Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o preventivku

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Prosím o preventivku

#1 Příspěvek od 3rw0sh »

Dobrý večer, prosím o preventivku. Děkuji mockrát.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Polenovi (administrator) on POLENOVI-PC (28-12-2017 21:27:24)
Running from C:\Users\Polenovi\Desktop
Loaded Profiles: Polenovi (Available Profiles: Polenovi & Monika & Kiki a Táta & Work hard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Discord Inc.) C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe
(f.lux Software LLC) C:\Users\Polenovi\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Creative Technology Ltd) D:\Program Files\Live! Central 3\CTLVCentral3.exe
(Creative Technology Ltd.) C:\Windows\V0700Mon.exe
() D:\Program Files (x86)\Cok Software\Cok Free Auto Clicker\AutoClicker.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Discord Inc.) C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => D:\Program Files\OO Software\Defrag\oodtray.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5120144 2012-05-23] (VIA)
HKLM-x32\...\Run: [Live! Central 3] => D:\Program Files\Live! Central 3\CTLVCentral3.exe [503969 2010-12-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [V0700Mon.exe] => C:\Windows\V0700Mon.exe [28672 2010-08-18] (Creative Technology Ltd.)
HKLM-x32\...\Run: [liandianqi] => D:\Program Files (x86)\Cok Software\Cok Free Auto Clicker\AutoClicker.exe [57344 2012-10-31] ()
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files\Razer Cortex\RazerCortex.exe -autorun
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Facebook Update] => C:\Users\Polenovi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-27] (Facebook Inc.)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Gadwin PrintScreen Pro (64-bit)] => "C:\Program Files\Gadwin\Gadwin PrintScreenPro\PrintScreenPro64.exe" /nosplash
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Dropbox Update] => C:\Users\Polenovi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Discord] => C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [f.lux] => C:\Users\Polenovi\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Polenovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-12-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1005\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{1058A90E-C101-4B40-9E9F-0BB91251E65A}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4BE1BB41-0FBA-492B-8C2B-AEFEB60503A2}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-14] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF DefaultProfile: t5ktwgo0.default
FF ProfilePath: C:\Users\Polenovi\AppData\Roaming\Mozilla\Firefox\Profiles\t5ktwgo0.default [2017-11-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent-x64 -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x64\npPKIComponentNPAPI.dll [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Polenovi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Polenovi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-12-15] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://anonymouse.org/cgi-bin/anon-www.cgi/hxxp://www.google.cz"
CHR Profile: C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default [2017-12-28]
CHR Extension: (Prezentace) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-11]
CHR Extension: (Tabulky) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Avira Browser Safety) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-12]
CHR Extension: (vPopulus Game) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhdhpflnnmfllolkaekcaddacgonfe [2014-12-08]
CHR Extension: (Little Alchemy) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-09]
CHR Extension: (Lightshot (Nástroje snímků)) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2017-08-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-03-20]
CHR Profile: C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-710846368-3565823764-1362206376-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Polenovi\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Polenovi\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128944 2017-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-12-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1526832 2017-12-12] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2017-11-06] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-01-16] () [File not signed]
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153072 2017-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-24] (Avira Operations GmbH & Co. KG)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-08-17] (Digiarty Software, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-12-13] (REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-03-28] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [106360 2007-01-12] (Protection Technology (StarForce))
S3 V0700Vid; C:\Windows\System32\DRIVERS\V0700Vid.sys [393728 2010-10-18] (Creative Technology Ltd.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-28 21:27 - 2017-12-28 21:28 - 000022573 _____ C:\Users\Polenovi\Desktop\FRST.txt
2017-12-28 21:27 - 2017-12-28 21:27 - 000000000 ____D C:\FRST
2017-12-28 21:21 - 2017-12-28 21:22 - 000112640 _____ (forum.viry.cz) C:\Users\Polenovi\Downloads\Nepotvrzeno 94805.crdownload
2017-12-28 21:21 - 2017-12-28 21:21 - 002391552 _____ (Farbar) C:\Users\Polenovi\Desktop\FRST64.exe
2017-12-28 21:20 - 2017-12-28 21:22 - 000000000 ____D C:\AdwCleaner
2017-12-28 21:20 - 2017-12-28 21:20 - 008198432 _____ (Malwarebytes) C:\Users\Polenovi\Downloads\adwcleaner_7.0.6.0.exe
2017-12-28 19:37 - 2017-12-28 19:37 - 003486336 _____ C:\Users\Polenovi\Downloads\Complex-Map.zip
2017-12-28 19:32 - 2017-12-28 19:32 - 009170551 _____ C:\Users\Polenovi\Downloads\server (1).jar
2017-12-28 19:17 - 2017-12-28 19:17 - 012670344 _____ C:\Users\Polenovi\Downloads\Super_Hostile_01_-_Sea_of_Flame_II_v3.0.zip
2017-12-28 19:14 - 2017-12-28 19:14 - 000000000 ____D C:\Users\Polenovi\Downloads\world
2017-12-28 19:08 - 2017-12-28 19:08 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Notzombies
2017-12-27 19:10 - 2017-12-27 19:10 - 000000000 ____D C:\Users\Polenovi\AppData\LocalLow\Total Mayhem Games
2017-12-26 18:34 - 2017-12-26 18:35 - 020421880 _____ C:\Users\Polenovi\Downloads\sumo (1).zip
2017-12-25 20:35 - 2017-12-25 20:35 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Godot
2017-12-25 02:49 - 2017-12-25 02:49 - 014593045 _____ C:\Users\Polenovi\Downloads\sumo.zip
2017-12-17 17:51 - 2017-12-17 17:51 - 000024803 _____ C:\Users\Polenovi\Downloads\fuckinghell.odt
2017-12-15 20:48 - 2017-12-15 20:48 - 000000017 _____ C:\Users\Polenovi\Desktop\Nový textový dokument (3).txt
2017-12-13 20:29 - 2017-12-13 20:29 - 000000000 _____ C:\Users\Polenovi\Desktop\Nový textový dokument (2).txt
2017-12-13 20:18 - 2017-12-13 20:18 - 000027552 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2017-12-13 20:18 - 2017-12-13 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2017-12-13 20:18 - 2017-12-13 20:18 - 000000000 ____D C:\Program Files\HWiNFO64
2017-12-13 20:17 - 2017-12-13 20:18 - 004567432 _____ (Martin Malík - REALiX ) C:\Users\Polenovi\Downloads\hw64_570.exe
2017-12-11 09:58 - 2017-12-11 09:58 - 000062928 _____ C:\Users\Monika\Desktop\Monika ŽL.pdf
2017-12-11 09:55 - 2017-12-11 09:55 - 000387741 _____ C:\Users\Monika\Desktop\Blanka ŽL.pdf
2017-12-08 00:54 - 2017-12-08 00:54 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2017-12-08 00:54 - 2017-12-08 00:54 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2017-12-07 19:57 - 2017-12-07 19:57 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-05 23:57 - 2017-12-05 23:57 - 000243824 _____ C:\Users\Polenovi\Downloads\just creative work.pdf
2017-12-05 23:51 - 2017-12-05 23:51 - 000225547 _____ C:\Users\Polenovi\Downloads\#Marythevirgin.pdf
2017-12-02 20:39 - 2017-12-02 20:39 - 000048794 _____ C:\Users\Polenovi\Downloads\sheet.pdf
2017-11-28 20:50 - 2017-11-28 20:50 - 000000000 _____ C:\Users\Polenovi\Desktop\Nový textový dokument.txt
2017-11-28 12:15 - 2017-12-28 20:12 - 000000000 ____D C:\Users\Polenovi\Documents\OpenTTD
2017-11-28 12:12 - 2017-11-28 12:12 - 007883056 _____ (OpenTTD Developers) C:\Users\Polenovi\Downloads\openttd-1.7.1-windows-win64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-28 21:23 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-28 21:22 - 2017-09-23 12:52 - 000003316 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2017-12-28 21:22 - 2012-12-03 16:56 - 000001351 _____ C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-12-28 21:19 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-28 21:19 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-28 20:18 - 2012-12-07 20:15 - 000000000 ____D C:\Users\Polenovi\AppData\Local\LogMeIn Hamachi
2017-12-28 20:15 - 2016-07-30 20:10 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Factorio
2017-12-28 19:40 - 2017-11-11 22:39 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\.minecraft
2017-12-28 19:39 - 2014-08-17 13:17 - 000000394 _____ C:\Windows\Tasks\update-S-1-5-21-710846368-3565823764-1362206376-1000.job
2017-12-28 19:37 - 2015-06-17 18:40 - 000000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000UA.job
2017-12-28 19:32 - 2017-11-12 16:21 - 000000000 ____D C:\Users\Polenovi\Desktop\srvr
2017-12-28 19:08 - 2017-08-19 19:19 - 000000000 ____D C:\Users\Polenovi\Documents\TrackMania
2017-12-28 19:04 - 2013-12-02 20:18 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-28 18:45 - 2013-02-27 18:40 - 000000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000UA.job
2017-12-28 18:45 - 2013-02-27 18:40 - 000000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000Core.job
2017-12-28 17:50 - 2015-06-17 18:40 - 000000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000Core.job
2017-12-28 16:42 - 2014-08-17 13:17 - 000000394 _____ C:\Windows\Tasks\update-sys.job
2017-12-26 18:48 - 2016-04-12 19:14 - 003917312 ___SH C:\Users\Polenovi\Desktop\Thumbs.db
2017-12-24 14:22 - 2016-08-24 08:38 - 000000644 __RSH C:\Users\Polenovi\ntuser.pol
2017-12-24 14:22 - 2012-12-03 16:30 - 000000000 ____D C:\Users\Polenovi
2017-12-24 11:53 - 2012-12-03 10:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-24 11:51 - 2015-09-18 19:02 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\TS3Client
2017-12-22 18:15 - 2013-05-17 19:29 - 000000000 ___RD C:\Users\Polenovi\Dropbox
2017-12-20 20:21 - 2009-07-14 06:08 - 000032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-17 15:08 - 2013-03-25 16:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-12-17 15:08 - 2013-03-25 16:31 - 000000000 ____D C:\Program Files\Windows Live
2017-12-17 15:08 - 2013-03-25 16:31 - 000000000 ____D C:\Program Files (x86)\Windows Live
2017-12-15 22:52 - 2013-12-30 19:48 - 000000000 ____D C:\Users\Polenovi\Documents\My Games
2017-12-15 20:37 - 2012-12-03 17:48 - 000000000 ____D C:\Users\Polenovi\AppData\Local\Ubisoft Game Launcher
2017-12-15 20:08 - 2014-08-09 19:12 - 000002075 _____ C:\Users\Polenovi\Documents\50 odstínů hnědi.txt
2017-12-15 19:26 - 2012-12-28 21:14 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-13 21:31 - 2017-05-02 11:45 - 000004552 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 21:31 - 2012-12-03 10:17 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 21:31 - 2012-12-03 10:17 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 21:31 - 2012-12-03 10:17 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 21:31 - 2012-12-03 10:17 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-13 19:50 - 2016-08-25 09:01 - 000000940 __RSH C:\Users\Kiki a Táta\ntuser.pol
2017-12-13 19:50 - 2012-12-28 18:00 - 000000000 ____D C:\Users\Kiki a Táta\AppData\Local\Google
2017-12-13 19:50 - 2012-12-03 17:05 - 000000000 ____D C:\Users\Kiki a Táta
2017-12-12 21:25 - 2014-12-28 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-12-12 21:23 - 2014-12-28 22:49 - 000196344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-12-12 21:23 - 2014-12-28 22:49 - 000153072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-12-12 19:26 - 2017-06-16 18:46 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\discord
2017-12-12 19:25 - 2017-06-16 18:46 - 000000000 ____D C:\Users\Polenovi\AppData\Local\Discord
2017-12-12 19:25 - 2015-07-05 12:34 - 000000000 ____D C:\Users\Polenovi\Desktop\Textové Soubory
2017-12-12 12:40 - 2012-12-10 18:04 - 000000000 ____D C:\Users\Monika\AppData\Local\LogMeIn Hamachi
2017-12-12 10:51 - 2012-12-29 11:35 - 000000000 ____D C:\Users\Monika\AppData\Roaming\Skype
2017-12-12 10:49 - 2016-09-11 08:01 - 000000930 __RSH C:\Users\Monika\ntuser.pol
2017-12-12 10:49 - 2012-12-03 16:55 - 000000000 ____D C:\Users\Monika
2017-12-11 09:49 - 2013-02-08 19:52 - 000000000 ____D C:\Users\Monika\AppData\Local\Google
2017-12-08 00:54 - 2017-11-11 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-07 19:57 - 2013-05-17 19:24 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Dropbox
2017-12-02 21:55 - 2017-09-23 12:52 - 000003122 _____ C:\Windows\System32\Tasks\Avira SystrayStartTrigger
2017-12-02 21:55 - 2014-12-28 22:46 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-02 14:38 - 2017-09-03 21:08 - 000000000 ____D C:\Users\Polenovi\Desktop\Scanned
2017-11-29 19:24 - 2015-12-27 09:47 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-29 19:13 - 2015-07-05 12:35 - 000000000 ____D C:\Users\Polenovi\Desktop\Hry mimo Steam

