Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Tomáš (administrator) on TOMASPC (25-08-2016 11:48:12)
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(StagWare) C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-17] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [Spotify Web Helper] => C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-20] (Spotify Ltd)
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [windows] => wscript.exe //B "C:\Users\TOM~1\AppData\Local\Temp\windows.vbs" <===== ATTENTION
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-24] (AVAST Software)
Startup: C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6FD0246E-E0CC-493D-A72F-06015BBE4AF9}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-508856505-97066582-1914413276-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\it11cpe7.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Překladač Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-07-24]
CHR Extension: (Prezentace Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-24]
CHR Extension: (Super Netflix) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aioencjhbaolepcoappllicjebblphoc [2016-08-21]
CHR Extension: (Dokumenty Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-24]
CHR Extension: (Disk Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-24]
CHR Extension: (YouTube) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-24]
CHR Extension: (uBlock Origin) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-17]
CHR Extension: (Kalendář Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-07-24]
CHR Extension: (Tabulky Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-24]
CHR Extension: (Word Online) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2016-07-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-24]
CHR Extension: (Pocket Website) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2016-07-24]
CHR Extension: (Google Play) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-07-24]
CHR Extension: (Evernote Web) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-07-24]
CHR Extension: (Save to Pocket) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-08-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-24]
CHR Extension: (Readability) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-07-27]
CHR Extension: (Gmail) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR HKU\S-1-5-21-508856505-97066582-1914413276-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - <no Path/update_url>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-24] (AVAST Software)
R2 fpCsEvtSvc; C:\Windows\system32\fpCSEvtSvc.exe [13824 2015-04-28] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-12-04] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-22] (Intel Corporation)
R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2015-12-08] (StagWare) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [53248 2015-06-10] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-17] (AVAST Software)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [28376 2014-05-15] (Hewlett-Packard Company)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2016-07-25] (OpenLibSys.org)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-25 11:48 - 2016-08-25 11:48 - 00015793 _____ C:\Users\Tomáš\Desktop\FRST.txt
2016-08-25 11:46 - 2016-08-25 11:46 - 02396672 _____ (Farbar) C:\Users\Tomáš\Desktop\FRST64.exe
2016-08-24 21:04 - 2016-08-24 21:04 - 00333473 _____ C:\Users\Tomáš\Downloads\28271-18-38255.zip
2016-08-24 20:05 - 2016-08-24 20:46 - 00000000 ____D C:\Users\Tomáš\Downloads\Watchmen Ultimate Cut (2009) [1080p]
2016-08-24 13:14 - 2016-08-24 13:40 - 00000000 ____D C:\Users\Tomáš\Downloads\Harry Potter and the Goblet of Fire (2005) [1080p]
2016-08-24 12:48 - 2016-08-24 13:08 - 00000000 ____D C:\Users\Tomáš\Downloads\Harry Potter and the Order of the Phoenix (2007) [1080p]
2016-08-18 13:45 - 2016-08-25 11:43 - 00000000 ___RD C:\Users\Tomáš\Disk Google
2016-08-18 13:44 - 2016-08-18 13:44 - 00987728 _____ (Google Inc.) C:\Users\Tomáš\Downloads\googledrivesync.exe
2016-08-18 13:44 - 2016-08-18 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-17 21:15 - 2016-08-18 21:42 - 00000000 ____D C:\Users\Tomáš\Desktop\Playlist
2016-08-17 17:44 - 2016-08-24 20:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-17 17:44 - 2016-08-17 17:44 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-17 17:44 - 2016-08-17 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-17 17:44 - 2016-08-17 17:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-17 17:44 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-17 17:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-17 17:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-17 17:43 - 2016-08-17 17:43 - 22851472 _____ (Malwarebytes ) C:\Users\Tomáš\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-17 17:36 - 2016-08-17 17:36 - 03784256 _____ C:\Users\Tomáš\Desktop\adwcleaner_6.000.exe
2016-08-17 12:26 - 2016-08-17 12:26 - 00284816 _____ C:\Windows\Minidump\081716-54765-01.dmp
2016-08-17 11:15 - 2016-08-17 11:15 - 05087668 _____ C:\Users\Tomáš\Downloads\Teige_Karel_O_humoru_clownech_a_dadaistech_I_Svet_ktery_se_smeje.pdf
2016-08-03 20:07 - 2016-08-03 20:07 - 00456021 _____ C:\Users\Tomáš\Downloads\Sachove-figurky---Peter-May.epub
2016-08-03 20:06 - 2016-08-03 20:06 - 00314149 _____ C:\Users\Tomáš\Downloads\Muž-z-ostrova-Lewis---May.epub
2016-08-02 20:46 - 2016-08-02 20:46 - 00072192 _____ C:\Users\Tomáš\Downloads\cykloman-2016-07-30-paperman-triatlon-vysledky.xls
2016-08-02 10:31 - 2016-08-02 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-08-01 19:12 - 2016-08-25 11:48 - 00000000 ____D C:\FRST
2016-08-01 11:06 - 2016-08-01 11:15 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Mozilla
2016-08-01 11:06 - 2016-08-01 11:06 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Mozilla
2016-08-01 11:06 - 2016-08-01 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-31 00:14 - 2016-08-17 11:25 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-31 00:14 - 2016-08-17 11:25 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-31 00:13 - 2016-08-25 11:43 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-31 00:13 - 2016-08-25 11:24 - 00000976 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-31 00:13 - 2016-07-31 00:19 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-31 00:13 - 2016-07-31 00:19 - 00003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-31 00:13 - 2016-07-31 00:13 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Deployment
2016-07-31 00:13 - 2016-07-31 00:13 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Apps\2.0
2016-07-30 23:25 - 2016-07-30 23:25 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\KSafe
2016-07-30 23:25 - 2016-07-30 23:25 - 00000000 ____D C:\ProgramData\KSafe
2016-07-30 23:25 - 2016-07-30 23:25 - 00000000 ____D C:\Program Files (x86)\DllTool
2016-07-30 11:26 - 2016-07-30 11:26 - 00284816 _____ C:\Windows\Minidump\073016-29406-01.dmp
2016-07-29 16:15 - 2016-07-29 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-07-29 16:11 - 2016-08-20 18:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-07-29 16:11 - 2016-07-29 16:11 - 00000000 ____D C:\Users\Tomáš\AppData\Local\AMD
2016-07-29 16:10 - 2016-08-20 18:38 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Battle.net
2016-07-29 16:10 - 2016-07-29 16:10 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Blizzard Entertainment
