Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
joj
Návštěvník
Návštěvník
Příspěvky: 151
Registrován: 10 říj 2013 13:01

Re: Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

#16 Příspěvek od joj »

Po provedení testu MBAM byl nějakou dobu klid a teď tam to okno Avastu opět naběhlo. Spustila jsem opět MBAM a uvidím, jestli něco najde.
Nahoru
joj
Návštěvník
Návštěvník
Příspěvky: 151
Registrován: 10 říj 2013 13:01

Re: Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

#17 Příspěvek od joj »

Pořád MBAM nachází malware.
Přílohy
scan.png
scan.png (95.69 KiB) Zobrazeno 1141 x
Nahoru
joj
Návštěvník
Návštěvník
Příspěvky: 151
Registrován: 10 říj 2013 13:01

Re: Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

#18 Příspěvek od joj »

Další kontrola MBAM a stejný výsledek - našel ty samé malware, které předtím odstranil.
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

#19 Příspěvek od altrok »

:arrow: Dobry den, zaskocim za kolegu.



:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
joj
Návštěvník
Návštěvník
Příspěvky: 151
Registrován: 10 říj 2013 13:01

Re: Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

#20 Příspěvek od joj »

Zdravím. Tady jsou logy:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-05-2016
Ran by Lenka (administrator) on FERDA (13-05-2016 16:31:02)
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-15] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Clarus Drive Manager] => C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe [8135744 2013-12-18] (Clarus, Inc.)
HKU\S-1-5-21-2869302318-721886907-1723125176-1001\...\Run: [windows] => wscript.exe //B "C:\Users\Lenka\AppData\Local\Temp\windows.vbs" <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-04-12] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2016-04-15]
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.3 8.8.8.8
Tcpip\..\Interfaces\{EAFED2C7-DA9C-4452-A531-A45815406E4D}: [DhcpNameServer] 10.0.0.3 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-2869302318-721886907-1723125176-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-2869302318-721886907-1723125176-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-12] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\arn7d1mk.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\arn7d1mk.default\extensions\artur.dubovoy@gmail.com [2016-02-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-06]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-10-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=3523&t=01
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Youtube to Mp3) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahphonmhjdjhomafgbenklockbohoco [2016-05-06]
CHR Extension: (Avast Online Security) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-08]
CHR Extension: (YouTube To MP3!) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgdohmjplligggendhbmghhmpphabopi [2016-03-09]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-04-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Instagram for Chrome) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2016-04-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-12] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4422704 2016-04-12] (Avast Software)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [797352 2016-05-12] (Enigma Software Group USA, LLC.)
R2 SZDrvSvc; C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-04-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-04-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-04-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-04-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-04-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-04-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-04-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-04-13] (AVAST Software)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2016-05-12] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-05-12] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-13] (Malwarebytes)
R3 mdf16; C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys [18864 2012-06-21] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 mvd23; C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys [89008 2012-06-21] ()
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [136432 2016-04-12] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-04-12] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-13 16:31 - 2016-05-13 16:31 - 00011543 _____ C:\Users\Lenka\Desktop\FRST.txt
2016-05-13 15:21 - 2016-05-13 15:21 - 00000000 ____D C:\Users\Lenka\AppData\Local\Clarus
2016-05-12 21:38 - 2016-05-12 21:38 - 00001248 _____ C:\Users\Lenka\Desktop\SpyHunter.lnk
2016-05-12 21:38 - 2016-05-12 21:38 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Enigma Software Group
2016-05-12 21:37 - 2016-05-12 21:38 - 00000000 ____D C:\sh4ldr
2016-05-12 21:36 - 2016-05-12 21:36 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-05-12 21:36 - 2016-05-12 21:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-12 21:35 - 2016-05-12 21:36 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Lenka\Downloads\SpyHunter-Installer.exe
2016-05-12 21:06 - 2016-05-12 21:06 - 00000000 ____D C:\AdwCleaner
2016-05-12 21:03 - 2016-05-12 21:03 - 00000000 ____D C:\Program Files\AdwCleaner
2016-05-12 20:48 - 2016-05-12 20:48 - 00010742 _____ C:\Users\Lenka\Desktop\cc_20160512_204813.reg
2016-05-12 19:47 - 2016-05-12 19:47 - 05405376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-05-12 16:42 - 2016-05-12 16:42 - 00001104 _____ C:\Users\Public\Desktop\Duplicate Cleaner Free.lnk
2016-05-12 16:42 - 2016-05-12 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2016-05-12 16:42 - 2016-05-12 16:42 - 00000000 ____D C:\Program Files\Duplicate Cleaner
2016-05-12 16:40 - 2016-05-12 16:41 - 05429944 _____ (DigitalVolcano Software Ltd) C:\Users\Lenka\Downloads\DuplicateCleaner_setup.exe
2016-05-12 13:59 - 2016-05-12 14:00 - 00000000 ____D C:\Users\Lenka\Desktop\scany
2016-05-12 13:35 - 2016-05-13 16:31 - 00000000 ____D C:\FRST
2016-05-12 13:32 - 2016-05-12 13:32 - 01732096 _____ (Farbar) C:\Users\Lenka\Desktop\FRST.exe
2016-05-12 13:25 - 2016-05-12 13:25 - 00016900 _____ C:\Users\Lenka\Desktop\cc_20160512_132514.reg
2016-05-12 10:36 - 2016-05-12 10:36 - 00000000 ____D C:\Windows\system32\vbox