==================== Files in the root of some directories =======

2014-05-20 20:33 - 2014-05-20 20:33 - 000063075 _____ () C:\Users\Polenovi\AppData\Roaming\Crescendo.dmp
2012-12-03 21:49 - 2013-02-01 12:36 - 000703117 _____ () C:\Users\Polenovi\AppData\Roaming\technic-launcher.jar
2012-12-03 21:49 - 2013-01-23 17:37 - 000703104 _____ () C:\Users\Polenovi\AppData\Roaming\technic-launcher.jar.bak
2017-11-05 15:41 - 2017-11-05 15:41 - 000004300 _____ () C:\Users\Polenovi\AppData\Roaming\Zer16AC.tmp
2017-11-05 15:43 - 2017-11-11 17:20 - 000007330 _____ () C:\Users\Polenovi\AppData\Roaming\ZeroBraneStudio.ini
2015-10-22 20:30 - 2017-07-12 19:37 - 000010752 _____ () C:\Users\Polenovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-22 00:04 - 2017-10-22 00:04 - 000000857 _____ () C:\Users\Polenovi\AppData\Local\recently-used.xbel
2015-10-13 16:52 - 2016-06-29 15:43 - 000000700 ___SH () C:\Users\Polenovi\AppData\Local\systemFL7.dat
2014-12-28 22:11 - 2014-12-28 22:11 - 000000003 _____ () C:\Users\Polenovi\AppData\Local\updater.log
2016-12-15 23:24 - 2017-05-07 10:06 - 000000425 _____ () C:\Users\Polenovi\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2015-01-03 11:30 - 2015-01-03 11:30 - 000000000 ____D () C:\Users\Kiki a Táta\AppData\Local\Temp\avgnt.exe
2015-01-07 14:42 - 2015-01-07 14:42 - 000000000 ____D () C:\Users\Monika\AppData\Local\Temp\avgnt.exe
2013-04-05 15:44 - 2013-04-05 15:44 - 000904104 _____ (Oracle Corporation) C:\Users\Monika\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
2013-04-29 22:54 - 2013-04-29 22:54 - 000192512 _____ () C:\Users\Monika\AppData\Local\Temp\sfamcc00001.dll
2013-04-29 22:54 - 2013-04-29 22:54 - 000158720 _____ () C:\Users\Monika\AppData\Local\Temp\sfareca00001.dll
2013-06-16 20:34 - 2013-07-13 20:33 - 031954536 _____ (Skype Technologies S.A.) C:\Users\Monika\AppData\Local\Temp\SkypeSetup.exe
2014-02-01 16:04 - 2014-02-01 16:04 - 000372736 _____ (Babylon Ltd.) C:\Users\Monika\AppData\Local\Temp\uninst1.exe
2017-11-04 17:28 - 2017-11-04 17:28 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1293074186676084891.dll
2017-11-05 14:51 - 2017-11-05 14:51 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1541491266320543309.dll
2017-11-04 17:02 - 2017-11-04 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1917392608150639533.dll
2017-11-04 20:24 - 2017-11-04 20:24 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1947704379741816969.dll
2017-11-08 22:43 - 2017-11-08 22:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-2113263404762285482.dll
2017-11-04 19:34 - 2017-11-04 19:34 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-3267310053797635130.dll
2017-11-04 20:23 - 2017-11-04 20:23 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-3735125059335927498.dll
2017-11-04 20:45 - 2017-11-04 20:45 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-4385420987800280347.dll
2017-11-05 10:01 - 2017-11-05 10:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-4697214846344005917.dll
2017-11-04 19:37 - 2017-11-04 19:37 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-4784733505497370112.dll
2017-11-05 14:14 - 2017-11-05 14:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-502934571337612439.dll
2017-11-04 17:02 - 2017-11-04 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-5043693483082692465.dll
2017-11-04 19:53 - 2017-11-04 19:53 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-5712884989014764782.dll
2017-11-10 19:51 - 2017-11-10 19:51 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-5967542734645956681.dll
2017-11-04 20:33 - 2017-11-04 20:33 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-6041141139673191136.dll
2017-11-10 22:33 - 2017-11-10 22:33 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-6096663573166871287.dll
2017-11-04 17:02 - 2017-11-04 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-8449578744724393618.dll
2017-11-04 17:27 - 2017-11-04 17:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-9032472246240655860.dll
2017-11-11 09:01 - 2017-11-11 09:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-9103544195738110922.dll
2017-10-26 13:15 - 2017-11-11 21:52 - 000192512 _____ () C:\Users\Polenovi\AppData\Local\Temp\sfamcc00001.dll
2017-11-11 21:52 - 2017-11-11 21:52 - 000158720 _____ () C:\Users\Polenovi\AppData\Local\Temp\sfareca00001.dll
2016-08-24 10:20 - 2016-08-24 10:20 - 000000000 ____D () C:\Users\Work hard\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-19 22:04