2016-07-29 16:10 - 2016-07-29 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-07-29 16:10 - 2016-07-29 16:10 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-07-29 16:09 - 2016-08-20 18:22 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-29 16:08 - 2016-07-29 16:11 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Battle.net
2016-07-29 16:07 - 2016-07-29 16:08 - 00000000 ____D C:\ProgramData\Battle.net
2016-07-29 12:39 - 2016-08-02 10:31 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-07-29 12:39 - 2016-08-02 10:30 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Garmin
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Garmin_Ltd._or_its_subsid
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\ProgramData\Garmin
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\Program Files\DIFX
2016-07-28 21:08 - 2016-07-28 21:08 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Macromedia
2016-07-28 20:26 - 2016-07-28 20:26 - 00000000 ____D C:\Users\Tomáš\Documents\League of Legends
2016-07-28 20:23 - 2016-07-28 20:23 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\LolClient
2016-07-28 18:13 - 2016-07-28 18:13 - 00000000 ____D C:\ProgramData\Riot Games
2016-07-28 18:11 - 2016-07-28 18:11 - 00000000 ____D C:\Riot Games
2016-07-28 18:11 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-07-28 18:11 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-07-28 18:11 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-07-28 18:11 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-07-28 18:11 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-07-28 18:07 - 2016-07-28 18:11 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Riot Games
2016-07-28 15:19 - 2016-07-28 15:19 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Steam
2016-07-28 15:16 - 2016-07-30 17:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-28 15:16 - 2016-07-28 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-27 19:42 - 2016-08-17 12:26 - 00000000 ____D C:\Windows\Minidump
2016-07-27 19:42 - 2016-07-27 19:42 - 00284872 _____ C:\Windows\Minidump\072716-25421-01.dmp
2016-07-27 19:41 - 2016-08-17 12:25 - 721902892 _____ C:\Windows\MEMORY.DMP
2016-07-27 18:19 - 2016-08-23 23:18 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Spotify
2016-07-27 18:19 - 2016-07-27 18:19 - 00001799 _____ C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-07-27 18:18 - 2016-08-23 22:25 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Spotify
2016-07-27 15:33 - 2016-07-27 15:33 - 00000000 ____D C:\Users\Tomáš\Documents\T
2016-07-27 15:14 - 2016-07-27 15:14 - 00000000 ____D C:\Users\Tomáš\AppData\Local\GHISLER
2016-07-27 15:10 - 2016-07-27 15:11 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\GHISLER
2016-07-27 15:10 - 2016-07-27 15:10 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-07-27 15:10 - 2016-07-27 15:10 - 00000000 ____D C:\Program Files (x86)\totalcmd
2016-07-27 15:02 - 2016-08-24 21:05 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\SumatraPDF
2016-07-27 15:02 - 2016-07-27 15:02 - 00001883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2016-07-27 15:02 - 2016-07-27 15:02 - 00000000 ____D C:\Program Files\SumatraPDF
2016-07-26 12:13 - 2016-08-17 17:38 - 00000000 ____D C:\AdwCleaner
2016-07-26 11:36 - 2016-07-26 11:36 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-26 11:36 - 2016-07-26 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-26 11:36 - 2016-07-26 11:36 - 00000000 ____D C:\Program Files\CCleaner
2016-07-26 11:33 - 2016-07-26 11:33 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2016-07-26 11:33 - 2016-07-26 11:33 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2016-07-26 11:33 - 2016-07-26 11:33 - 00003364 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2016-07-26 11:33 - 2010-12-06 04:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2016-07-26 10:26 - 2016-07-26 10:28 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Seznam.cz
2016-07-26 10:17 - 2016-07-26 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Windows\PCHEALTH
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-07-26 10:14 - 2016-07-26 10:14 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-07-26 10:14 - 2016-07-26 10:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-07-26 10:13 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-07-26 10:13 - 2016-07-26 10:13 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Microsoft Help
2016-07-26 10:13 - 2016-07-26 10:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-26 10:08 - 2016-07-26 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-26 10:08 - 2016-07-26 10:08 - 00000000 ____D C:\Program Files\7-Zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-25 11:43 - 2016-07-25 18:09 - 00000000 __SHD C:\Users\Tomáš\IntelGraphicsProfiles
2016-08-25 11:43 - 2016-07-24 13:43 - 00000000 ___DO C:\Users\Tomáš\SkyDrive
2016-08-25 11:30 - 2013-09-30 06:20 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-25 11:30 - 2013-09-30 05:57 - 00739924 _____ C:\Windows\system32\perfh005.dat
2016-08-25 11:30 - 2013-09-30 05:57 - 00151610 _____ C:\Windows\system32\perfc005.dat
2016-08-25 11:30 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-08-25 11:25 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-24 22:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-08-24 21:30 - 2016-07-24 21:34 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\uTorrent
2016-08-24 21:05 - 2013-12-21 21:06 - 00423049 _____ C:\Users\Tomáš\Downloads\King, Stephen Edwin - Carrie.mobi
2016-08-23 22:17 - 2013-09-30 06:01 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2016-08-23 22:03 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-22 12:39 - 2016-07-24 13:41 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Packages
2016-08-20 23:53 - 2016-07-24 22:58 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\vlc
2016-08-18 13:45 - 2016-07-24 13:41 - 00000000 ____D C:\Users\Tomáš
2016-08-18 13:44 - 2016-07-24 20:37 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Google
2016-08-18 13:44 - 2016-07-24 20:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-17 21:45 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\FileManager
2016-08-17 17:38 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-17 12:47 - 2016-07-24 20:30 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-508856505-97066582-1914413276-1001
2016-08-17 10:55 - 2016-07-24 20:36 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-02 10:31 - 2016-07-25 00:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-27 15:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-07-27 15:45 - 2016-07-24 14:24 - 00000000 ____D C:\Windows.old.002
2016-07-27 15:41 - 2016-07-24 13:28 - 00000000 ____D C:\Windows.old.001
2016-07-27 14:59 - 2016-07-24 11:01 - 00000000 ____D C:\Windows.old.000
2016-07-26 11:59 - 2013-08-22 16:44 - 00415728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-26 11:37 - 2016-07-24 14:29 - 00000000 ____D C:\Windows\Panther
2016-07-26 10:16 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-26 10:16 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-26 10:14 - 2013-09-30 06:01 - 00000000 ____D C:\Windows\ShellNew
Some files in TEMP:
====================
C:\Users\Tomáš\AppData\Local\Temp\libeay32.dll
C:\Users\Tomáš\AppData\Local\Temp\msvcr120.dll
C:\Users\Tomáš\AppData\Local\Temp\sqlite3.dll
C:\Users\Tomáš\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-17 11:42
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Malware??
