VIRY.CZ

Díky! Nicméně, už jsem kontaktoval podporu. Ostatně, je to placená verze, tak ať se trochu snaží.
Zde odpověď (třeba by to mohlo někomu taky pomoci):
---
Dobrý den,
aktualizaci v rámci produktu distribuujeme uživatelům vždy až ve chvíli, kdy jsme si jisti, že produkt neobsahuje kritické chyby. To znamená, že nejprve je nová verze ke stažení na našich webových stránkách, odkud si ji můžete kdykoli v případě zájmu kdykoli stáhnout. Programovou aktualizaci následně vydáváme ze zpožděním. Pokud máte zájem o nejnovější verzi produktu ESET Smart Security, postupujte podle tohoto návodu: https://servis.eset.cz/index.php?/Knowl ... -antivirus
Podařilo se aktualizovat program na verzi 9?

S pozdravem,
Martin Buchta
Specialista technické podpory
---
Takže, tento bod bychom asi mohli přeskočit, když jsi nejsou jisti, že " produkt neobsahuje kritické chyby". Skoro by se chtělo jedovatě říci, proč to tedy pouštějí ven, a že asi proto NOD32 nenašel na NTB žádné svinstvo, ačkoliv tam zjevně bylo. Má to pak cenu pořizovat si placený antivirák???

Mozno by som to nevidel az tak kriticky.

Ak trochu rozsirim odpoved zo supportu.

Nova verzia kazdeho software, ale ostanme pri NODe, sa pripravuje a postupne testuje na coraz sirsom "okruhu" pocitacov. Najskôr prebehnu nejake interne testy, odladovania. Potom sa zverejni BETA verzia (aktualne je uz vonku ESS/NOD32 Antivirus 10 http://forum.viry.cz/viewtopic.php?f=60&t=148748). Tu si stiahnu "fanusikovia" a ludia co sa "radi bavia" s novými vecami. Ide o to, ze v internom prostredi nedokazu nasimulovat takmer nekonecne kombinacie hardwaru a softwaru, ktore sa realne vo svete mozu vyskytovat. A staci drobna odlisnost, aby sa programy "pobili" a padali, pripadne v krajnom pripade zhodili OS. Ked sa vychyta vacsina chyb v BETE, ide von ostra verzia (niekto vydava aj tzv. RC, pripadne to znacenie moze byt komplikovanejsie, rozsiahlejsie). Ale stale ju z opatrnosti nepustia naraz medzi "vsetkych" uzivatelov. Ved su ich miliony a staci aby par percentam z nich zacal program blbnut a tech. podpora sa par noci nevyspi. Uvolnovanie je diferencovane aj podla regiónov a stale sa sleduje, ci nevyskakuju nejake problemy.

Na druhej strane, prave najnovsie verzie sa snazia reagovat na aktualne trendy sirenia malware. Napríklad v spominanej 10ke je uvadzana ako novy prvok ochrana pred skodlivymi skriptami. Preto by som, nielen ja, doporucoval prejst na najvyssiu dostupnu verziu.

No a co sa tyka detekcie. Ziadny AV nechyti vsetko (mnohokrát zavisi aj na konkrétnych nastaveniach programu, napr. detekcia PUA, hlbka heuristiky, vnorenie archivov a podobne), takze "chytit virus" sa obcas podari s akymkolvek antivirom. Ako sa hovori, bezpecnost je proces, na ktorom treba stale pracovat. A hladanie najvhodnejsieho "ochrancu", pripadne dalsich sposobov prevencie je urcite tym spravnym krokom. (Tu na fore je k tomu dost tem a priestoru na diskusiu....)

Za mna tolko

Tak jo, dal jsem si říct a nainstaloval devítku. Tenhle bod máme tedy taky splněn...

Omluva za odmlky, mam toho koncem semestru hodne... Dekuju Tatrymu za doplnujici a cenne informace.


Start -> spustit -> services.msc -> najdete sluzbu Stinova kopie svazku, 2x na ni kliknete a zkontrolujte, ze je Typ spousteni nastaven na Rucne.
Pokuste se sluzbu zapnout kliknutim na Vypnuti a zapnuti nastroje Obnoveni systemu z obrazku na predchozi strane http://forum.viry.cz/viewtopic.php?p=1445706#p1445706

V poho...