==================== End of FRST.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o preventivku

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Re: Prosím o preventivku

#3 Příspěvek od 3rw0sh »

Dobrý večer, po skenování se objevil tento log, po čištění pak ten následující:

# AdwCleaner 7.0.6.0 - Logfile created on Sat Dec 30 19:33:48 2017
# Updated on 2017/21/12 by Malwarebytes
# Database: 12-29-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4920 B] - [2017/12/28 20:22:35]
C:/AdwCleaner/AdwCleaner[S0].txt - [5473 B] - [2017/12/28 20:22:17]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

-------------------PO ČIŠTĚNÍ------------------------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner 7.0.6.0 - Logfile created on Sat Dec 30 19:34:53 2017
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4920 B] - [2017/12/28 20:22:35]
C:/AdwCleaner/AdwCleaner[S0].txt - [5473 B] - [2017/12/28 20:22:17]
C:/AdwCleaner/AdwCleaner[S1].txt - [1256 B] - [2017/12/30 19:33:48]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o preventivku

#4 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Re: Prosím o preventivku

#5 Příspěvek od 3rw0sh »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Polenovi (administrator) on POLENOVI-PC (30-12-2017 21:52:02)
Running from C:\Users\Polenovi\Desktop
Loaded Profiles: Polenovi (Available Profiles: Polenovi & Monika & Kiki a Táta & Work hard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Discord Inc.) C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe
(f.lux Software LLC) C:\Users\Polenovi\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Creative Technology Ltd) D:\Program Files\Live! Central 3\CTLVCentral3.exe
(Creative Technology Ltd.) C:\Windows\V0700Mon.exe
() D:\Program Files (x86)\Cok Software\Cok Free Auto Clicker\AutoClicker.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Discord Inc.) C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Discord Inc.) C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => D:\Program Files\OO Software\Defrag\oodtray.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5120144 2012-05-23] (VIA)
HKLM-x32\...\Run: [Live! Central 3] => D:\Program Files\Live! Central 3\CTLVCentral3.exe [503969 2010-12-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [V0700Mon.exe] => C:\Windows\V0700Mon.exe [28672 2010-08-18] (Creative Technology Ltd.)
HKLM-x32\...\Run: [liandianqi] => D:\Program Files (x86)\Cok Software\Cok Free Auto Clicker\AutoClicker.exe [57344 2012-10-31] ()
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files\Razer Cortex\RazerCortex.exe -autorun
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Facebook Update] => C:\Users\Polenovi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-27] (Facebook Inc.)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Gadwin PrintScreen Pro (64-bit)] => "C:\Program Files\Gadwin\Gadwin PrintScreenPro\PrintScreenPro64.exe" /nosplash
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Dropbox Update] => C:\Users\Polenovi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Discord] => C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [f.lux] => C:\Users\Polenovi\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Polenovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-12-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1005\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{1058A90E-C101-4B40-9E9F-0BB91251E65A}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4BE1BB41-0FBA-492B-8C2B-AEFEB60503A2}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-14] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF DefaultProfile: t5ktwgo0.default
FF ProfilePath: C:\Users\Polenovi\AppData\Roaming\Mozilla\Firefox\Profiles\t5ktwgo0.default [2017-11-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent-x64 -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x64\npPKIComponentNPAPI.dll [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Polenovi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Polenovi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-12-15] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://anonymouse.org/cgi-bin/anon-www.cgi/hxxp://www.google.cz"
CHR Profile: C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
CHR Extension: (Prezentace) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-11]
CHR Extension: (Tabulky) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Avira Browser Safety) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-12]
CHR Extension: (vPopulus Game) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhdhpflnnmfllolkaekcaddacgonfe [2014-12-08]
CHR Extension: (Little Alchemy) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-09]
CHR Extension: (Lightshot (Nástroje snímků)) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2017-08-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-03-20]
CHR Profile: C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-710846368-3565823764-1362206376-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Polenovi\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Polenovi\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128944 2017-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-12-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1526832 2017-12-12] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2017-11-06] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-01-16] () [File not signed]
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153072 2017-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-24] (Avira Operations GmbH & Co. KG)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-08-17] (Digiarty Software, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-12-13] (REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-03-28] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [106360 2007-01-12] (Protection Technology (StarForce))
R3 V0700Vid; C:\Windows\System32\DRIVERS\V0700Vid.sys [393728 2010-10-18] (Creative Technology Ltd.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 20:43 - 2017-12-30 20:43 - 000001418 _____ C:\Users\Polenovi\Desktop\AdwCleaner[C1].txt
2017-12-30 20:43 - 2017-12-30 20:43 - 000000461 _____ C:\Ostatní (E) – zástupce.lnk
2017-12-30 20:34 - 2017-12-30 20:34 - 000001256 _____ C:\Users\Polenovi\Desktop\AdwCleaner[S1].txt
2017-12-30 20:31 - 2017-12-30 20:31 - 008198432 _____ (Malwarebytes) C:\Users\Polenovi\Desktop\adwcleaner_7.0.6.0 (1).exe
2017-12-29 19:06 - 2017-12-29 19:06 - 000861251 _____ C:\Users\Polenovi\Desktop\Mistr a Markétka.pdf
2017-12-29 13:12 - 2017-12-29 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-28 23:15 - 2017-12-28 23:15 - 000039231 _____ C:\Users\Polenovi\Downloads\For_n-even.pdf
2017-12-28 22:52 - 2017-12-28 22:52 - 001446792 _____ C:\Users\Polenovi\Downloads\SteamSetup.exe
2017-12-28 22:25 - 2017-12-28 22:25 - 000000000 ____D C:\Windows\pss
2017-12-28 22:09 - 2017-12-28 22:09 - 000000000 ____D C:\Users\Polenovi\Desktop\flash disk
2017-12-28 21:57 - 2017-12-28 21:57 - 000000000 ____D C:\Users\Polenovi\Desktop\Nová složka (2)
2017-12-28 21:56 - 2017-12-28 21:56 - 004004509 _____ (Igor Pavlov) C:\Users\Polenovi\Downloads\mb_bios_ga-z77-d3h_f22 (1).exe
2017-12-28 21:55 - 2017-12-28 21:55 - 000000000 ____D C:\Users\Polenovi\Desktop\Nová složka
2017-12-28 21:54 - 2017-12-28 21:54 - 004004509 _____ (Igor Pavlov) C:\Users\Polenovi\Downloads\mb_bios_ga-z77-d3h_f22.exe
2017-12-28 21:54 - 2014-01-06 09:53 - 000000019 _____ C:\Users\Polenovi\Downloads\autoexec.bat
2017-12-28 21:54 - 2013-11-14 01:25 - 008388608 _____ C:\Users\Polenovi\Downloads\Z77D3H.F22
2017-12-28 21:54 - 2012-09-26 07:14 - 000059836 _____ C:\Users\Polenovi\Downloads\Efiflash.exe
2017-12-28 21:27 - 2017-12-30 21:52 - 000023299 _____ C:\Users\Polenovi\Desktop\FRST.txt
2017-12-28 21:27 - 2017-12-30 21:52 - 000000000 ____D C:\FRST
2017-12-28 21:21 - 2017-12-28 21:22 - 000112640 _____ (forum.viry.cz) C:\Users\Polenovi\Downloads\Nepotvrzeno 94805.crdownload