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Malware??
- Přílohy
-
- Addition.zip
- (5.75 KiB) Staženo 78 x
Re: Malware??
Napiste mi velikost adresare plochy (C:\Users\Tomáš\Plocha) Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [windows] => wscript.exe //B "C:\Users\TOM~1\AppData\Local\Temp\windows.vbs" <===== ATTENTION
Startup: C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
Reboot:
EndKliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Malware??
Velikost adresáře plochy: 437 bajtů
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Tomáš (25-08-2016 14:37:53) Run:1
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [windows] => wscript.exe //B "C:\Users\TOM~1\AppData\Local\Temp\windows.vbs" <===== ATTENTION
Startup: C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-508856505-97066582-1914413276-1001\Software\Microsoft\Windows\CurrentVersion\Run\\windows => value removed successfully
C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16027479 B
Java, Flash, Steam htmlcache => 602 B
Windows/system/drivers => 54371679 B
Edge => 0 B
Chrome => 780308838 B
Firefox => 16665354 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 30752 B
NetworkService => 0 B
Tomáš => 60944484 B
RecycleBin => 139901 B
EmptyTemp: => 893.5 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:38:40 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Tomáš (25-08-2016 14:37:53) Run:1
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [windows] => wscript.exe //B "C:\Users\TOM~1\AppData\Local\Temp\windows.vbs" <===== ATTENTION
Startup: C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-508856505-97066582-1914413276-1001\Software\Microsoft\Windows\CurrentVersion\Run\\windows => value removed successfully
C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16027479 B
Java, Flash, Steam htmlcache => 602 B
Windows/system/drivers => 54371679 B
Edge => 0 B
Chrome => 780308838 B
Firefox => 16665354 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 30752 B
NetworkService => 0 B
Tomáš => 60944484 B
RecycleBin => 139901 B
EmptyTemp: => 893.5 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:38:40 ====
Re: Malware??
To jste se dival nejspis spatne. Na plose mate treba FRST a i to samotne ma vicTTommikk píše:Velikost adresáře plochy: 437 bajtů
Tohle bude velikost te ikonky slozky. Ja chtel velikost jejiho obsahu 
Dejte jeste novy log z FRST, at vidim, jestli je to pryc, nebo se to zase vratilo.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Malware??
Pardon, oprava - 54,1 MB
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Tomáš (administrator) on TOMASPC (25-08-2016 21:37:55)
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(StagWare) C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-17] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [Spotify Web Helper] => C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-20] (Spotify Ltd)
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-24] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6FD0246E-E0CC-493D-A72F-06015BBE4AF9}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-508856505-97066582-1914413276-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\it11cpe7.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Překladač Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-07-24]
CHR Extension: (Prezentace Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-24]
CHR Extension: (Super Netflix) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aioencjhbaolepcoappllicjebblphoc [2016-08-21]
CHR Extension: (Dokumenty Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-24]
CHR Extension: (Disk Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-24]
CHR Extension: (YouTube) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-24]
CHR Extension: (uBlock Origin) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-17]
CHR Extension: (Kalendář Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-07-24]
CHR Extension: (Tabulky Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-24]
CHR Extension: (Word Online) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2016-07-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-24]
CHR Extension: (Pocket Website) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2016-07-24]
CHR Extension: (Google Play) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-07-24]
CHR Extension: (Evernote Web) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-07-24]
CHR Extension: (Save to Pocket) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-08-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-24]
CHR Extension: (Readability) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-07-27]
CHR Extension: (Gmail) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR HKU\S-1-5-21-508856505-97066582-1914413276-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - <no Path/update_url>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-24] (AVAST Software)
R2 fpCsEvtSvc; C:\Windows\system32\fpCSEvtSvc.exe [13824 2015-04-28] ()
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-12-04] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-22] (Intel Corporation)
R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2015-12-08] (StagWare) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [53248 2015-06-10] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-17] (AVAST Software)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [28376 2014-05-15] (Hewlett-Packard Company)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2016-07-25] (OpenLibSys.org)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-25 21:37 - 2016-08-25 21:37 - 00000000 ____D C:\Users\Tomáš\Desktop\FRST-OlderVersion
2016-08-25 15:52 - 2016-08-25 15:52 - 00000000 ____D C:\Users\Tomáš\AppData\LocalLow\Obsidian Entertainment
2016-08-25 15:44 - 2016-08-25 15:44 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\www.prekladyher.eu
2016-08-25 15:40 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-08-25 15:40 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-08-25 15:40 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-08-25 15:40 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-08-25 15:40 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-08-25 15:40 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-08-25 15:40 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-08-25 15:40 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-08-25 15:40 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-08-25 15:40 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-08-25 15:40 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-08-25 15:40 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-08-25 15:40 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-08-25 15:40 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-08-25 15:40 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-08-25 15:40 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-08-25 15:40 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-08-25 15:40 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-08-25 15:40 