxps://www.mojebanka.cz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-04-15 18:30 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1435834558-3399890420-224863321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Dropbox Update => "C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{26BF4BD7-019E-4B1F-8E41-CAB70586A44A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E8D16D2C-1296-483B-AAFD-4CD58A6DCB27}] => (Allow) LPort=2869
FirewallRules: [{915EDE72-61AA-4668-B29E-D43DBEEF312E}] => (Allow) LPort=1900
FirewallRules: [{F09D0B13-139F-4163-9662-DD458D7C44D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A7A37516-8B3E-425E-9F93-3544B5A49EE7}] => (Allow) C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7AB5FA31-AFF9-46A5-9874-4CE8AB6B4B13}] => (Allow) C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{AE346BCA-BC09-4BCE-BC8A-8DB22DA5C2B8}C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FC2FEFDC-1D84-4077-9DB6-5FB3F1CDF1A6}C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{09EA4EA5-5AC2-4912-8DB9-B3247A904ED8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-03-2016 14:52:39 Naplánovaný kontrolní bod
03-04-2016 23:37:58 Nainstalováno FormApps Signing Extension.
13-04-2016 12:17:17 Naplánovaný kontrolní bod
14-04-2016 20:32:57 Windows Update
14-04-2016 20:39:24 Chrome Cleanup Tool
14-04-2016 20:48:06 Windows Defender Checkpoint
15-04-2016 17:58:26 Removed Java 8 Update 40
15-04-2016 18:04:50 Windows Update
15-04-2016 18:16:41 Removed Skype Click to Call
15-04-2016 18:30:31 Restore Point Created by FRST
17-04-2016 18:27:24 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2016 09:37:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: desktop154.exe, verze: 1.0.0.10, časové razítko: 0x56e96567
Název chybujícího modulu: desktop154.exe, verze: 1.0.0.10, časové razítko: 0x56e96567
Kód výjimky: 0x40000015
Posun chyby: 0x00013cf7
ID chybujícího procesu: 0xa5c
Čas spuštění chybující aplikace: 0xdesktop154.exe0
Cesta k chybující aplikaci: desktop154.exe1
Cesta k chybujícímu modulu: desktop154.exe2
ID zprávy: desktop154.exe3

Error: (04/17/2016 06:27:24 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {42659bc2-1f5f-4176-ade8-67358d54af73}

Error: (04/15/2016 09:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: desktop154.exe, verze: 1.0.0.10, časové razítko: 0x56e96567
Název chybujícího modulu: desktop154.exe, verze: 1.0.0.10, časové razítko: 0x56e96567
Kód výjimky: 0x40000015
Posun chyby: 0x00013cf7
ID chybujícího procesu: 0x808
Čas spuštění chybující aplikace: 0xdesktop154.exe0
Cesta k chybující aplikaci: desktop154.exe1
Cesta k chybujícímu modulu: desktop154.exe2
ID zprávy: desktop154.exe3

Error: (04/15/2016 05:23:06 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Selhalo generování kontextu aktivace pro: 1. Chyba v souboru manifestu nebo zásad 2 na řádku 3.
V manifestu není povoleno více prvků requestedPrivileges.

Error: (04/14/2016 10:54:38 PM) (Source: XobniService) (EventID: 0) (User: )
Description: Službu nelze spustit. Neplatný popisovač

Error: (04/14/2016 10:47:50 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)

Error: (04/14/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/18/2016 07:02:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f081f): Windows Update Core.

Error: (04/18/2016 06:51:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Atheros Bt&Wlan Coex Agent bylo dosaženo časového limitu (30000 ms).

Error: (04/18/2016 01:34:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f081f): Windows Update Core.

Error: (04/18/2016 12:54:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby hpqwmiex bylo dosaženo časového limitu (30000 ms).

Error: (04/18/2016 08:33:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f081f): Windows Update Core.

Error: (04/18/2016 08:22:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby hpqwmiex bylo dosaženo časového limitu (30000 ms).

Error: (04/17/2016 09:37:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba DeskTop DispalyName byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/17/2016 06:35:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/17/2016 06:35:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FC38B03D-0921-4C97-B736-7CFE5DDA1E5C}

Error: (04/17/2016 06:34:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 78%
Total physical RAM: 4030.37 MB
Available physical RAM: 868.51 MB
Total Virtual: 8058.91 MB
Available Virtual: 4535.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:573.96 GB) (Free:341.04 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.92 GB) (Free:2.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: C2E30232)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=574 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: problem s malwarem (vyskakující okna v prohlížeči)

#15 Příspěvek od altrok »

:arrow: Od prvniho FRST logu pribyla cast nove infekce (hijacknuti zastupci). Pockame na vysledky MBAMu, pak budeme pokracovat dale.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“