2017-12-28 21:21 - 2017-12-28 21:21 - 002391552 _____ (Farbar) C:\Users\Polenovi\Desktop\FRST64.exe
2017-12-28 21:20 - 2017-12-30 21:48 - 000000000 ____D C:\AdwCleaner
2017-12-28 21:20 - 2017-12-28 21:20 - 008198432 _____ (Malwarebytes) C:\Users\Polenovi\Downloads\adwcleaner_7.0.6.0.exe
2017-12-28 19:37 - 2017-12-28 19:37 - 003486336 _____ C:\Users\Polenovi\Downloads\Complex-Map.zip
2017-12-28 19:32 - 2017-12-28 19:32 - 009170551 _____ C:\Users\Polenovi\Downloads\server (1).jar
2017-12-28 19:17 - 2017-12-28 19:17 - 012670344 _____ C:\Users\Polenovi\Downloads\Super_Hostile_01_-_Sea_of_Flame_II_v3.0.zip
2017-12-28 19:14 - 2017-12-28 19:14 - 000000000 ____D C:\Users\Polenovi\Downloads\world
2017-12-28 19:08 - 2017-12-28 19:08 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Notzombies
2017-12-27 19:10 - 2017-12-27 19:10 - 000000000 ____D C:\Users\Polenovi\AppData\LocalLow\Total Mayhem Games
2017-12-26 18:34 - 2017-12-26 18:35 - 020421880 _____ C:\Users\Polenovi\Downloads\sumo (1).zip
2017-12-25 20:35 - 2017-12-25 20:35 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Godot
2017-12-25 02:49 - 2017-12-25 02:49 - 014593045 _____ C:\Users\Polenovi\Downloads\sumo.zip
2017-12-17 17:51 - 2017-12-17 17:51 - 000024803 _____ C:\Users\Polenovi\Downloads\fuckinghell.odt
2017-12-15 20:48 - 2017-12-15 20:48 - 000000017 _____ C:\Users\Polenovi\Desktop\Nový textový dokument (3).txt
2017-12-13 20:29 - 2017-12-13 20:29 - 000000000 _____ C:\Users\Polenovi\Desktop\Nový textový dokument (2).txt
2017-12-13 20:18 - 2017-12-13 20:18 - 000027552 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2017-12-13 20:18 - 2017-12-13 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2017-12-13 20:18 - 2017-12-13 20:18 - 000000000 ____D C:\Program Files\HWiNFO64
2017-12-13 20:17 - 2017-12-13 20:18 - 004567432 _____ (Martin Malík - REALiX ) C:\Users\Polenovi\Downloads\hw64_570.exe
2017-12-11 09:58 - 2017-12-11 09:58 - 000062928 _____ C:\Users\Monika\Desktop\Monika ŽL.pdf
2017-12-11 09:55 - 2017-12-11 09:55 - 000387741 _____ C:\Users\Monika\Desktop\Blanka ŽL.pdf
2017-12-08 00:54 - 2017-12-08 00:54 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2017-12-08 00:54 - 2017-12-08 00:54 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2017-12-07 19:57 - 2017-12-07 19:57 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-05 23:57 - 2017-12-05 23:57 - 000243824 _____ C:\Users\Polenovi\Downloads\just creative work.pdf
2017-12-05 23:51 - 2017-12-05 23:51 - 000225547 _____ C:\Users\Polenovi\Downloads\#Marythevirgin.pdf
2017-12-02 20:39 - 2017-12-02 20:39 - 000048794 _____ C:\Users\Polenovi\Downloads\sheet.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 21:48 - 2017-09-23 12:52 - 000003316 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2017-12-30 21:45 - 2013-02-27 18:40 - 000000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000UA.job
2017-12-30 21:40 - 2012-12-03 10:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-30 21:37 - 2015-06-17 18:40 - 000000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000UA.job
2017-12-30 20:48 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-30 20:48 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-30 20:42 - 2014-08-17 13:17 - 000000394 _____ C:\Windows\Tasks\update-sys.job
2017-12-30 20:35 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-30 20:04 - 2012-12-07 20:15 - 000000000 ____D C:\Users\Polenovi\AppData\Local\LogMeIn Hamachi
2017-12-30 19:39 - 2014-08-17 13:17 - 000000394 _____ C:\Windows\Tasks\update-S-1-5-21-710846368-3565823764-1362206376-1000.job
2017-12-29 20:57 - 2016-04-12 19:14 - 003932160 ___SH C:\Users\Polenovi\Desktop\Thumbs.db
2017-12-29 19:07 - 2011-04-12 09:34 - 000668870 _____ C:\Windows\system32\perfh005.dat
2017-12-29 19:07 - 2011-04-12 09:34 - 000141716 _____ C:\Windows\system32\perfc005.dat
2017-12-29 19:07 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-29 19:07 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-29 18:45 - 2013-02-27 18:40 - 000000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000Core.job
2017-12-29 17:37 - 2015-06-17 18:40 - 000000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000Core.job
2017-12-28 21:41 - 2012-12-03 16:49 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-12-28 21:22 - 2012-12-03 16:56 - 000001351 _____ C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-12-28 20:15 - 2016-07-30 20:10 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Factorio
2017-12-28 20:12 - 2017-11-28 12:15 - 000000000 ____D C:\Users\Polenovi\Documents\OpenTTD
2017-12-28 19:40 - 2017-11-11 22:39 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\.minecraft
2017-12-28 19:32 - 2017-11-12 16:21 - 000000000 ____D C:\Users\Polenovi\Desktop\srvr
2017-12-28 19:08 - 2017-08-19 19:19 - 000000000 ____D C:\Users\Polenovi\Documents\TrackMania
2017-12-28 19:04 - 2013-12-02 20:18 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-24 14:22 - 2016-08-24 08:38 - 000000644 __RSH C:\Users\Polenovi\ntuser.pol
2017-12-24 14:22 - 2012-12-03 16:30 - 000000000 ____D C:\Users\Polenovi
2017-12-24 11:51 - 2015-09-18 19:02 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\TS3Client
2017-12-22 18:15 - 2013-05-17 19:29 - 000000000 ___RD C:\Users\Polenovi\Dropbox
2017-12-20 20:21 - 2009-07-14 06:08 - 000032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-17 15:08 - 2013-03-25 16:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-12-17 15:08 - 2013-03-25 16:31 - 000000000 ____D C:\Program Files\Windows Live
2017-12-17 15:08 - 2013-03-25 16:31 - 000000000 ____D C:\Program Files (x86)\Windows Live
2017-12-15 22:52 - 2013-12-30 19:48 - 000000000 ____D C:\Users\Polenovi\Documents\My Games
2017-12-15 20:37 - 2012-12-03 17:48 - 000000000 ____D C:\Users\Polenovi\AppData\Local\Ubisoft Game Launcher
2017-12-15 20:08 - 2014-08-09 19:12 - 000002075 _____ C:\Users\Polenovi\Documents\50 odstínů hnědi.txt
2017-12-15 19:26 - 2012-12-28 21:14 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-13 21:31 - 2017-05-02 11:45 - 000004552 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 21:31 - 2012-12-03 10:17 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 21:31 - 2012-12-03 10:17 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 21:31 - 2012-12-03 10:17 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 21:31 - 2012-12-03 10:17 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-13 19:50 - 2016-08-25 09:01 - 000000940 __RSH C:\Users\Kiki a Táta\ntuser.pol
2017-12-13 19:50 - 2012-12-28 18:00 - 000000000 ____D C:\Users\Kiki a Táta\AppData\Local\Google
2017-12-13 19:50 - 2012-12-03 17:05 - 000000000 ____D C:\Users\Kiki a Táta
2017-12-12 21:25 - 2014-12-28 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-12-12 21:23 - 2014-12-28 22:49 - 000196344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-12-12 21:23 - 2014-12-28 22:49 - 000153072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-12-12 19:26 - 2017-06-16 18:46 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\discord
2017-12-12 19:25 - 2017-06-16 18:46 - 000000000 ____D C:\Users\Polenovi\AppData\Local\Discord
2017-12-12 19:25 - 2015-07-05 12:34 - 000000000 ____D C:\Users\Polenovi\Desktop\Textové Soubory
2017-12-12 12:40 - 2012-12-10 18:04 - 000000000 ____D C:\Users\Monika\AppData\Local\LogMeIn Hamachi
2017-12-12 10:51 - 2012-12-29 11:35 - 000000000 ____D C:\Users\Monika\AppData\Roaming\Skype
2017-12-12 10:49 - 2016-09-11 08:01 - 000000930 __RSH C:\Users\Monika\ntuser.pol
2017-12-12 10:49 - 2012-12-03 16:55 - 000000000 ____D C:\Users\Monika
2017-12-11 09:49 - 2013-02-08 19:52 - 000000000 ____D C:\Users\Monika\AppData\Local\Google
2017-12-08 00:54 - 2017-11-11 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-07 19:57 - 2013-05-17 19:24 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Dropbox
2017-12-02 21:55 - 2017-09-23 12:52 - 000003122 _____ C:\Windows\System32\Tasks\Avira SystrayStartTrigger
2017-12-02 21:55 - 2014-12-28 22:46 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-02 14:38 - 2017-09-03 21:08 - 000000000 ____D C:\Users\Polenovi\Desktop\Scanned