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-08-25 15:40 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-08-25 15:40 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-08-25 15:40 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-08-25 15:40 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-08-25 15:40 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-08-25 15:40 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-08-25 15:40 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-08-25 15:40 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-08-25 15:40 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-08-25 15:40 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-08-25 15:40 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-08-25 15:40 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-08-25 15:40 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-08-25 15:40 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-08-25 15:40 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-08-25 15:40 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-08-25 15:40 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-08-25 15:40 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-08-25 15:40 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-08-25 15:40 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-08-25 15:40 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-08-25 15:40 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-08-25 15:40 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-08-25 15:40 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-08-25 15:40 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-08-25 15:40 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-08-25 15:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-08-25 15:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-08-25 15:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-08-25 15:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-08-25 15:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-08-25 15:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-08-25 15:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-08-25 15:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-08-25 15:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-08-25 15:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-08-25 15:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-08-25 15:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-08-25 15:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-08-25 15:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-08-25 15:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-08-25 15:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-08-25 15:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-08-25 15:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-08-25 15:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-08-25 15:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-08-25 15:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-08-25 15:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-08-25 15:39 - 2016-08-25 15:39 - 00001780 _____ C:\Users\Public\Desktop\Pillars of Eternity.lnk
2016-08-25 15:39 - 2016-08-25 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pillars of Eternity [GOG.com]
2016-08-25 14:37 - 2016-08-25 14:38 - 00002294 _____ C:\Users\Tomáš\Desktop\Fixlog.txt
2016-08-25 12:10 - 2016-08-25 12:49 - 00000000 ____D C:\Users\Tomáš\Downloads\pillars_of_eternity
2016-08-25 12:09 - 2016-08-25 12:09 - 00035188 _____ C:\Users\Tomáš\Downloads\[CzT]Pillars_of_Eternity_v3_02_1008_2015_CZ_.torrent
2016-08-25 11:48 - 2016-08-25 21:38 - 00015285 _____ C:\Users\Tomáš\Desktop\FRST.txt
2016-08-25 11:46 - 2016-08-25 21:37 - 02396160 _____ (Farbar) C:\Users\Tomáš\Desktop\FRST64.exe
2016-08-24 21:04 - 2016-08-24 21:04 - 00333473 _____ C:\Users\Tomáš\Downloads\28271-18-38255.zip
2016-08-24 20:05 - 2016-08-24 20:46 - 00000000 ____D C:\Users\Tomáš\Downloads\Watchmen Ultimate Cut (2009) [1080p]
2016-08-24 13:14 - 2016-08-24 13:40 - 00000000 ____D C:\Users\Tomáš\Downloads\Harry Potter and the Goblet of Fire (2005) [1080p]
2016-08-24 12:48 - 2016-08-24 13:08 - 00000000 ____D C:\Users\Tomáš\Downloads\Harry Potter and the Order of the Phoenix (2007) [1080p]
2016-08-18 13:45 - 2016-08-25 14:41 - 00000000 ___RD C:\Users\Tomáš\Disk Google
2016-08-18 13:44 - 2016-08-18 13:44 - 00987728 _____ (Google Inc.) C:\Users\Tomáš\Downloads\googledrivesync.exe
2016-08-18 13:44 - 2016-08-18 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-17 21:15 - 2016-08-18 21:42 - 00000000 ____D C:\Users\Tomáš\Desktop\Playlist
2016-08-17 17:44 - 2016-08-24 20:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-17 17:44 - 2016-08-17 17:44 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-17 17:44 - 2016-08-17 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-17 17:44 - 2016-08-17 17:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-17 17:44 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-17 17:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-17 17:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-17 17:43 - 2016-08-17 17:43 - 22851472 _____ (Malwarebytes ) C:\Users\Tomáš\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-17 17:36 - 2016-08-17 17:36 - 03784256 _____ C:\Users\Tomáš\Desktop\adwcleaner_6.000.exe
2016-08-17 12:26 - 2016-08-17 12:26 - 00284816 _____ C:\Windows\Minidump\081716-54765-01.dmp
2016-08-17 11:15 - 2016-08-17 11:15 - 05087668 _____ C:\Users\Tomáš\Downloads\Teige_Karel_O_humoru_clownech_a_dadaistech_I_Svet_ktery_se_smeje.pdf
2016-08-03 20:07 - 2016-08-03 20:07 - 00456021 _____ C:\Users\Tomáš\Downloads\Sachove-figurky---Peter-May.epub
2016-08-03 20:06 - 2016-08-03 20:06 - 00314149 _____ C:\Users\Tomáš\Downloads\Muž-z-ostrova-Lewis---May.epub
2016-08-02 20:46 - 2016-08-02 20:46 - 00072192 _____ C:\Users\Tomáš\Downloads\cykloman-2016-07-30-paperman-triatlon-vysledky.xls
2016-08-02 10:31 - 2016-08-02 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-08-01 19:12 - 2016-08-25 21:37 - 00000000 ____D C:\FRST
2016-08-01 11:06 - 2016-08-01 11:15 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Mozilla
2016-08-01 11:06 - 2016-08-01 11:06 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Mozilla
2016-08-01 11:06 - 2016-08-01 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-31 00:14 - 2016-08-17 11:25 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-31 00:14 - 2016-08-17 11:25 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-31 00:13 - 2016-07-31 00:19 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-31 00:13 - 2016-07-31 00:19 - 00003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-31 00:13 - 2016-07-31 00:13 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Deployment
2016-07-31 00:13 - 2016-07-31 00:13 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Apps\2.0
2016-07-30 23:25 - 2016-07-30 23:25 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\KSafe
2016-07-30 23:25 - 2016-07-30 23:25 - 00000000 ____D C:\ProgramData\KSafe
2016-07-30 23:25 - 2016-07-30 23:25 - 00000000 ____D C:\Program Files (x86)\DllTool