- Typ spuštění "ručně" už byl nastaven.
- Obnova se nepovedla. Neočekávaná chyba.
(Pokud si matně vybavuji, tohle tam asi bude už od začátku, od koupě PC. Patrně to mám na svědomí já. Potřeboval jsem dělit disk. Počítač byl koupen s nainstalovanými W7 a jedním diskem. Na doporučení jsem použil nějaký prográmek, jaký si už samozřejmě nepamatuju, a disk s drobnými komplikacemi rozpůlil. Od té doby bez problémů běží. Dál jsem to neřešil. Je to velký problém?)

Ještě hloupý dotaz - má cenu v této fázi zkoušet žádat o vyřazení z blacklistu? Stále "vysíláme"? Protože s tím osekaným připojením cokoliv dělat je peklo.

Bod obnoveni jen zde na foru nekolikrat usetril format nebo mnoho prace s napravou skod.

Jeste jednou jsem projizdel logy. V desitkach malware nevidim, v sedmickach take ne, ale jeste docistime. Vlozte nove logy FRST.txt a Addition.txt.

Zatim muzete v kazdem PC pustit vlastni sken celeho pocitace MBAMem - http://forum.viry.cz/viewtopic.php?f=29&t=144868
MBAM ma kvalitni detekci a casto jej pouzivame.

jasně, rozumím....

log 7:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by User (administrator) on VOJTA (26-04-2016 21:03:17)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNABFSWK.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [PinnacleDriverCheck] => C:\Windows\system32\PSDrvCheck.exe [406016 2004-03-10] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [BambooCore] => C:\Program Files\Bamboo Dock\BambooCore.exe [646744 2014-11-16] ()
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-371849324-3225581938-3012723480-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-09-30] (AMD)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2015-04-01]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-07-20]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C5CE1AC0-0A2E-4472-84AD-94DB14658250}: [NameServer] 93.153.117.1,93.153.117.33
Tcpip\..\Interfaces\{C5CE1AC0-0A2E-4472-84AD-94DB14658250}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-371849324-3225581938-3012723480-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&r ... d=ie7&rlz=
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12] ()
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o1movpzb.default
FF DefaultSearchUrl: hxxps://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: http://www.google.com
FF Keyword.URL: hxxps://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @caminova.com/DjVuPlugin -> C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll [2013-06-03] (Caminova, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-03-02] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-31] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-371849324-3225581938-3012723480-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-31] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: FireFTP - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o1movpzb.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-11-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o1movpzb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-05] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-04-12] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-04-12] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-04-12] [not signed]