==================== Files in the root of some directories =======

2014-05-20 20:33 - 2014-05-20 20:33 - 000063075 _____ () C:\Users\Polenovi\AppData\Roaming\Crescendo.dmp
2012-12-03 21:49 - 2013-02-01 12:36 - 000703117 _____ () C:\Users\Polenovi\AppData\Roaming\technic-launcher.jar
2012-12-03 21:49 - 2013-01-23 17:37 - 000703104 _____ () C:\Users\Polenovi\AppData\Roaming\technic-launcher.jar.bak
2017-11-05 15:41 - 2017-11-05 15:41 - 000004300 _____ () C:\Users\Polenovi\AppData\Roaming\Zer16AC.tmp
2017-11-05 15:43 - 2017-11-11 17:20 - 000007330 _____ () C:\Users\Polenovi\AppData\Roaming\ZeroBraneStudio.ini
2015-10-22 20:30 - 2017-07-12 19:37 - 000010752 _____ () C:\Users\Polenovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-22 00:04 - 2017-10-22 00:04 - 000000857 _____ () C:\Users\Polenovi\AppData\Local\recently-used.xbel
2015-10-13 16:52 - 2016-06-29 15:43 - 000000700 ___SH () C:\Users\Polenovi\AppData\Local\systemFL7.dat
2014-12-28 22:11 - 2014-12-28 22:11 - 000000003 _____ () C:\Users\Polenovi\AppData\Local\updater.log
2016-12-15 23:24 - 2017-05-07 10:06 - 000000425 _____ () C:\Users\Polenovi\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2015-01-03 11:30 - 2015-01-03 11:30 - 000000000 ____D () C:\Users\Kiki a Táta\AppData\Local\Temp\avgnt.exe
2015-01-07 14:42 - 2015-01-07 14:42 - 000000000 ____D () C:\Users\Monika\AppData\Local\Temp\avgnt.exe
2013-04-05 15:44 - 2013-04-05 15:44 - 000904104 _____ (Oracle Corporation) C:\Users\Monika\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
2013-04-29 22:54 - 2013-04-29 22:54 - 000192512 _____ () C:\Users\Monika\AppData\Local\Temp\sfamcc00001.dll
2013-04-29 22:54 - 2013-04-29 22:54 - 000158720 _____ () C:\Users\Monika\AppData\Local\Temp\sfareca00001.dll
2013-06-16 20:34 - 2013-07-13 20:33 - 031954536 _____ (Skype Technologies S.A.) C:\Users\Monika\AppData\Local\Temp\SkypeSetup.exe
2014-02-01 16:04 - 2014-02-01 16:04 - 000372736 _____ (Babylon Ltd.) C:\Users\Monika\AppData\Local\Temp\uninst1.exe
2017-11-04 17:28 - 2017-11-04 17:28 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1293074186676084891.dll
2017-11-05 14:51 - 2017-11-05 14:51 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1541491266320543309.dll
2017-11-04 17:02 - 2017-11-04 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1917392608150639533.dll
2017-11-04 20:24 - 2017-11-04 20:24 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1947704379741816969.dll
2017-11-08 22:43 - 2017-11-08 22:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-2113263404762285482.dll
2017-11-04 19:34 - 2017-11-04 19:34 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-3267310053797635130.dll
2017-11-04 20:23 - 2017-11-04 20:23 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-3735125059335927498.dll
2017-11-04 20:45 - 2017-11-04 20:45 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-4385420987800280347.dll
2017-11-05 10:01 - 2017-11-05 10:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-4697214846344005917.dll
2017-11-04 19:37 - 2017-11-04 19:37 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-4784733505497370112.dll
2017-11-05 14:14 - 2017-11-05 14:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-502934571337612439.dll
2017-11-04 17:02 - 2017-11-04 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-5043693483082692465.dll
2017-11-04 19:53 - 2017-11-04 19:53 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-5712884989014764782.dll
2017-11-10 19:51 - 2017-11-10 19:51 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-5967542734645956681.dll
2017-11-04 20:33 - 2017-11-04 20:33 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-6041141139673191136.dll
2017-11-10 22:33 - 2017-11-10 22:33 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-6096663573166871287.dll
2017-11-04 17:02 - 2017-11-04 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-8449578744724393618.dll
2017-11-04 17:27 - 2017-11-04 17:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-9032472246240655860.dll
2017-11-11 09:01 - 2017-11-11 09:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-9103544195738110922.dll
2017-10-26 13:15 - 2017-12-28 21:41 - 000192512 _____ () C:\Users\Polenovi\AppData\Local\Temp\sfamcc00001.dll
2017-11-11 21:52 - 2017-12-28 21:41 - 000158720 _____ () C:\Users\Polenovi\AppData\Local\Temp\sfareca00001.dll
2016-08-24 10:20 - 2016-08-24 10:20 - 000000000 ____D () C:\Users\Work hard\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-29 12:42