2016-07-30 11:26 - 2016-07-30 11:26 - 00284816 _____ C:\Windows\Minidump\073016-29406-01.dmp
2016-07-29 16:15 - 2016-07-29 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-07-29 16:11 - 2016-08-20 18:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-07-29 16:11 - 2016-07-29 16:11 - 00000000 ____D C:\Users\Tomáš\AppData\Local\AMD
2016-07-29 16:10 - 2016-08-20 18:38 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Battle.net
2016-07-29 16:10 - 2016-07-29 16:10 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Blizzard Entertainment
2016-07-29 16:10 - 2016-07-29 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-07-29 16:10 - 2016-07-29 16:10 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-07-29 16:09 - 2016-08-20 18:22 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-29 16:08 - 2016-07-29 16:11 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Battle.net
2016-07-29 16:07 - 2016-07-29 16:08 - 00000000 ____D C:\ProgramData\Battle.net
2016-07-29 12:39 - 2016-08-02 10:31 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-07-29 12:39 - 2016-08-02 10:30 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Garmin
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Garmin_Ltd._or_its_subsid
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\ProgramData\Garmin
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\Program Files\DIFX
2016-07-28 21:08 - 2016-07-28 21:08 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Macromedia
2016-07-28 20:26 - 2016-07-28 20:26 - 00000000 ____D C:\Users\Tomáš\Documents\League of Legends
2016-07-28 20:23 - 2016-07-28 20:23 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\LolClient
2016-07-28 18:13 - 2016-07-28 18:13 - 00000000 ____D C:\ProgramData\Riot Games
2016-07-28 18:11 - 2016-07-28 18:11 - 00000000 ____D C:\Riot Games
2016-07-28 18:11 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-07-28 18:11 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-07-28 18:11 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-07-28 18:11 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-07-28 18:11 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-07-28 18:07 - 2016-07-28 18:11 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Riot Games
2016-07-28 15:19 - 2016-07-28 15:19 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Steam
2016-07-28 15:16 - 2016-07-30 17:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-28 15:16 - 2016-07-28 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-27 19:42 - 2016-08-17 12:26 - 00000000 ____D C:\Windows\Minidump
2016-07-27 19:42 - 2016-07-27 19:42 - 00284872 _____ C:\Windows\Minidump\072716-25421-01.dmp
2016-07-27 19:41 - 2016-08-17 12:25 - 721902892 _____ C:\Windows\MEMORY.DMP
2016-07-27 18:19 - 2016-08-23 23:18 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Spotify
2016-07-27 18:19 - 2016-07-27 18:19 - 00001799 _____ C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-07-27 18:18 - 2016-08-23 22:25 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Spotify
2016-07-27 15:33 - 2016-07-27 15:33 - 00000000 ____D C:\Users\Tomáš\Documents\T
2016-07-27 15:14 - 2016-07-27 15:14 - 00000000 ____D C:\Users\Tomáš\AppData\Local\GHISLER
2016-07-27 15:10 - 2016-07-27 15:11 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\GHISLER
2016-07-27 15:10 - 2016-07-27 15:10 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-07-27 15:10 - 2016-07-27 15:10 - 00000000 ____D C:\Program Files (x86)\totalcmd
2016-07-27 15:02 - 2016-08-24 21:05 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\SumatraPDF
2016-07-27 15:02 - 2016-07-27 15:02 - 00001883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2016-07-27 15:02 - 2016-07-27 15:02 - 00000000 ____D C:\Program Files\SumatraPDF
2016-07-26 12:13 - 2016-08-17 17:38 - 00000000 ____D C:\AdwCleaner
2016-07-26 11:36 - 2016-07-26 11:36 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-26 11:36 - 2016-07-26 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-26 11:36 - 2016-07-26 11:36 - 00000000 ____D C:\Program Files\CCleaner
2016-07-26 11:33 - 2016-07-26 11:33 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2016-07-26 11:33 - 2016-07-26 11:33 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2016-07-26 11:33 - 2016-07-26 11:33 - 00003364 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2016-07-26 11:33 - 2010-12-06 04:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2016-07-26 10:26 - 2016-07-26 10:28 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Seznam.cz
2016-07-26 10:17 - 2016-07-26 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Windows\PCHEALTH
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-07-26 10:14 - 2016-07-26 10:14 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-07-26 10:14 - 2016-07-26 10:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-07-26 10:13 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-07-26 10:13 - 2016-07-26 10:13 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Microsoft Help
2016-07-26 10:13 - 2016-07-26 10:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-26 10:08 - 2016-07-26 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-26 10:08 - 2016-07-26 10:08 - 00000000 ____D C:\Program Files\7-Zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-25 16:38 - 2016-07-24 20:30 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-508856505-97066582-1914413276-1001
2016-08-25 15:28 - 2016-07-04 21:13 - 00000000 ____D C:\GOG Games
2016-08-25 14:55 - 2013-09-30 06:20 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-25 14:55 - 2013-09-30 05:57 - 00739924 _____ C:\Windows\system32\perfh005.dat
2016-08-25 14:55 - 2013-09-30 05:57 - 00151610 _____ C:\Windows\system32\perfc005.dat
2016-08-25 14:55 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-08-25 14:41 - 2016-07-24 13:43 - 00000000 ___DO C:\Users\Tomáš\SkyDrive
2016-08-25 14:40 - 2016-07-25 18:09 - 00000000 __SHD C:\Users\Tomáš\IntelGraphicsProfiles
2016-08-25 14:39 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-25 14:39 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-25 14:32 - 2016-07-24 21:34 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\uTorrent
2016-08-24 22:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-08-24 21:05 - 2013-12-21 21:06 - 00423049 _____ C:\Users\Tomáš\Downloads\King, Stephen Edwin - Carrie.mobi
2016-08-23 22:17 - 2013-09-30 06:01 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2016-08-23 22:03 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-22 12:39 - 2016-07-24 13:41 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Packages
2016-08-20 23:53 - 2016-07-24 22:58 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\vlc
2016-08-18 13:45 - 2016-07-24 13:41 - 00000000 ____D C:\Users\Tomáš
2016-08-18 13:44 - 2016-07-24 20:37 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Google
2016-08-18 13:44 - 2016-07-24 20:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-17 21:45 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\FileManager