2016-05-11 20:12 - 2016-05-13 15:02 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-11 20:12 - 2016-05-11 20:12 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-11 20:12 - 2016-05-11 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-11 20:12 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-11 20:12 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-11 20:12 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-11 13:17 - 2016-05-11 13:17 - 00000000 ____D C:\rsit
2016-05-11 13:17 - 2016-05-11 13:17 - 00000000 ____D C:\Program Files\trend micro
2016-05-11 13:11 - 2016-05-11 13:11 - 01107968 _____ C:\Users\Lenka\Desktop\RSIT.exe
2016-05-11 12:58 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 12:58 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 12:58 - 2016-04-23 06:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 12:58 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 12:58 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 12:58 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 12:58 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 12:58 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 12:58 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 12:58 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 12:58 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 12:58 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 12:58 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 12:58 - 2016-04-23 05:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 12:58 - 2016-04-23 05:53 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 12:58 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 12:58 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 12:58 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 12:58 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 12:58 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 12:58 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 12:58 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 12:58 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 12:58 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 12:58 - 2016-04-23 05:31 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 12:58 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 12:58 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 12:58 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 12:58 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 12:58 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 12:58 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 12:58 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 12:58 - 2016-04-09 08:54 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 12:58 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 12:58 - 2016-04-09 07:40 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 12:58 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 12:58 - 2016-04-06 12:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 12:58 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 12:57 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 12:57 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 12:57 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 12:57 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 12:57 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-05-11 12:57 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 12:56 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 12:56 - 2016-04-09 08:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 12:56 - 2016-04-09 08:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 12:56 - 2016-04-09 08:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 12:56 - 2016-04-09 08:59 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 12:56 - 2016-04-09 08:57 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 12:56 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 12:56 - 2016-04-09 07:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 12:56 - 2016-04-09 07:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 12:56 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 12:56 - 2016-04-09 07:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 12:56 - 2016-04-09 07:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 12:56 - 2016-04-09 07:40 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 12:56 - 2016-04-09 07:38 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 12:56 - 2016-04-09 07:38 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 12:56 - 2016-04-09 07:38 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 12:56 - 2016-04-09 07:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 12:56 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 12:56 - 2016-04-09 07:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 12:56 - 2016-04-09 07:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-09 14:30 - 2016-05-09 14:30 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\GHISLER
2016-05-09 14:30 - 2016-05-09 14:30 - 00000000 ____D C:\Program Files\Total Commander
2016-05-09 13:28 - 2016-05-09 13:28 - 00001096 _____ C:\Users\Lenka\Desktop\cc_20160509_132819.reg
2016-05-09 13:28 - 2016-05-09 13:28 - 00000000 ____D C:\Users\Lenka\AppData\Local\Skype
2016-05-09 13:18 - 2016-05-09 13:22 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\ConMet
2016-05-09 13:18 - 2016-05-09 13:22 - 00000000 ____D C:\ProgramData\ConMet
2016-05-08 22:06 - 2016-05-08 22:06 - 00002294 _____ C:\Users\Lenka\Desktop\cc_20160508_220617.reg
2016-05-08 18:33 - 2016-05-08 18:33 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\IsolatedStorage
2016-05-08 18:33 - 2016-05-08 18:33 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\DigitalVolcano
2016-05-08 18:33 - 2016-05-08 18:33 - 00000000 ____D C:\ProgramData\IsolatedStorage
2016-05-08 18:30 - 2016-05-12 16:43 - 00000000 ____D C:\Program Files\Duplicate Cleaner Pro
2016-05-08 17:50 - 2016-05-08 17:50 - 00149940 _____ C:\Users\Lenka\Desktop\cc_20160508_175020.reg
2016-05-08 17:13 - 2016-05-08 17:13 - 00000042 _____ C:\Windows\system32\QAPPKM_UKDFC.pnc
2016-05-08 17:12 - 2016-05-08 17:12 - 00000042 _____ C:\Windows\system32\DuplicateFileCleaner.lie
2016-05-06 22:42 - 2016-05-11 20:12 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-04 21:30 - 2016-05-04 21:30 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Malwarebytes