==================== End of FRST.txt ============================

3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Re: Prosím o preventivku

#6 Příspěvek od 3rw0sh »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Polenovi (administrator) on POLENOVI-PC (30-12-2017 21:52:02)
Running from C:\Users\Polenovi\Desktop
Loaded Profiles: Polenovi (Available Profiles: Polenovi & Monika & Kiki a Táta & Work hard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Discord Inc.) C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe
(f.lux Software LLC) C:\Users\Polenovi\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Creative Technology Ltd) D:\Program Files\Live! Central 3\CTLVCentral3.exe
(Creative Technology Ltd.) C:\Windows\V0700Mon.exe
() D:\Program Files (x86)\Cok Software\Cok Free Auto Clicker\AutoClicker.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Discord Inc.) C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Discord Inc.) C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => D:\Program Files\OO Software\Defrag\oodtray.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5120144 2012-05-23] (VIA)
HKLM-x32\...\Run: [Live! Central 3] => D:\Program Files\Live! Central 3\CTLVCentral3.exe [503969 2010-12-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [V0700Mon.exe] => C:\Windows\V0700Mon.exe [28672 2010-08-18] (Creative Technology Ltd.)
HKLM-x32\...\Run: [liandianqi] => D:\Program Files (x86)\Cok Software\Cok Free Auto Clicker\AutoClicker.exe [57344 2012-10-31] ()
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files\Razer Cortex\RazerCortex.exe -autorun
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Facebook Update] => C:\Users\Polenovi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-27] (Facebook Inc.)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Gadwin PrintScreen Pro (64-bit)] => "C:\Program Files\Gadwin\Gadwin PrintScreenPro\PrintScreenPro64.exe" /nosplash
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Dropbox Update] => C:\Users\Polenovi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Discord] => C:\Users\Polenovi\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [f.lux] => C:\Users\Polenovi\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Polenovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-12-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Polenovi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1005\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{1058A90E-C101-4B40-9E9F-0BB91251E65A}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4BE1BB41-0FBA-492B-8C2B-AEFEB60503A2}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-14] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF DefaultProfile: t5ktwgo0.default
FF ProfilePath: C:\Users\Polenovi\AppData\Roaming\Mozilla\Firefox\Profiles\t5ktwgo0.default [2017-11-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent-x64 -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x64\npPKIComponentNPAPI.dll [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Polenovi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Polenovi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-12-15] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://anonymouse.org/cgi-bin/anon-www.cgi/hxxp://www.google.cz"
CHR Profile: C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
CHR Extension: (Prezentace) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-11]
CHR Extension: (Tabulky) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Avira Browser Safety) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-12]
CHR Extension: (vPopulus Game) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhdhpflnnmfllolkaekcaddacgonfe [2014-12-08]
CHR Extension: (Little Alchemy) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-09]
CHR Extension: (Lightshot (Nástroje snímků)) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2017-08-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-03-20]
CHR Profile: C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-710846368-3565823764-1362206376-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Polenovi\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Polenovi\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128944 2017-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-12-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1526832 2017-12-12] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2017-11-06] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-01-16] () [File not signed]
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153072 2017-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-24] (Avira Operations GmbH & Co. KG)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-08-17] (Digiarty Software, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-12-13] (REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-03-28] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [106360 2007-01-12] (Protection Technology (StarForce))
R3 V0700Vid; C:\Windows\System32\DRIVERS\V0700Vid.sys [393728 2010-10-18] (Creative Technology Ltd.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 20:43 - 2017-12-30 20:43 - 000001418 _____ C:\Users\Polenovi\Desktop\AdwCleaner[C1].txt
2017-12-30 20:43 - 2017-12-30 20:43 - 000000461 _____ C:\Ostatní (E) – zástupce.lnk
2017-12-30 20:34 - 2017-12-30 20:34 - 000001256 _____ C:\Users\Polenovi\Desktop\AdwCleaner[S1].txt
2017-12-30 20:31 - 2017-12-30 20:31 - 008198432 _____ (Malwarebytes) C:\Users\Polenovi\Desktop\adwcleaner_7.0.6.0 (1).exe
2017-12-29 19:06 - 2017-12-29 19:06 - 000861251 _____ C:\Users\Polenovi\Desktop\Mistr a Markétka.pdf
2017-12-29 13:12 - 2017-12-29 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-28 23:15 - 2017-12-28 23:15 - 000039231 _____ C:\Users\Polenovi\Downloads\For_n-even.pdf
2017-12-28 22:52 - 2017-12-28 22:52 - 001446792 _____ C:\Users\Polenovi\Downloads\SteamSetup.exe
2017-12-28 22:25 - 2017-12-28 22:25 - 000000000 ____D C:\Windows\pss
2017-12-28 22:09 - 2017-12-28 22:09 - 000000000 ____D C:\Users\Polenovi\Desktop\flash disk
2017-12-28 21:57 - 2017-12-28 21:57 - 000000000 ____D C:\Users\Polenovi\Desktop\Nová složka (2)
2017-12-28 21:56 - 2017-12-28 21:56 - 004004509 _____ (Igor Pavlov) C:\Users\Polenovi\Downloads\mb_bios_ga-z77-d3h_f22 (1).exe
2017-12-28 21:55 - 2017-12-28 21:55 - 000000000 ____D C:\Users\Polenovi\Desktop\Nová složka
2017-12-28 21:54 - 2017-12-28 21:54 - 004004509 _____ (Igor Pavlov) C:\Users\Polenovi\Downloads\mb_bios_ga-z77-d3h_f22.exe
2017-12-28 21:54 - 2014-01-06 09:53 - 000000019 _____ C:\Users\Polenovi\Downloads\autoexec.bat
2017-12-28 21:54 - 2013-11-14 01:25 - 008388608 _____ C:\Users\Polenovi\Downloads\Z77D3H.F22
2017-12-28 21:54 - 2012-09-26 07:14 - 000059836 _____ C:\Users\Polenovi\Downloads\Efiflash.exe
2017-12-28 21:27 - 2017-12-30 21:52 - 000023299 _____ C:\Users\Polenovi\Desktop\FRST.txt
2017-12-28 21:27 - 2017-12-30 21:52 - 000000000 ____D C:\FRST
2017-12-28 21:21 - 2017-12-28 21:22 - 000112640 _____ (forum.viry.cz) C:\Users\Polenovi\Downloads\Nepotvrzeno 94805.crdownload
2017-12-28 21:21 - 2017-12-28 21:21 - 002391552 _____ (Farbar) C:\Users\Polenovi\Desktop\FRST64.exe
2017-12-28 21:20 - 2017-12-30 21:48 - 000000000 ____D C:\AdwCleaner
2017-12-28 21:20 - 2017-12-28 21:20 - 008198432 _____ (Malwarebytes) C:\Users\Polenovi\Downloads\adwcleaner_7.0.6.0.exe
2017-12-28 19:37 - 2017-12-28 19:37 - 003486336 _____ C:\Users\Polenovi\Downloads\Complex-Map.zip
2017-12-28 19:32 - 2017-12-28 19:32 - 009170551 _____ C:\Users\Polenovi\Downloads\server (1).jar
2017-12-28 19:17 - 2017-12-28 19:17 - 012670344 _____ C:\Users\Polenovi\Downloads\Super_Hostile_01_-_Sea_of_Flame_II_v3.0.zip
2017-12-28 19:14 - 2017-12-28 19:14 - 000000000 ____D C:\Users\Polenovi\Downloads\world
2017-12-28 19:08 - 2017-12-28 19:08 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Notzombies
2017-12-27 19:10 - 2017-12-27 19:10 - 000000000 ____D C:\Users\Polenovi\AppData\LocalLow\Total Mayhem Games
2017-12-26 18:34 - 2017-12-26 18:35 - 020421880 _____ C:\Users\Polenovi\Downloads\sumo (1).zip
2017-12-25 20:35 - 2017-12-25 20:35 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Godot
2017-12-25 02:49 - 2017-12-25 02:49 - 014593045 _____ C:\Users\Polenovi\Downloads\sumo.zip
2017-12-17 17:51 - 2017-12-17 17:51 - 000024803 _____ C:\Users\Polenovi\Downloads\fuckinghell.odt
2017-12-15 20:48 - 2017-12-15 20:48 - 000000017 _____ C:\Users\Polenovi\Desktop\Nový textový dokument (3).txt
2017-12-13 20:29 - 2017-12-13 20:29 - 000000000 _____ C:\Users\Polenovi\Desktop\Nový textový dokument (2).txt
2017-12-13 20:18 - 2017-12-13 20:18 - 000027552 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2017-12-13 20:18 - 2017-12-13 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2017-12-13 20:18 - 2017-12-13 20:18 - 000000000 ____D C:\Program Files\HWiNFO64
2017-12-13 20:17 - 2017-12-13 20:18 - 004567432 _____ (Martin Malík - REALiX ) C:\Users\Polenovi\Downloads\hw64_570.exe
2017-12-11 09:58 - 2017-12-11 09:58 - 000062928 _____ C:\Users\Monika\Desktop\Monika ŽL.pdf
2017-12-11 09:55 - 2017-12-11 09:55 - 000387741 _____ C:\Users\Monika\Desktop\Blanka ŽL.pdf
2017-12-08 00:54 - 2017-12-08 00:54 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2017-12-08 00:54 - 2017-12-08 00:54 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2017-12-07 19:57 - 2017-12-07 19:57 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-05 23:57 - 2017-12-05 23:57 - 000243824 _____ C:\Users\Polenovi\Downloads\just creative work.pdf
2017-12-05 23:51 - 2017-12-05 23:51 - 000225547 _____ C:\Users\Polenovi\Downloads\#Marythevirgin.pdf
2017-12-02 20:39 - 2017-12-02 20:39 - 000048794 _____ C:\Users\Polenovi\Downloads\sheet.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 21:48 - 2017-09-23 12:52 - 000003316 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2017-12-30 21:45 - 2013-02-27 18:40 - 000000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000UA.job
2017-12-30 21:40 - 2012-12-03 10:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-30 21:37 - 2015-06-17 18:40 - 000000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000UA.job
2017-12-30 20:48 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-30 20:48 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-30 20:42 - 2014-08-17 13:17 - 000000394 _____ C:\Windows\Tasks\update-sys.job
2017-12-30 20:35 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-30 20:04 - 2012-12-07 20:15 - 000000000 ____D C:\Users\Polenovi\AppData\Local\LogMeIn Hamachi
2017-12-30 19:39 - 2014-08-17 13:17 - 000000394 _____ C:\Windows\Tasks\update-S-1-5-21-710846368-3565823764-1362206376-1000.job
2017-12-29 20:57 - 2016-04-12 19:14 - 003932160 ___SH C:\Users\Polenovi\Desktop\Thumbs.db
2017-12-29 19:07 - 2011-04-12 09:34 - 000668870 _____ C:\Windows\system32\perfh005.dat
2017-12-29 19:07 - 2011-04-12 09:34 - 000141716 _____ C:\Windows\system32\perfc005.dat
2017-12-29 19:07 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-29 19:07 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-29 18:45 - 2013-02-27 18:40 - 000000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000Core.job
2017-12-29 17:37 - 2015-06-17 18:40 - 000000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000Core.job
2017-12-28 21:41 - 2012-12-03 16:49 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-12-28 21:22 - 2012-12-03 16:56 - 000001351 _____ C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-12-28 20:15 - 2016-07-30 20:10 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Factorio
2017-12-28 20:12 - 2017-11-28 12:15 - 000000000 ____D C:\Users\Polenovi\Documents\OpenTTD
2017-12-28 19:40 - 2017-11-11 22:39 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\.minecraft
2017-12-28 19:32 - 2017-11-12 16:21 - 000000000 ____D C:\Users\Polenovi\Desktop\srvr
2017-12-28 19:08 - 2017-08-19 19:19 - 000000000 ____D C:\Users\Polenovi\Documents\TrackMania
2017-12-28 19:04 - 2013-12-02 20:18 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-24 14:22 - 2016-08-24 08:38 - 000000644 __RSH C:\Users\Polenovi\ntuser.pol
2017-12-24 14:22 - 2012-12-03 16:30 - 000000000 ____D C:\Users\Polenovi
2017-12-24 11:51 - 2015-09-18 19:02 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\TS3Client
2017-12-22 18:15 - 2013-05-17 19:29 - 000000000 ___RD C:\Users\Polenovi\Dropbox
2017-12-20 20:21 - 2009-07-14 06:08 - 000032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-17 15:08 - 2013-03-25 16:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-12-17 15:08 - 2013-03-25 16:31 - 000000000 ____D C:\Program Files\Windows Live
2017-12-17 15:08 - 2013-03-25 16:31 - 000000000 ____D C:\Program Files (x86)\Windows Live
2017-12-15 22:52 - 2013-12-30 19:48 - 000000000 ____D C:\Users\Polenovi\Documents\My Games
2017-12-15 20:37 - 2012-12-03 17:48 - 000000000 ____D C:\Users\Polenovi\AppData\Local\Ubisoft Game Launcher
2017-12-15 20:08 - 2014-08-09 19:12 - 000002075 _____ C:\Users\Polenovi\Documents\50 odstínů hnědi.txt
2017-12-15 19:26 - 2012-12-28 21:14 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-13 21:31 - 2017-05-02 11:45 - 000004552 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 21:31 - 2012-12-03 10:17 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 21:31 - 2012-12-03 10:17 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 21:31 - 2012-12-03 10:17 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 21:31 - 2012-12-03 10:17 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-13 19:50 - 2016-08-25 09:01 - 000000940 __RSH C:\Users\Kiki a Táta\ntuser.pol
2017-12-13 19:50 - 2012-12-28 18:00 - 000000000 ____D C:\Users\Kiki a Táta\AppData\Local\Google
2017-12-13 19:50 - 2012-12-03 17:05 - 000000000 ____D C:\Users\Kiki a Táta
2017-12-12 21:25 - 2014-12-28 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-12-12 21:23 - 2014-12-28 22:49 - 000196344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-12-12 21:23 - 2014-12-28 22:49 - 000153072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-12-12 19:26 - 2017-06-16 18:46 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\discord
2017-12-12 19:25 - 2017-06-16 18:46 - 000000000 ____D C:\Users\Polenovi\AppData\Local\Discord
2017-12-12 19:25 - 2015-07-05 12:34 - 000000000 ____D C:\Users\Polenovi\Desktop\Textové Soubory
2017-12-12 12:40 - 2012-12-10 18:04 - 000000000 ____D C:\Users\Monika\AppData\Local\LogMeIn Hamachi
2017-12-12 10:51 - 2012-12-29 11:35 - 000000000 ____D C:\Users\Monika\AppData\Roaming\Skype
2017-12-12 10:49 - 2016-09-11 08:01 - 000000930 __RSH C:\Users\Monika\ntuser.pol
2017-12-12 10:49 - 2012-12-03 16:55 - 000000000 ____D C:\Users\Monika
2017-12-11 09:49 - 2013-02-08 19:52 - 000000000 ____D C:\Users\Monika\AppData\Local\Google
2017-12-08 00:54 - 2017-11-11 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-07 19:57 - 2013-05-17 19:24 - 000000000 ____D C:\Users\Polenovi\AppData\Roaming\Dropbox
2017-12-02 21:55 - 2017-09-23 12:52 - 000003122 _____ C:\Windows\System32\Tasks\Avira SystrayStartTrigger
2017-12-02 21:55 - 2014-12-28 22:46 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-02 14:38 - 2017-09-03 21:08 - 000000000 ____D C:\Users\Polenovi\Desktop\Scanned