2016-08-17 10:55 - 2016-07-24 20:36 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-02 10:31 - 2016-07-25 00:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-27 15:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-07-27 15:45 - 2016-07-24 14:24 - 00000000 ____D C:\Windows.old.002
2016-07-27 15:41 - 2016-07-24 13:28 - 00000000 ____D C:\Windows.old.001
2016-07-27 14:59 - 2016-07-24 11:01 - 00000000 ____D C:\Windows.old.000
2016-07-26 11:59 - 2013-08-22 16:44 - 00415728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-26 11:37 - 2016-07-24 14:29 - 00000000 ____D C:\Windows\Panther
2016-07-26 10:16 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-26 10:16 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-26 10:14 - 2013-09-30 06:01 - 00000000 ____D C:\Windows\ShellNew
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-17 11:42
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Tomáš (administrator) on TOMASPC (25-08-2016 21:37:55)
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(StagWare) C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-17] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [Spotify Web Helper] => C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-20] (Spotify Ltd)
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-508856505-97066582-1914413276-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-24] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6FD0246E-E0CC-493D-A72F-06015BBE4AF9}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-508856505-97066582-1914413276-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\it11cpe7.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Překladač Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-07-24]
CHR Extension: (Prezentace Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-24]
CHR Extension: (Super Netflix) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aioencjhbaolepcoappllicjebblphoc [2016-08-21]
CHR Extension: (Dokumenty Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-24]
CHR Extension: (Disk Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-24]
CHR Extension: (YouTube) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-24]
CHR Extension: (uBlock Origin) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-17]
CHR Extension: (Kalendář Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-07-24]
CHR Extension: (Tabulky Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-24]
CHR Extension: (Word Online) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2016-07-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-24]
CHR Extension: (Pocket Website) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2016-07-24]
CHR Extension: (Google Play) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-07-24]
CHR Extension: (Evernote Web) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-07-24]
CHR Extension: (Save to Pocket) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-08-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-24]
CHR Extension: (Readability) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-07-27]
CHR Extension: (Gmail) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR HKU\S-1-5-21-508856505-97066582-1914413276-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - <no Path/update_url>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-24] (AVAST Software)
R2 fpCsEvtSvc; C:\Windows\system32\fpCSEvtSvc.exe [13824 2015-04-28] ()
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-12-04] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-22] (Intel Corporation)
R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2015-12-08] (StagWare) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [53248 2015-06-10] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-17] (AVAST Software)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [28376 2014-05-15] (Hewlett-Packard Company)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2016-07-25] (OpenLibSys.org)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-25 21:37 - 2016-08-25 21:37 - 00000000 ____D C:\Users\Tomáš\Desktop\FRST-OlderVersion
2016-08-25 15:52 - 2016-08-25 15:52 - 00000000 ____D C:\Users\Tomáš\AppData\LocalLow\Obsidian Entertainment
2016-08-25 15:44 - 2016-08-25 15:44 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\www.prekladyher.eu
2016-08-25 15:40 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-08-25 15:40 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-08-25 15:40 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-08-25 15:40 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-08-25 15:40 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-08-25 15:40 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-08-25 15:40 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-08-25 15:40 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-08-25 15:40 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-08-25 15:40 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-08-25 15:40 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-08-25 15:40 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-08-25 15:40 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-08-25 15:40 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-08-25 15:40 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-08-25 15:40 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-08-25 15:40 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-08-25 15:40 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-08-25 15:40 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-08-25 15:40 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-08-25 15:40 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-08-25 15:40 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-08-25 15:40 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-08-25 15:40 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-08-25 15:40 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-08-25 15:40 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-08-25 15:40 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-08-25 15:40 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-08-25 15:40 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-08-25 15:40 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-08-25 15:40 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-08-25 15:40 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-08-25 15:40 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-08-25 15:40 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-08-25 15:40 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-08-25 15:40 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-08-25 15:40 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-08-25 15:40 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-08-25 15:40 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-08-25 15:40 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-08-25 15:40 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-08-25 15:40 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-08-25 15:40 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-08-25 15:40 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-08-25 15:40 