2016-05-04 20:56 - 2016-05-06 15:32 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-04 20:56 - 2016-05-06 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-04 20:56 - 2016-05-06 15:32 - 00000000 ____D C:\Program Files\WinRAR
2016-05-04 20:56 - 2016-05-04 20:59 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\WinRAR
2016-04-30 22:58 - 2016-04-30 22:58 - 00002684 _____ C:\Users\Lenka\Desktop\BitTorrent.lnk
2016-04-30 22:58 - 2016-04-30 22:58 - 00002684 _____ C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-04-30 22:52 - 2016-05-07 21:20 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\BitTorrent
2016-04-15 21:16 - 2016-04-15 21:16 - 00001782 _____ C:\Users\Lenka\Desktop\Samsung Drive Manager.lnk
2016-04-15 21:16 - 2016-04-15 21:16 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-04-15 21:16 - 2016-04-15 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-04-15 21:16 - 2016-04-15 21:16 - 00000000 ____D C:\Program Files\Clarus
2016-04-13 15:28 - 2016-03-18 00:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 15:28 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 15:28 - 2016-03-18 00:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 15:28 - 2016-03-18 00:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 15:28 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 15:28 - 2016-03-17 23:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 15:28 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 15:28 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 15:28 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 15:28 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 15:28 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-04-13 15:28 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 15:28 - 2016-02-02 20:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 15:27 - 2016-04-04 19:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 15:27 - 2016-04-04 19:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 15:27 - 2016-04-02 15:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 15:27 - 2016-03-23 16:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 15:27 - 2016-03-17 20:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 15:27 - 2016-03-17 20:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 15:27 - 2016-03-17 20:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 15:27 - 2016-03-17 20:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 15:27 - 2016-03-16 01:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 15:27 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 15:27 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 15:27 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 15:27 - 2016-02-05 20:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 15:27 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 15:27 - 2016-01-21 02:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 15:27 - 2015-06-03 22:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-13 16:27 - 2014-01-28 16:59 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 16:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-13 16:20 - 2014-01-28 17:01 - 00002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 16:20 - 2014-01-28 17:01 - 00002137 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 16:18 - 2009-07-14 06:34 - 00026096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-13 16:18 - 2009-07-14 06:34 - 00026096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-13 16:04 - 2014-01-28 16:59 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-13 15:47 - 2013-11-22 18:08 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-12 22:22 - 2015-02-07 21:09 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 21:38 - 2013-11-16 15:02 - 00000000 ____D C:\Users\Lenka
2016-05-12 19:47 - 2013-11-22 18:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-12 19:47 - 2013-11-22 18:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-12 17:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2016-05-12 14:15 - 2013-11-16 23:54 - 00668542 _____ C:\Windows\system32\perfh005.dat
2016-05-12 14:15 - 2013-11-16 23:54 - 00141202 _____ C:\Windows\system32\perfc005.dat
2016-05-12 14:15 - 2010-11-20 23:01 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-12 14:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-05-12 14:10 - 2009-07-14 06:33 - 00408976 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 14:08 - 2010-11-21 02:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 10:58 - 2015-02-07 21:00 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 10:48 - 2015-02-07 21:00 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 22:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PLA
2016-05-11 17:56 - 2013-11-16 15:02 - 00000000 ____D C:\Users\Lenka\AppData\Local\VirtualStore
2016-05-11 16:27 - 2016-04-12 18:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-09 21:45 - 2013-12-01 12:12 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\vlc
2016-05-09 13:34 - 2013-11-22 18:14 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Skype
2016-05-08 14:39 - 2014-05-27 18:03 - 00000000 ____D C:\Users\Lenka\AppData\Local\ElevatedDiagnostics
2016-05-07 20:07 - 2015-08-26 15:05 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-06 15:32 - 2015-08-24 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-05-06 15:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2016-05-06 15:31 - 2016-04-05 13:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-06 15:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2016-05-06 15:30 - 2013-12-19 15:43 - 00000000 __RHD C:\MSOCache
2016-05-06 15:04 - 2010-11-21 02:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-21 15:05 - 2013-11-22 17:47 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-16 18:30 - 2013-12-19 15:44 - 00000000 ____D C:\Users\Lenka\AppData\Local\Microsoft Help
2016-04-16 16:51 - 2013-11-22 17:30 - 00109280 _____ C:\Users\Lenka\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-14 17:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2016-04-13 13:45 - 2013-12-01 12:11 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-13 13:43 - 2013-12-01 11:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-13 13:26 - 2013-11-22 17:31 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys

==================== Files in the root of some directories =======

2014-02-08 10:38 - 2014-02-16 15:11 - 0000085 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-08 13:28

==================== End of FRST.txt ============================


Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-05-2016
Ran by Lenka (2016-05-13 16:32:02)
Running from C:\Users\Lenka\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-11-16 13:02:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2869302318-721886907-1723125176-500 - Administrator - Disabled)
Guest (S-1-5-21-2869302318-721886907-1723125176-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2869302318-721886907-1723125176-1002 - Limited - Enabled)
Lenka (S-1-5-21-2869302318-721886907-1723125176-1001 - Administrator - Enabled) => C:\Users\Lenka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2261 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2869302318-721886907-1723125176-1001\...\BitTorrent) (Version: 7.9.6.42179 - BitTorrent Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: - Elaborate Bytes)
Duplicate Cleaner Free 3.2.7 (HKLM\...\Duplicate Cleaner Free) (Version: 3.2.7 - DigitalVolcano Software Ltd) <==== ATTENTION
eMule (HKLM\...\eMule) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Instagram Downloader (HKLM\...\{4E0ECAF9-33D3-4829-BC0F-C68647990C14}) (Version: 2.1.0.0 - iWesoft)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MPC-HC 1.7.5 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team)
SafeZone Stable 1.48.2066.98 (Version: 1.48.2066.98 - Avast Software) Hidden
Samsung Drive Manager (HKLM\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.172 - Clarus, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.22.8.4668 - Enigma Software Group, LLC)
Total Commander 8.52 8.52 (HKLM\...\Total Commander 8.52 8.52) (Version: 8.52 - Total Commander)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinRAR 5.00 beta 6 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016274DC-5D58-4BFF-B769-D911EACA4A07} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {02CAC08F-2A65-489D-A388-15AF38226144} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {07524ADC-4EEF-47A4-8663-12F640A7C93C} - System32\Tasks\SafeZone scheduled Autoupdate 1459580606 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {27869405-FE46-46EB-95F8-8A1E2FC47C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {32C9526E-E4C1-4BC2-B376-DD52A99C17AE} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {35EF0038-3557-4569-811D-44DB4285F2FA} - System32\Tasks\{5307266E-B8B0-46DC-B91C-D77EFFDF608B} => pcalua.exe -a C:\Users\Lenka\Downloads\eMule0.50a-Installer.exe -d C:\Users\Lenka\Downloads
Task: {54C77A27-748E-4F89-8340-612564C5343F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-12] (AVAST Software)
Task: {69E114DE-903B-4072-9064-1ACC5F326E53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A308F2D3-C5B6-4FD7-973D-E5F00B63E97E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-09] (AVAST Software)
Task: {ACDA0E11-572B-43FD-9B66-08AD1BFC9E3C} - System32\Tasks\{3FF78CEB-070B-4C1D-AE4E-F5D648B21E8D} => pcalua.exe -a G:\WINRAR-4[1].1.65_CZ-+-crack.exe
Task: {D8E3ADEB-5DF9-4468-AFD8-58BD0D2BE08A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-12 20:07 - 2016-04-12 20:07 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-12 20:07 - 2016-04-12 20:07 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-13 14:57 - 2016-05-13 14:57 - 02906112 _____ () C:\Program Files\AVAST Software\Avast\defs\16051300\algo.dll