==================== Files in the root of some directories =======

2014-05-20 20:33 - 2014-05-20 20:33 - 000063075 _____ () C:\Users\Polenovi\AppData\Roaming\Crescendo.dmp
2012-12-03 21:49 - 2013-02-01 12:36 - 000703117 _____ () C:\Users\Polenovi\AppData\Roaming\technic-launcher.jar
2012-12-03 21:49 - 2013-01-23 17:37 - 000703104 _____ () C:\Users\Polenovi\AppData\Roaming\technic-launcher.jar.bak
2017-11-05 15:41 - 2017-11-05 15:41 - 000004300 _____ () C:\Users\Polenovi\AppData\Roaming\Zer16AC.tmp
2017-11-05 15:43 - 2017-11-11 17:20 - 000007330 _____ () C:\Users\Polenovi\AppData\Roaming\ZeroBraneStudio.ini
2015-10-22 20:30 - 2017-07-12 19:37 - 000010752 _____ () C:\Users\Polenovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-22 00:04 - 2017-10-22 00:04 - 000000857 _____ () C:\Users\Polenovi\AppData\Local\recently-used.xbel
2015-10-13 16:52 - 2016-06-29 15:43 - 000000700 ___SH () C:\Users\Polenovi\AppData\Local\systemFL7.dat
2014-12-28 22:11 - 2014-12-28 22:11 - 000000003 _____ () C:\Users\Polenovi\AppData\Local\updater.log
2016-12-15 23:24 - 2017-05-07 10:06 - 000000425 _____ () C:\Users\Polenovi\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2015-01-03 11:30 - 2015-01-03 11:30 - 000000000 ____D () C:\Users\Kiki a Táta\AppData\Local\Temp\avgnt.exe
2015-01-07 14:42 - 2015-01-07 14:42 - 000000000 ____D () C:\Users\Monika\AppData\Local\Temp\avgnt.exe
2013-04-05 15:44 - 2013-04-05 15:44 - 000904104 _____ (Oracle Corporation) C:\Users\Monika\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
2013-04-29 22:54 - 2013-04-29 22:54 - 000192512 _____ () C:\Users\Monika\AppData\Local\Temp\sfamcc00001.dll
2013-04-29 22:54 - 2013-04-29 22:54 - 000158720 _____ () C:\Users\Monika\AppData\Local\Temp\sfareca00001.dll
2013-06-16 20:34 - 2013-07-13 20:33 - 031954536 _____ (Skype Technologies S.A.) C:\Users\Monika\AppData\Local\Temp\SkypeSetup.exe
2014-02-01 16:04 - 2014-02-01 16:04 - 000372736 _____ (Babylon Ltd.) C:\Users\Monika\AppData\Local\Temp\uninst1.exe
2017-11-04 17:28 - 2017-11-04 17:28 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1293074186676084891.dll
2017-11-05 14:51 - 2017-11-05 14:51 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1541491266320543309.dll
2017-11-04 17:02 - 2017-11-04 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1917392608150639533.dll
2017-11-04 20:24 - 2017-11-04 20:24 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-1947704379741816969.dll
2017-11-08 22:43 - 2017-11-08 22:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-2113263404762285482.dll
2017-11-04 19:34 - 2017-11-04 19:34 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-3267310053797635130.dll
2017-11-04 20:23 - 2017-11-04 20:23 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-3735125059335927498.dll
2017-11-04 20:45 - 2017-11-04 20:45 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-4385420987800280347.dll
2017-11-05 10:01 - 2017-11-05 10:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-4697214846344005917.dll
2017-11-04 19:37 - 2017-11-04 19:37 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-4784733505497370112.dll
2017-11-05 14:14 - 2017-11-05 14:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-502934571337612439.dll
2017-11-04 17:02 - 2017-11-04 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-5043693483082692465.dll
2017-11-04 19:53 - 2017-11-04 19:53 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-5712884989014764782.dll
2017-11-10 19:51 - 2017-11-10 19:51 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-5967542734645956681.dll
2017-11-04 20:33 - 2017-11-04 20:33 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-6041141139673191136.dll
2017-11-10 22:33 - 2017-11-10 22:33 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-6096663573166871287.dll
2017-11-04 17:02 - 2017-11-04 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-8449578744724393618.dll
2017-11-04 17:27 - 2017-11-04 17:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-9032472246240655860.dll
2017-11-11 09:01 - 2017-11-11 09:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Polenovi\AppData\Local\Temp\jansi-64-9103544195738110922.dll
2017-10-26 13:15 - 2017-12-28 21:41 - 000192512 _____ () C:\Users\Polenovi\AppData\Local\Temp\sfamcc00001.dll
2017-11-11 21:52 - 2017-12-28 21:41 - 000158720 _____ () C:\Users\Polenovi\AppData\Local\Temp\sfareca00001.dll
2016-08-24 10:20 - 2016-08-24 10:20 - 000000000 ____D () C:\Users\Work hard\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-29 12:42