Chrome:
=======
CHR HomePage: Default -> http://www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (registryAccess) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.1.0_0\background/registryAccess.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-10]
CHR Extension: (Vyhledávání Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-10]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1983264 2016-03-03] (ESET)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ASAPIW2k; C:\Windows\System32\drivers\ASAPIW2k.sys [11264 2004-03-10] (Pinnacle Systems GmbH) [File not signed]
S3 AVerHybrid; C:\Windows\System32\drivers\averhbtv.sys [306688 2009-08-20] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [206312 2016-04-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146024 2016-04-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [130616 2016-04-14] (ESET)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
R1 eusk2par; C:\Windows\system32\Drivers\eusk2par.sys [30656 2006-12-13] (Eutron)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2002-03-19] (Pinnacle Systems GmbH) [File not signed]
S2 PIEUsb; C:\Windows\System32\Drivers\usbscan.sys [36352 2013-07-03] (Microsoft Corporation)
S1 MpKsl92075c64; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2CBFF57C-8953-4358-9D87-024E9E7BF59B}\MpKsl92075c64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 17:58 - 2016-04-26 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-04-26 17:58 - 2016-04-26 17:58 - 00000000 ____D C:\ProgramData\ESET
2016-04-24 09:35 - 2016-04-24 09:35 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-04-24 09:35 - 2016-04-24 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-24 09:35 - 2016-04-24 09:35 - 00000000 ____D C:\Program Files\Common Files\Java
2016-04-23 23:30 - 2016-04-23 23:30 - 00032930 _____ C:\Users\User\Desktop\sfcdetails.txt
2016-04-23 16:59 - 2016-04-23 16:59 - 00002530 _____ C:\Users\User\Desktop\AdwCleaner[C1].txt
2016-04-23 16:51 - 2016-04-23 16:57 - 00000000 ____D C:\AdwCleaner
2016-04-23 16:48 - 2016-04-23 16:48 - 03683904 _____ C:\Users\User\Desktop\adwcleaner_5.112.exe
2016-04-23 16:43 - 2016-04-23 16:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun
2016-04-23 16:43 - 2016-04-23 16:43 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2016-04-23 16:39 - 2016-04-23 16:39 - 00738880 _____ (Oracle Corporation) C:\Users\User\Desktop\jxpiinstall.exe
2016-04-23 16:39 - 2016-04-23 16:39 - 00000000 ____D C:\Users\User\AppData\LocalLow\Oracle
2016-04-23 14:10 - 2016-04-23 14:10 - 00010184 _____ C:\Users\User\Desktop\Addition.zip
2016-04-23 14:09 - 2016-04-23 14:09 - 00033499 _____ C:\Users\User\Desktop\Addition.txt
2016-04-23 14:07 - 2016-04-26 21:04 - 00014047 _____ C:\Users\User\Desktop\FRST.txt
2016-04-23 14:07 - 2016-04-26 21:03 - 00000000 ____D C:\FRST
2016-04-23 14:04 - 2016-04-23 14:05 - 01726464 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2016-04-21 16:54 - 2016-04-23 13:25 - 00000000 ____D C:\Users\User\Desktop\botnet
2016-04-21 14:31 - 2016-04-21 14:31 - 00000000 ____D C:\rsit
2016-04-21 14:31 - 2016-04-21 14:31 - 00000000 ____D C:\Program Files\trend micro
2016-04-14 19:45 - 2016-04-15 21:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-13 19:51 - 2016-04-14 22:21 - 00000000 ____D C:\ProgramData\F-Secure
2016-04-13 19:51 - 2016-04-14 22:12 - 00000000 ____D C:\Users\User\AppData\Local\FSDART
2016-04-13 19:51 - 2016-04-13 19:51 - 00000000 ____D C:\Users\User\AppData\Local\F-Secure
2016-04-13 07:14 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-04-13 07:14 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 07:14 - 2016-03-18 00:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 07:14 - 2016-03-18 00:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 07:14 - 2016-03-18 00:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 07:14 - 2016-03-18 00:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 07:14 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 07:14 - 2016-03-18 00:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 07:14 - 2016-03-18 00:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 07:14 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 07:14 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 07:14 - 2016-03-18 00:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 07:14 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 07:14 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 07:14 - 2016-03-18 00:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 07:14 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 07:14 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 07:14 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 07:14 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 07:14 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 07:14 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 07:14 - 2016-03-18 00:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 07:14 - 2016-03-18 00:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 07:14 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 07:14 - 2016-03-18 00:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 07:14 - 2016-03-18 00:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 07:14 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 07:14 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 07:14 - 2016-03-17 23:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 07:14 - 2016-03-17 23:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 07:14 - 2016-03-17 23:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 07:14 - 2016-03-17 23:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 07:14 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 07:14 - 2016-03-17 23:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 07:14 - 2016-03-17 23:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 07:14 - 2016-03-17 23:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 07:14 - 2016-03-17 23:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 07:14 - 2016-03-17 23:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 07:14 - 2016-03-17 23:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 07:14 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 07:14 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 07:14 - 2016-03-17 23:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 07:14 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 07:14 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 07:14 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 07:14 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 07:14 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-04-13 07:14 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 07:14 - 2016-02-02 20:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 