2016-04-12 20:07 - 2016-04-12 20:07 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-02 09:48 - 2016-04-02 09:48 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2016-05-13 16:20 - 2016-05-11 13:48 - 01738904 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 16:20 - 2016-05-11 13:48 - 00086168 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.102\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:AA85915F6C850D4B [98]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2869302318-721886907-1723125176-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.3 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{58151A8A-8058-4073-BFD3-4616DAE941D7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{949A5F1A-4BF3-4524-A3F3-B706D575AF77}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{AE6E17E3-AF0B-4CFF-85F2-D829C26B9DA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{594BB852-4168-4A20-93DB-BE30B7C6F178}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A84D5537-7FF2-42D4-852B-470AD0959642}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{93141D7B-A8AC-4427-B2A6-38A2B307E888}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{7D9710F0-0712-479E-9571-5A0CA85D1F2C}C:\program files\emule\emule.exe] => (Allow) C:\program files\emule\emule.exe
FirewallRules: [UDP Query User{782BAC00-1049-428D-ACDA-633F0B14DFD3}C:\program files\emule\emule.exe] => (Allow) C:\program files\emule\emule.exe
FirewallRules: [{609ACF83-068A-4433-BB67-E5B267FF6E20}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{92FD7301-1BA1-4D39-A22A-27DA5FE0A1B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{966318B5-BC15-4FEF-8C35-A8BDB64C30AF}] => (Allow) C:\Users\Lenka\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F7077182-C4CC-40AA-852C-799174601ECC}] => (Allow) C:\Users\Lenka\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F6DF2567-2E9B-44DF-BC27-839C6FB35D40}] => (Allow) C:\Users\Lenka\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{606BD4B5-FA0D-499C-B46C-8938697F27FA}] => (Allow) C:\Users\Lenka\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{78F7BC29-27EF-4186-BD28-80744ABCFBE6}] => (Allow) C:\Users\Lenka\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4D635967-CE89-4BE0-9362-88C9604F10BF}] => (Allow) C:\Users\Lenka\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B4DF99ED-7757-4515-A6E3-FCE3A8CD1747}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C321545C-6A2E-4542-896C-6A460733A3CF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{50D6F107-CA06-4031-A2FB-1A6B058B8ABF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-05-2016 12:56:52 Windows Update
12-05-2016 10:38:46 Windows Update
12-05-2016 22:22:33 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2016 04:27:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2016 04:22:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2016 02:57:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2016 09:50:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (05/12/2016 09:06:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2016 07:31:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2016 05:49:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2016 03:40:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2016 03:14:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2016 02:11:52 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020


System errors:
=============
Error: (05/13/2016 04:27:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:25:40, ‎13.‎5.‎2016) bylo neočekávané.

Error: (05/13/2016 04:20:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/11/2016 08:09:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MBAMService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/08/2016 12:47:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MBAMScheduler byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/08/2016 12:47:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MBAMService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/06/2016 10:51:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024200d): Aktualizace systému Windows 7 (KB3035583).

Error: (05/06/2016 03:17:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba MBAMService přestala během spouštění reagovat.

Error: (05/06/2016 03:16:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MBAMScheduler neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (05/06/2016 03:16:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby MBAMScheduler bylo dosaženo časového limitu (30000 ms).