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-08-25 15:40 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-08-25 15:40 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-08-25 15:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-08-25 15:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-08-25 15:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-08-25 15:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-08-25 15:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-08-25 15:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-08-25 15:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-08-25 15:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-08-25 15:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-08-25 15:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-08-25 15:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-08-25 15:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-08-25 15:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-08-25 15:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-08-25 15:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-08-25 15:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-08-25 15:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-08-25 15:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-08-25 15:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-08-25 15:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-08-25 15:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-08-25 15:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-08-25 15:39 - 2016-08-25 15:39 - 00001780 _____ C:\Users\Public\Desktop\Pillars of Eternity.lnk
2016-08-25 15:39 - 2016-08-25 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pillars of Eternity [GOG.com]
2016-08-25 14:37 - 2016-08-25 14:38 - 00002294 _____ C:\Users\Tomáš\Desktop\Fixlog.txt
2016-08-25 12:10 - 2016-08-25 12:49 - 00000000 ____D C:\Users\Tomáš\Downloads\pillars_of_eternity
2016-08-25 12:09 - 2016-08-25 12:09 - 00035188 _____ C:\Users\Tomáš\Downloads\[CzT]Pillars_of_Eternity_v3_02_1008_2015_CZ_.torrent
2016-08-25 11:48 - 2016-08-25 21:38 - 00015285 _____ C:\Users\Tomáš\Desktop\FRST.txt
2016-08-25 11:46 - 2016-08-25 21:37 - 02396160 _____ (Farbar) C:\Users\Tomáš\Desktop\FRST64.exe
2016-08-24 21:04 - 2016-08-24 21:04 - 00333473 _____ C:\Users\Tomáš\Downloads\28271-18-38255.zip
2016-08-24 20:05 - 2016-08-24 20:46 - 00000000 ____D C:\Users\Tomáš\Downloads\Watchmen Ultimate Cut (2009) [1080p]
2016-08-24 13:14 - 2016-08-24 13:40 - 00000000 ____D C:\Users\Tomáš\Downloads\Harry Potter and the Goblet of Fire (2005) [1080p]
2016-08-24 12:48 - 2016-08-24 13:08 - 00000000 ____D C:\Users\Tomáš\Downloads\Harry Potter and the Order of the Phoenix (2007) [1080p]
2016-08-18 13:45 - 2016-08-25 14:41 - 00000000 ___RD C:\Users\Tomáš\Disk Google
2016-08-18 13:44 - 2016-08-18 13:44 - 00987728 _____ (Google Inc.) C:\Users\Tomáš\Downloads\googledrivesync.exe
2016-08-18 13:44 - 2016-08-18 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-17 21:15 - 2016-08-18 21:42 - 00000000 ____D C:\Users\Tomáš\Desktop\Playlist
2016-08-17 17:44 - 2016-08-24 20:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-17 17:44 - 2016-08-17 17:44 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-17 17:44 - 2016-08-17 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-17 17:44 - 2016-08-17 17:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-17 17:44 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-17 17:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-17 17:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-17 17:43 - 2016-08-17 17:43 - 22851472 _____ (Malwarebytes ) C:\Users\Tomáš\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-17 17:36 - 2016-08-17 17:36 - 03784256 _____ C:\Users\Tomáš\Desktop\adwcleaner_6.000.exe
2016-08-17 12:26 - 2016-08-17 12:26 - 00284816 _____ C:\Windows\Minidump\081716-54765-01.dmp
2016-08-17 11:15 - 2016-08-17 11:15 - 05087668 _____ C:\Users\Tomáš\Downloads\Teige_Karel_O_humoru_clownech_a_dadaistech_I_Svet_ktery_se_smeje.pdf
2016-08-03 20:07 - 2016-08-03 20:07 - 00456021 _____ C:\Users\Tomáš\Downloads\Sachove-figurky---Peter-May.epub
2016-08-03 20:06 - 2016-08-03 20:06 - 00314149 _____ C:\Users\Tomáš\Downloads\Muž-z-ostrova-Lewis---May.epub
2016-08-02 20:46 - 2016-08-02 20:46 - 00072192 _____ C:\Users\Tomáš\Downloads\cykloman-2016-07-30-paperman-triatlon-vysledky.xls
2016-08-02 10:31 - 2016-08-02 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-08-01 19:12 - 2016-08-25 21:37 - 00000000 ____D C:\FRST
2016-08-01 11:06 - 2016-08-01 11:15 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Mozilla
2016-08-01 11:06 - 2016-08-01 11:06 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Mozilla
2016-08-01 11:06 - 2016-08-01 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-31 00:14 - 2016-08-17 11:25 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-31 00:14 - 2016-08-17 11:25 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-31 00:13 - 2016-07-31 00:19 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-31 00:13 - 2016-07-31 00:19 - 00003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-31 00:13 - 2016-07-31 00:13 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Deployment
2016-07-31 00:13 - 2016-07-31 00:13 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Apps\2.0
2016-07-30 23:25 - 2016-07-30 23:25 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\KSafe
2016-07-30 23:25 - 2016-07-30 23:25 - 00000000 ____D C:\ProgramData\KSafe
2016-07-30 23:25 - 2016-07-30 23:25 - 00000000 ____D C:\Program Files (x86)\DllTool
2016-07-30 11:26 - 2016-07-30 11:26 - 00284816 _____ C:\Windows\Minidump\073016-29406-01.dmp
2016-07-29 16:15 - 2016-07-29 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-07-29 16:11 - 2016-08-20 18:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-07-29 16:11 - 2016-07-29 16:11 - 00000000 ____D C:\Users\Tomáš\AppData\Local\AMD
2016-07-29 16:10 - 2016-08-20 18:38 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Battle.net
2016-07-29 16:10 - 2016-07-29 16:10 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Blizzard Entertainment
2016-07-29 16:10 - 2016-07-29 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-07-29 16:10 - 2016-07-29 16:10 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-07-29 16:09 - 2016-08-20 18:22 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-29 16:08 - 2016-07-29 16:11 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Battle.net
2016-07-29 16:07 - 2016-07-29 16:08 - 00000000 ____D C:\ProgramData\Battle.net
2016-07-29 12:39 - 2016-08-02 10:31 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-07-29 12:39 - 2016-08-02 10:30 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Garmin
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Garmin_Ltd._or_its_subsid
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\ProgramData\Garmin
2016-07-29 12:39 - 2016-07-29 12:39 - 00000000 ____D C:\Program Files\DIFX
2016-07-28 21:08 - 2016-07-28 21:08 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Macromedia
2016-07-28 20:26 - 2016-07-28 20:26 - 00000000 ____D C:\Users\Tomáš\Documents\League of Legends