07:13 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 07:13 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 07:13 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 07:13 - 2016-03-31 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 07:13 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 07:13 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 07:13 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 07:13 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 07:13 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 07:13 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 07:13 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 07:13 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 07:13 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 07:13 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 07:13 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 07:13 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 07:13 - 2016-03-31 01:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 07:13 - 2016-03-31 01:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 07:13 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 07:13 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 07:13 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 07:13 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 07:13 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 07:13 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 07:13 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 07:13 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 07:13 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 07:13 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 07:13 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 07:13 - 2016-03-31 01:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 07:13 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 07:13 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 07:13 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 07:13 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 07:13 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 07:11 - 2016-04-04 19:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 07:11 - 2016-04-04 19:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 07:11 - 2016-04-02 15:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 07:11 - 2016-03-29 19:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 07:11 - 2016-03-23 16:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 07:11 - 2016-03-17 20:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 07:11 - 2016-03-17 20:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 07:11 - 2016-03-17 20:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 07:11 - 2016-03-17 20:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 07:11 - 2016-03-16 01:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 07:11 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 07:11 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 07:11 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 07:11 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 07:11 - 2016-02-05 20:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 07:11 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 07:11 - 2016-01-21 02:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 07:11 - 2015-06-03 22:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-12 19:48 - 2016-04-12 19:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-08 22:29 - 2016-04-09 08:22 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 20:56 - 2015-02-05 20:45 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04173f8675592.job
2016-04-26 20:50 - 2011-03-05 10:47 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-26 20:12 - 2012-04-01 14:20 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-26 20:05 - 2009-07-14 06:34 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-26 20:05 - 2009-07-14 06:34 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-26 19:56 - 2015-02-05 20:45 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04173f7e4343c.job
2016-04-26 19:50 - 2011-03-05 10:47 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-26 18:06 - 2011-03-02 21:31 - 01590938 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-26 18:06 - 2009-07-14 10:44 - 00670982 _____ C:\Windows\system32\perfh005.dat
2016-04-26 18:06 - 2009-07-14 10:44 - 00142542 _____ C:\Windows\system32\perfc005.dat
2016-04-26 18:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-04-26 18:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-25 19:18 - 2011-03-05 10:08 - 00000000 ____D C:\Users\User\Desktop\Temp
2016-04-24 09:35 - 2013-10-20 17:21 - 00000000 ____D C:\ProgramData\Oracle
2016-04-24 09:34 - 2011-07-26 14:48 - 00000000 ____D C:\Program Files\Java
2016-04-23 22:40 - 2015-12-10 20:34 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-23 16:23 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2016-04-21 19:59 - 2011-03-05 14:08 - 00000000 ____D C:\Users\User\Desktop\foto
2016-04-21 14:21 - 2011-03-05 10:57 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-04-21 14:20 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-18 16:57 - 2011-03-05 11:05 - 00000000 ____D C:\Users\User\AppData\Roaming\Media Player Classic
2016-04-17 09:56 - 2016-03-20 12:00 - 00000000 ____D C:\Windows\Driver Cache
2016-04-16 00:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2016-04-14 22:09 - 2011-03-04 22:48 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-04-14 22:08 - 2011-06-13 18:56 - 00000925 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-14 19:32 - 2015-12-10 20:21 - 00000000 ____D C:\Program Files\Opera
2016-04-14 15:09 - 2015-07-14 15:29 - 00206312 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-04-14 15:09 - 2015-07-14 15:29 - 00146024 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-04-14 15:09 - 2015-07-14 15:29 - 00130616 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2016-04-13 16:55 - 2009-07-14 06:33 - 00402960 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 16:52 - 2014-12-11 20:21 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 07:25 - 2013-08-14 19:16 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 07:22 - 2011-03-02 21:33 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-13 07:03 - 2012-05-06 20:44 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-12 19:52 - 2011-03-05 10:48 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-09 11:12 - 2012-04-01 14:20 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-09 11:12 - 2011-05-18 21:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-07 20:45 - 2011-06-21 21:05 - 00000116 _____ C:\Windows\NeroDigital.ini
2016-04-07 19:33 - 2011-03-05 10:56 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI

==================== Files in the root of some directories =======

2011-03-04 20:46 - 2008-08-31 22:47 - 0222208 _____ (J.C. Kessels) C:\Program Files\JkDefrag.exe
2014-03-01 13:54 - 2014-10-19 16:43 - 0301862 _____ () C:\Program Files\JkDefrag.log
2011-10-31 23:04 - 2016-03-05 10:20 - 0008192 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-20 22:29 - 2016-02-20 22:29 - 0007604 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2011-03-04 20:48 - 2014-11-17 20:28 - 0012243 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\msvcr120.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-19 20:57

==================== End of FRST.txt ============================

log 10

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by Petra (administrator) on DESKTOP-N1UJSR1 (26-04-2016 21:28:39)
Running from C:\Users\Petra Svarcova\Desktop
Loaded Profiles: Petra (Available Profiles: Petra)
Platform: Windows 10 Enterprise (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Windows MultiPoint Server\WmsSelfHealingSvc.exe
(Microsoft Corporation) C:\Program Files\Windows MultiPoint Server\WmsSvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Windows MultiPoint Server\WmsSessionAgent.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [MsmqIntCert] => "C:\WINDOWS\System32\regsvr32.exe" /s "C:\WINDOWS\System32\mqrt.dll"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-3727496388-735248901-704022088-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3727496388-735248901-704022088-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0c67319e-7b5e-4ad7-ba0d-12e7935227ae}: [NameServer] 93.153.117.1,93.153.117.33
Tcpip\..\Interfaces\{0c67319e-7b5e-4ad7-ba0d-12e7935227ae}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{41e7e1c1-badb-470c-95e0-496a17ac2b24}: [NameServer] 93.153.117.1,93.153.117.33
Tcpip\..\Interfaces\{41e7e1c1-badb-470c-95e0-496a17ac2b24}: [DhcpNameServer] 10.0.0.138 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3727496388-735248901-704022088-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-16] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-16] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-04-20] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Petra Svarcova\AppData\Roaming\Mozilla\Firefox\Profiles\3nkge6ym.default
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-16] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-20]
FF Extension: British English Dictionary (Marco Pinto) - C:\Users\Petra Svarcova\AppData\Roaming\Mozilla\Firefox\Profiles\3nkge6ym.default\Extensions\marcoagpinto@mail.telepac.pt [2016-03-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn

Chrome:
=======
CHR Profile: C:\Users\Petra Svarcova\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Petra Svarcova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-12]
CHR Extension: (Disk Google) - C:\Users\Petra Svarcova\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-12]
CHR Extension: (YouTube) - C:\Users\Petra Svarcova\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12]
CHR Extension: (Vyhledávání Google) - C:\Users\Petra Svarcova\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petra Svarcova\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-12]
CHR Extension: (Gmail) - C:\Users\Petra Svarcova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2016-02-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [288256 2016-02-12] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2521440 2016-02-22] (ESET)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1394360 2016-02-12] (Intel Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [394752 2016-02-12] (Microsoft Corporation)
R2 HvHost; C:\Windows\System32\hvhostsvc.dll [57344 2016-02-12] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [372152 2016-02-12] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2016-02-12] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2016-02-12] (Microsoft Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [48640 2016-02-12] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [164864 2016-02-12] (Microsoft Corporation)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100352 2016-02-12] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [51712 2016-02-12] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46080 2016-02-12] (Microsoft Corporation)
S4 UwfServicingSvc; C:\Windows\System32\UwfServicingSvc.exe [48480 2015-11-05] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [12911104 2015-08-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 Wms; C:\Program Files\Windows MultiPoint Server\WmsSvc.exe [909312 2015-07-18] (Microsoft Corporation)
R2 WmsRepair; C:\Program Files\Windows MultiPoint Server\WmsSelfHealingSvc.exe [68096 2016-02-12] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2016-02-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2016-02-12] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-02-09] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2016-02-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2016-02-09] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [170792 2016-02-09] (ESET)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2016-02-12] (Intel Corporation)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [70496 2016-02-12] (Microsoft Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2016-02-12] (Intel Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [20992 2016-02-12] (Microsoft Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184304 2016-02-12] (Intel Corporation)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [260608 2016-02-12] (Microsoft Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22528 2016-02-12] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [49152 2016-02-12] (Microsoft Corporation)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [133120 2016-02-12] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2016-02-12] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4619520 2015-07-21] (Realtek Semiconductor Corporation )
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-12] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-21] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 uwfreg; C:\Windows\System32\drivers\uwfreg.sys [50528 2016-02-12] (Microsoft Corporation)
R0 uwfs; C:\Windows\System32\drivers\uwfs.sys [45408 2016-02-12] (Microsoft Corporation)
R0 uwfvol; C:\Windows\System32\drivers\uwfvol.sys [73568 2016-02-12] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26112 2016-02-12] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [883200 2016-03-16] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [883200 2016-03-16] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [883200 2016-03-16] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [347648 2016-02-12] (Microsoft Corporation)
R3 WmsWlFltr; C:\Windows\System32\DRIVERS\WmsWlFltr.sys [48128 2016-02-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 21:28 - 2016-04-26 21:29 - 00019299 _____ C:\Users\Petra Svarcova\Desktop\FRST.txt
2016-04-26 21:28 - 2016-04-26 21:28 - 00000000 ____D C:\FRST
2016-04-26 21:27 - 2016-04-26 21:27 - 02376192 _____ (Farbar) C:\Users\Petra Svarcova\Desktop\FRST64.exe
2016-04-26 21:26 - 2016-04-26 21:26 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-N1UJSR1_Petra_HistoryPrediction.bin
2016-04-24 09:45 - 2016-04-24 09:45 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Local\CrashDumps
2016-04-23 17:01 - 2016-04-23 17:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-23 13:28 - 2016-04-23 17:11 - 00000000 ____D C:\Users\Petra Svarcova\Desktop\botnet
2016-04-23 13:14 - 2016-04-23 13:14 - 00000862 _____ C:\DelFix.txt
2016-04-22 21:51 - 2016-04-22 21:51 - 00000000 ____D C:\Program Files\trend micro
2016-04-22 15:28 - 2016-04-22 15:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-22 15:28 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-22 15:28 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-22 15:28 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-21 22:39 - 2016-04-21 22:39 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-21 22:38 - 2016-04-21 23:20 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-21 17:51 - 2016-04-21 17:51 - 00000000 ____D C:\Program Files (x86)\Product Key Reader
2016-04-18 18:14 - 2016-04-18 18:14 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Local\GHISLER
2016-04-18 17:16 - 2016-04-18 17:21 - 00000000 ____D C:\totalcmd
2016-04-18 17:16 - 2016-04-18 17:16 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-04-18 17:16 - 2016-04-18 17:16 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Roaming\GHISLER
2016-04-17 20:37 - 2016-04-17 20:38 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Roaming\XMind
2016-04-17 20:36 - 2016-04-17 20:37 - 00000000 ____D C:\Program Files (x86)\XMind
2016-04-17 20:36 - 2016-04-17 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
2016-04-16 17:43 - 2016-04-16 17:43 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-04-16 17:43 - 2016-04-16 17:43 - 00000000 ____D C:\Program Files\CCleaner
2016-04-16 10:02 - 2016-04-16 10:02 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Local\ESET
2016-04-15 16:48 - 2016-04-16 17:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-15 16:48 - 2016-04-16 17:10 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-15 16:48 - 2016-04-15 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-04-15 16:42 - 2016-04-15 16:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-13 20:15 - 2016-04-22 21:36 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Local\FSDART
2016-04-13 20:10 - 2016-04-16 17:39 - 00000000 ____D C:\ProgramData\F-Secure
2016-04-13 20:10 - 2016-04-13 20:10 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Local\F-Secure