==================== End of FRST.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o preventivku

#7 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Facebook Update] => C:\Users\Polenovi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-27] (Facebook Inc.)
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1005\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1004\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent-x64 -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x64\npPKIComponentNPAPI.dll [No File]
C:\Users\Polenovi\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000Core.job
C:\Users\Polenovi\AppData\Roaming\Zer16AC.tmp
C:\Users\Polenovi\AppData\Roaming\ZeroBraneStudio.ini
C:\Users\Polenovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Kiki a Táta\AppData\Local\Temp


EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Re: Prosím o preventivku

#8 Příspěvek od 3rw0sh »

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Polenovi (30-12-2017 23:15:29) Run:1
Running from C:\Users\Polenovi\Desktop
Loaded Profiles: Polenovi (Available Profiles: Polenovi & Monika & Kiki a Táta & Work hard)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-710846368-3565823764-1362206376-1000\...\Run: [Facebook Update] => C:\Users\Polenovi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-27] (Facebook Inc.)
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1005\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1004\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll [No File]
FF Plugin HKU\S-1-5-21-710846368-3565823764-1362206376-1000: @servis24.cz/PKIComponent-x64 -> C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x64\npPKIComponentNPAPI.dll [No File]
C:\Users\Polenovi\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Polenovi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000Core.job
C:\Users\Polenovi\AppData\Roaming\Zer16AC.tmp
C:\Users\Polenovi\AppData\Roaming\ZeroBraneStudio.ini
C:\Users\Polenovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Kiki a T�ta\AppData\Local\Temp


EmptyTemp:
End
*****************

"HKU\S-1-5-21-710846368-3565823764-1362206376-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update" => removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1005\User => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-710846368-3565823764-1362206376-1004\User => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKU\S-1-5-21-710846368-3565823764-1362206376-1000\Software\MozillaPlugins\@servis24.cz/PKIComponent" => removed successfully
"C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll" => not found
"HKU\S-1-5-21-710846368-3565823764-1362206376-1000\Software\MozillaPlugins\@servis24.cz/PKIComponent-x64" => removed successfully
"C:\Users\Polenovi\AppData\Roaming\CSAS\lib\x64\npPKIComponentNPAPI.dll" => not found
"C:\Users\Polenovi\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>" => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj" => removed successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710846368-3565823764-1362206376-1000Core.job => moved successfully
C:\Users\Polenovi\AppData\Roaming\Zer16AC.tmp => moved successfully
C:\Users\Polenovi\AppData\Roaming\ZeroBraneStudio.ini => moved successfully
C:\Users\Polenovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\Kiki a T�ta\AppData\Local\Temp" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 84348549 B
Java, Flash, Steam htmlcache => 930906922 B
Windows/system/drivers => 149437727 B
Edge => 0 B
Chrome => 538914602 B
Firefox => 392654136 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42320678 B
systemprofile32 => 1134267 B
LocalService => 16384 B
NetworkService => 66228 B
Polenovi => 681635580 B
UpdatusUser => 0 B
Monika => 1324623515 B
Kiki a Táta => 179172004 B
UpdatusUser => 0 B
Work hard => 61557967 B

RecycleBin => 439967032 B
EmptyTemp: => 4.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:21:25 ====

3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Re: Prosím o preventivku

#9 Příspěvek od 3rw0sh »

Dobré ráno, rád bych zdůraznil, že hned po restartu, který si program vynutil, a zapnutí chromu (a facebooku), se mi začal tajně do počítače (právě přes chrome) stahovat jakýsi soubor, který AVira zablokovala. Měl ještě koncovku .crdownload, takže hádám, že nebyl stáhnut úplně, ale trochu mě to vystrašilo, že se mi bez mého svolení do počítače něco stahuje. Jen abyste to věděl.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o preventivku

#10 Příspěvek od Rudy »

FRST smazal, co mě. Teď zkuste postupně ještě spustit tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Re: Prosím o preventivku

#11 Příspěvek od 3rw0sh »

zoek:
Script běžel, vypadalo to, že to něco dělá, pak ale přestalo. Po hodině to vypadalo stejně. Chtěl jsem program vypnout a znovu spustit, program se ale znovu zapne a píše "zoek is still running". Při ukončení úlohy se stane to stejné. Program tvrdí, že se sám vypne. Hmm. Log to ale vyplivlo. Tedy nevím, jestli celý (neukázal se na obrazovce, musel jsem ho najít). Tady je (je to tak správně? Co mám teď dělat s tím programem?):

Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by Polenovi on ne 31.12.2017 at 11:41:23,49.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Polenovi\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31.12.2017 11:42:30 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================


==== FireFox Fix ======================

Deleted from C:\Users\Monika\AppData\Roaming\Thunderbird\Profiles\onvpfpne.default\prefs.js:

Added to C:\Users\Monika\AppData\Roaming\Thunderbird\Profiles\onvpfpne.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Polenovi\AppData\Roaming\Mozilla\Firefox\Profiles\t5ktwgo0.default\prefs.js:

Added to C:\Users\Polenovi\AppData\Roaming\Mozilla\Firefox\Profiles\t5ktwgo0.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\KIKIAT~1\AppData\Roaming\Mozilla\Firefox\Profiles\eWtdiU3W.default\prefs.js:

Added to C:\Users\KIKIAT~1\AppData\Roaming\Mozilla\Firefox\Profiles\eWtdiU3W.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\Ae9xCLTq.default\prefs.js:

Added to C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\Ae9xCLTq.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Polenovi\AppData\Roaming\Mozilla\Firefox\Profiles\eS80iizf.default\prefs.js:

Added to C:\Users\Polenovi\AppData\Roaming\Mozilla\Firefox\Profiles\eS80iizf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Monika\AppData\Roaming\Thunderbird\Profiles\onvpfpne.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Polenovi\AppData\Roaming\Mozilla\Firefox\Profiles\t5ktwgo0.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\KIKIAT~1\AppData\Roaming\Mozilla\Firefox\Profiles\eWtdiU3W.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\Ae9xCLTq.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Polenovi\AppData\Roaming\Mozilla\Firefox\Profiles\eS80iizf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Re: Prosím o preventivku

#12 Příspěvek od 3rw0sh »

Tak jo, každých 30 sekund mi i bez zapnuté myši teď scrolluje obrazovka dolů, začínám se bát.

3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Re: Prosím o preventivku

#13 Příspěvek od 3rw0sh »

Mimochodem, ten druhý odkaz nefunguje.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o preventivku

#14 Příspěvek od Rudy »

K tomu scrollování: Zkuste odpojit i klávesku. Může to být její mechanická vada. Zoek něco smazal. A co Junkware?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

3rw0sh
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 26 čer 2012 16:53

Re: Prosím o preventivku

#15 Příspěvek od 3rw0sh »

I bez klávesnice to scrolluje. Junkware removal tool: Ten odkaz, co jste mi dal, nefunguje. Zoek pořád běží a nechce se nechat vypnout. Vypadá, že nic nedělá.

Odpovědět