2016-07-28 20:23 - 2016-07-28 20:23 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\LolClient
2016-07-28 18:13 - 2016-07-28 18:13 - 00000000 ____D C:\ProgramData\Riot Games
2016-07-28 18:11 - 2016-07-28 18:11 - 00000000 ____D C:\Riot Games
2016-07-28 18:11 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-07-28 18:11 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-07-28 18:11 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-07-28 18:11 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-07-28 18:11 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-07-28 18:07 - 2016-07-28 18:11 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Riot Games
2016-07-28 15:19 - 2016-07-28 15:19 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Steam
2016-07-28 15:16 - 2016-07-30 17:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-28 15:16 - 2016-07-28 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-27 19:42 - 2016-08-17 12:26 - 00000000 ____D C:\Windows\Minidump
2016-07-27 19:42 - 2016-07-27 19:42 - 00284872 _____ C:\Windows\Minidump\072716-25421-01.dmp
2016-07-27 19:41 - 2016-08-17 12:25 - 721902892 _____ C:\Windows\MEMORY.DMP
2016-07-27 18:19 - 2016-08-23 23:18 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Spotify
2016-07-27 18:19 - 2016-07-27 18:19 - 00001799 _____ C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-07-27 18:18 - 2016-08-23 22:25 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Spotify
2016-07-27 15:33 - 2016-07-27 15:33 - 00000000 ____D C:\Users\Tomáš\Documents\T
2016-07-27 15:14 - 2016-07-27 15:14 - 00000000 ____D C:\Users\Tomáš\AppData\Local\GHISLER
2016-07-27 15:10 - 2016-07-27 15:11 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\GHISLER
2016-07-27 15:10 - 2016-07-27 15:10 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-07-27 15:10 - 2016-07-27 15:10 - 00000000 ____D C:\Program Files (x86)\totalcmd
2016-07-27 15:02 - 2016-08-24 21:05 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\SumatraPDF
2016-07-27 15:02 - 2016-07-27 15:02 - 00001883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2016-07-27 15:02 - 2016-07-27 15:02 - 00000000 ____D C:\Program Files\SumatraPDF
2016-07-26 12:13 - 2016-08-17 17:38 - 00000000 ____D C:\AdwCleaner
2016-07-26 11:36 - 2016-07-26 11:36 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-26 11:36 - 2016-07-26 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-26 11:36 - 2016-07-26 11:36 - 00000000 ____D C:\Program Files\CCleaner
2016-07-26 11:33 - 2016-07-26 11:33 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2016-07-26 11:33 - 2016-07-26 11:33 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2016-07-26 11:33 - 2016-07-26 11:33 - 00003364 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2016-07-26 11:33 - 2010-12-06 04:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2016-07-26 10:26 - 2016-07-26 10:28 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Seznam.cz
2016-07-26 10:17 - 2016-07-26 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Windows\PCHEALTH
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-07-26 10:16 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-07-26 10:14 - 2016-07-26 10:14 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-07-26 10:14 - 2016-07-26 10:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-07-26 10:13 - 2016-07-26 10:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-07-26 10:13 - 2016-07-26 10:13 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Microsoft Help
2016-07-26 10:13 - 2016-07-26 10:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-26 10:08 - 2016-07-26 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-26 10:08 - 2016-07-26 10:08 - 00000000 ____D C:\Program Files\7-Zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-25 16:38 - 2016-07-24 20:30 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-508856505-97066582-1914413276-1001
2016-08-25 15:28 - 2016-07-04 21:13 - 00000000 ____D C:\GOG Games
2016-08-25 14:55 - 2013-09-30 06:20 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-25 14:55 - 2013-09-30 05:57 - 00739924 _____ C:\Windows\system32\perfh005.dat
2016-08-25 14:55 - 2013-09-30 05:57 - 00151610 _____ C:\Windows\system32\perfc005.dat
2016-08-25 14:55 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-08-25 14:41 - 2016-07-24 13:43 - 00000000 ___DO C:\Users\Tomáš\SkyDrive
2016-08-25 14:40 - 2016-07-25 18:09 - 00000000 __SHD C:\Users\Tomáš\IntelGraphicsProfiles
2016-08-25 14:39 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-25 14:39 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-25 14:32 - 2016-07-24 21:34 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\uTorrent
2016-08-24 22:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-08-24 21:05 - 2013-12-21 21:06 - 00423049 _____ C:\Users\Tomáš\Downloads\King, Stephen Edwin - Carrie.mobi
2016-08-23 22:17 - 2013-09-30 06:01 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2016-08-23 22:03 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-22 12:39 - 2016-07-24 13:41 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Packages
2016-08-20 23:53 - 2016-07-24 22:58 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\vlc
2016-08-18 13:45 - 2016-07-24 13:41 - 00000000 ____D C:\Users\Tomáš
2016-08-18 13:44 - 2016-07-24 20:37 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Google
2016-08-18 13:44 - 2016-07-24 20:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-17 21:45 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\FileManager
2016-08-17 10:55 - 2016-07-24 20:36 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-02 10:31 - 2016-07-25 00:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-27 15:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-07-27 15:45 - 2016-07-24 14:24 - 00000000 ____D C:\Windows.old.002
2016-07-27 15:41 - 2016-07-24 13:28 - 00000000 ____D C:\Windows.old.001
2016-07-27 14:59 - 2016-07-24 11:01 - 00000000 ____D C:\Windows.old.000
2016-07-26 11:59 - 2013-08-22 16:44 - 00415728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-26 11:37 - 2016-07-24 14:29 - 00000000 ____D C:\Windows\Panther
2016-07-26 10:16 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-26 10:16 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-26 10:14 - 2013-09-30 06:01 - 00000000 ____D C:\Windows\ShellNew
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-17 11:42
==================== End of FRST.txt ============================
Re: Malware??
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) vyosek píše:
- Stahnete a spustte
- Ponechte zatrzitkou pouze u volby Remove disinfection tools
- Kliknete na Run
Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)
Defragmentujte disk(y) (SSD Disky ne!)Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak napiste, jak to s pc vypada.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Malware??
Vše provedeno 
Vypadá to dobře. Děkuji za pomoc a Váš čas.
Vypadá to dobře. Děkuji za pomoc a Váš čas.Re: Malware??
Nemate zac!
Mejte se a treba zase nekdy
Mejte se a treba zase nekdy
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?