2016-04-13 17:06 - 2016-03-29 08:40 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 17:06 - 2016-03-29 08:40 - 01381376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 17:06 - 2016-03-25 09:38 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 17:06 - 2016-03-25 09:25 - 12505600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 17:06 - 2016-03-25 09:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 17:06 - 2016-03-25 09:13 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 17:06 - 2016-03-25 08:55 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 17:06 - 2016-03-25 08:54 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 17:06 - 2016-03-16 06:56 - 03467784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-13 17:06 - 2016-03-16 06:56 - 01022664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 17:06 - 2016-03-16 06:56 - 00861512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 17:06 - 2016-03-16 06:55 - 02495768 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 17:06 - 2016-03-16 06:55 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-13 17:06 - 2016-03-16 06:55 - 01299032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 17:06 - 2016-03-16 06:55 - 01127024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 17:06 - 2016-03-16 06:54 - 00595016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 17:06 - 2016-03-16 06:47 - 22610328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-13 17:06 - 2016-03-16 06:47 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-13 17:06 - 2016-03-16 06:47 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-13 17:06 - 2016-03-16 06:45 - 00140536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-13 17:06 - 2016-03-16 06:41 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-04-13 17:06 - 2016-03-16 06:41 - 00784224 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-04-13 17:06 - 2016-03-16 06:39 - 00983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 17:06 - 2016-03-16 06:37 - 01010016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 17:06 - 2016-03-16 06:21 - 01767000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 17:06 - 2016-03-16 06:21 - 01531888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-13 17:06 - 2016-03-16 06:11 - 21088728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-13 17:06 - 2016-03-16 06:11 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-13 17:06 - 2016-03-16 06:11 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-04-13 17:06 - 2016-03-16 06:03 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 17:06 - 2016-03-16 06:00 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 17:06 - 2016-03-16 05:56 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2016-04-13 17:06 - 2016-03-16 05:51 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-04-13 17:06 - 2016-03-16 05:49 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 17:06 - 2016-03-16 05:49 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 17:06 - 2016-03-16 05:45 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-13 17:06 - 2016-03-16 05:44 - 01016832 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 17:06 - 2016-03-16 05:42 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 17:06 - 2016-03-16 05:40 - 00931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-13 17:06 - 2016-03-16 05:40 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-13 17:06 - 2016-03-16 05:40 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-13 17:06 - 2016-03-16 05:40 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-13 17:06 - 2016-03-16 05:40 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 17:06 - 2016-03-16 05:39 - 03363328 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 17:06 - 2016-03-16 05:38 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-13 17:06 - 2016-03-16 05:37 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-13 17:06 - 2016-03-16 05:37 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-13 17:06 - 2016-03-16 05:37 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 17:06 - 2016-03-16 05:36 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-13 17:06 - 2016-03-16 05:36 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-13 17:06 - 2016-03-16 05:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-13 17:06 - 2016-03-16 05:36 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-13 17:06 - 2016-03-16 05:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-13 17:06 - 2016-03-16 05:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-13 17:06 - 2016-03-16 05:36 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-13 17:06 - 2016-03-16 05:36 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-13 17:06 - 2016-03-16 05:35 - 01794560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 17:06 - 2016-03-16 05:35 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2016-04-13 17:06 - 2016-03-16 05:34 - 01871872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 17:06 - 2016-03-16 05:32 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 17:06 - 2016-03-16 05:21 - 18796544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 17:06 - 2016-03-16 05:18 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-04-13 17:06 - 2016-03-16 05:17 - 03680256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 17:06 - 2016-03-16 05:17 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-04-13 17:06 - 2016-03-16 05:17 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-04-13 17:06 - 2016-03-16 05:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-04-13 17:06 - 2016-03-16 05:17 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 17:06 - 2016-03-16 05:14 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-04-13 17:06 - 2016-03-16 05:13 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-04-13 17:06 - 2016-03-16 05:13 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-04-13 17:06 - 2016-03-16 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-04-13 17:06 - 2016-03-16 05:13 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-04-13 17:06 - 2016-03-16 05:13 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-04-13 17:06 - 2016-03-16 05:13 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-04-13 17:06 - 2016-03-16 05:11 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 17:05 - 2016-03-16 06:55 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 17:05 - 2016-03-16 06:46 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-13 17:05 - 2016-03-16 06:41 - 00958816 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-04-13 17:05 - 2016-03-16 06:41 - 00927584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-04-13 17:05 - 2016-03-16 06:41 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 17:05 - 2016-03-16 06:41 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-13 17:05 - 2016-03-16 06:08 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-04-13 17:05 - 2016-03-16 06:06 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-13 17:05 - 2016-03-16 06:05 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 17:05 - 2016-03-16 06:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 17:05 - 2016-03-16 05:56 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-13 17:05 - 2016-03-16 05:55 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-13 17:05 - 2016-03-16 05:55 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-04-13 17:05 - 2016-03-16 05:55 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-13 17:05 - 2016-03-16 05:55 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-13 17:05 - 2016-03-16 05:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-04-13 17:05 - 2016-03-16 05:47 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-13 17:05 - 2016-03-16 05:47 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-13 17:05 - 2016-03-16 05:47 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-13 17:05 - 2016-03-16 05:46 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-04-13 