Error: (05/06/2016 03:08:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba MBAMService přestala během spouštění reagovat.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 53%
Total physical RAM: 3549.12 MB
Available physical RAM: 1647.92 MB
Total Virtual: 7096.56 MB
Available Virtual: 5232.98 MB

==================== Drives ================================

Drive c: (SYSTEM 7) (Fixed) (Total:244.14 GB) (Free:204.12 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (STORE) (Fixed) (Total:454.49 GB) (Free:24.67 GB) NTFS
Drive f: (SYSTEM XP) (Fixed) (Total:97.65 GB) (Free:16.22 GB) NTFS
Drive g: (SKLAD XP) (Fixed) (Total:368.1 GB) (Free:4.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0D7649D2)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 03FE03FD)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

#21 Příspěvek od altrok »

:arrow: Po restartu dejte vedet, jak se PC chova.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-2869302318-721886907-1723125176-1001\...\Run: [windows] => wscript.exe //B "C:\Users\Lenka\AppData\Local\Temp\windows.vbs" <===== ATTENTION
Startup: C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=3523&t=01
2016-05-11 13:17 - 2016-05-11 13:17 - 00000000 ____D C:\Program Files\trend micro
Task: {35EF0038-3557-4569-811D-44DB4285F2FA} - System32\Tasks\{5307266E-B8B0-46DC-B91C-D77EFFDF608B} => pcalua.exe -a C:\Users\Lenka\Downloads\eMule0.50a-Installer.exe -d C:\Users\Lenka\Downloads
Task: {ACDA0E11-572B-43FD-9B66-08AD1BFC9E3C} - System32\Tasks\{3FF78CEB-070B-4C1D-AE4E-F5D648B21E8D} => pcalua.exe -a G:\WINRAR-4[1].1.65_CZ-+-crack.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Windows:AA85915F6C850D4B [98]
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
joj
Návštěvník
Návštěvník
Příspěvky: 151
Registrován: 10 říj 2013 13:01

Re: Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

#22 Příspěvek od joj »

Přikládám fixlog a spouštím kontrolu MBAM, jestli ta havěť zmizela:

Fix result of Farbar Recovery Scan Tool (x86) Version:09-05-2016
Ran by Lenka (2016-05-14 11:31:58) Run:2
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-2869302318-721886907-1723125176-1001\...\Run: [windows] => wscript.exe //B "C:\Users\Lenka\AppData\Local\Temp\windows.vbs" <===== ATTENTION
Startup: C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=3523&t=01
2016-05-11 13:17 - 2016-05-11 13:17 - 00000000 ____D C:\Program Files\trend micro
Task: {35EF0038-3557-4569-811D-44DB4285F2FA} - System32\Tasks\{5307266E-B8B0-46DC-B91C-D77EFFDF608B} => pcalua.exe -a C:\Users\Lenka\Downloads\eMule0.50a-Installer.exe -d C:\Users\Lenka\Downloads
Task: {ACDA0E11-572B-43FD-9B66-08AD1BFC9E3C} - System32\Tasks\{3FF78CEB-070B-4C1D-AE4E-F5D648B21E8D} => pcalua.exe -a G:\WINRAR-4[1].1.65_CZ-+-crack.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Windows:AA85915F6C850D4B [98]
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value removed successfully.
HKU\S-1-5-21-2869302318-721886907-1723125176-1001\Software\Microsoft\Windows\CurrentVersion\Run\\windows => value removed successfully.
C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
Chrome HomePage => removed successfully.
C:\Program Files\trend micro => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35EF0038-3557-4569-811D-44DB4285F2FA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35EF0038-3557-4569-811D-44DB4285F2FA}" => key removed successfully.
C:\Windows\System32\Tasks\{5307266E-B8B0-46DC-B91C-D77EFFDF608B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5307266E-B8B0-46DC-B91C-D77EFFDF608B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACDA0E11-572B-43FD-9B66-08AD1BFC9E3C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACDA0E11-572B-43FD-9B66-08AD1BFC9E3C}" => key removed successfully.
C:\Windows\System32\Tasks\{3FF78CEB-070B-4C1D-AE4E-F5D648B21E8D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FF78CEB-070B-4C1D-AE4E-F5D648B21E8D}" => key removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows => ":AA85915F6C850D4B" ADS removed successfully..
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 631.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:32:37 ====
Nahoru
joj
Návštěvník
Návštěvník
Příspěvky: 151
Registrován: 10 říj 2013 13:01

Re: Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

#23 Příspěvek od joj »

Uf. Tak to vypadá, že je havěť pryč. Takže zatím díky moc.
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu logu - Avast hlásí Infekce URL:Mal

#24 Příspěvek od altrok »

Takze jeste uklidime.
Kdyztak se jeste ozvete, ale melo by to ted byt v poradku.

I za kolegu, nemate zac :)
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“