17:05 - 2016-03-16 05:43 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-04-13 17:05 - 2016-03-16 05:43 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 17:05 - 2016-03-16 05:42 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 17:05 - 2016-03-16 05:42 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-04-13 17:05 - 2016-03-16 05:41 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 17:05 - 2016-03-16 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 17:05 - 2016-03-16 05:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-13 17:05 - 2016-03-16 05:40 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-13 17:05 - 2016-03-16 05:39 - 00883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2016-04-13 17:05 - 2016-03-16 05:39 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-13 17:05 - 2016-03-16 05:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 17:05 - 2016-03-16 05:37 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-13 17:05 - 2016-03-16 05:37 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-13 17:05 - 2016-03-16 05:37 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-13 17:05 - 2016-03-16 05:36 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-13 17:05 - 2016-03-16 05:36 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-13 17:05 - 2016-03-16 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-13 17:05 - 2016-03-16 05:36 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-13 17:05 - 2016-03-16 05:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-13 17:05 - 2016-03-16 05:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-13 17:05 - 2016-03-16 05:35 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-13 17:05 - 2016-03-16 05:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-13 17:05 - 2016-03-16 05:35 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-13 17:05 - 2016-03-16 05:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 17:05 - 2016-03-16 05:31 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-04-13 17:05 - 2016-03-16 05:31 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-04-13 17:05 - 2016-03-16 05:31 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-04-13 17:05 - 2016-03-16 05:28 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-04-13 17:05 - 2016-03-16 05:27 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 17:05 - 2016-03-16 05:24 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-04-13 17:05 - 2016-03-16 05:24 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-04-13 17:05 - 2016-03-16 05:24 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-04-13 17:05 - 2016-03-16 05:20 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 17:05 - 2016-03-16 05:18 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 17:05 - 2016-03-16 05:17 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2016-04-13 17:05 - 2016-03-16 05:16 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-04-13 17:05 - 2016-03-16 05:14 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-04-13 17:05 - 2016-03-16 05:14 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-04-13 17:05 - 2016-03-16 05:13 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-04-13 17:05 - 2016-03-16 05:13 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-04-13 17:05 - 2016-03-16 05:13 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-04-13 17:05 - 2016-03-16 05:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-13 17:05 - 2016-03-16 05:13 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-13 17:05 - 2016-03-16 05:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-13 17:05 - 2016-03-16 05:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-04-13 17:05 - 2016-03-16 05:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-04-13 17:05 - 2016-03-16 05:10 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 21:12 - 2016-04-13 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-10 20:36 - 2016-04-10 20:36 - 00477286 _____ C:\Users\Petra Svarcova\Downloads\Ger_ Dyslexia.pdf
2016-04-10 20:30 - 2016-04-10 20:30 - 00956380 _____ C:\Users\Petra Svarcova\Downloads\Dyslexia_ Galuschka.pdf
2016-04-07 22:25 - 2016-04-09 20:25 - 20355776 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-04 21:50 - 2016-04-16 19:54 - 00000000 ____D C:\Users\Petra Svarcova\Desktop\MUDr.Haubnerová-v
2016-03-30 22:07 - 2016-03-30 22:07 - 12057990 _____ C:\Users\Petra Svarcova\Downloads\document.pdf
2016-03-30 22:04 - 2016-03-30 22:04 - 00247820 _____ C:\Users\Petra Svarcova\Downloads\Recenze-Hendl.pdf
2016-03-30 22:00 - 2016-03-30 22:00 - 02125100 _____ C:\Users\Petra Svarcova\Downloads\RPTX_2014_1_11210_0_460937_0_162270.pdf
2016-03-30 22:00 - 2016-03-30 22:00 - 00154424 _____ C:\Users\Petra Svarcova\Downloads\RPBC_2014_1_11210_0_460937_0_162270.pdf
2016-03-30 22:00 - 2016-03-30 22:00 - 00154218 _____ C:\Users\Petra Svarcova\Downloads\RPBE_2014_1_11210_0_460937_0_162270.pdf
2016-03-30 21:58 - 2016-03-30 21:58 - 00193102 _____ C:\Users\Petra Svarcova\Downloads\Posudek oponenta_INFo zdroje ve farmacii.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 21:25 - 2016-02-12 22:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-26 21:17 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-26 21:17 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-26 21:12 - 2016-02-12 15:07 - 00004182 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8A126287-9F83-4A8A-8A9B-500E99003B69}
2016-04-26 21:09 - 2016-02-20 14:56 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-04-26 21:09 - 2016-02-12 22:44 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-25 22:54 - 2016-02-12 22:40 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Local\Packages
2016-04-23 20:45 - 2016-02-12 22:58 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-23 17:42 - 2016-02-12 17:55 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-04-23 17:12 - 2016-02-12 22:41 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Roaming\Adobe
2016-04-23 17:11 - 2016-02-12 17:58 - 00000000 ____D C:\Users\Petra Svarcova\AppData\LocalLow\Adobe
2016-04-23 17:06 - 2016-02-12 22:57 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Local\Adobe
2016-04-23 17:01 - 2016-02-12 22:58 - 00000000 ____D C:\ProgramData\Adobe
2016-04-23 17:01 - 2016-02-12 22:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-23 13:15 - 2016-02-12 22:35 - 02105588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-23 13:15 - 2016-02-12 19:10 - 00850854 _____ C:\WINDOWS\system32\perfh005.dat
2016-04-23 13:15 - 2016-02-12 19:10 - 00197430 _____ C:\WINDOWS\system32\perfc005.dat
2016-04-23 13:15 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-22 21:22 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-04-22 21:19 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-22 21:18 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-22 15:33 - 2016-02-12 18:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-21 21:41 - 2015-07-10 14:20 - 00343952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-21 21:37 - 2016-02-12 18:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2016-04-20 22:42 - 2015-07-10 13:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-20 22:40 - 2016-02-12 16:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-18 22:25 - 2016-02-12 22:40 - 00000000 ____D C:\Users\Petra Svarcova
2016-04-18 22:16 - 2016-02-21 23:13 - 00000000 ____D C:\Users\Petra Svarcova\Desktop\Smichov_fyzio
2016-04-18 21:47 - 2016-02-21 23:08 - 00000000 ____D C:\Users\Petra Svarcova\Desktop\Aj_Joan
2016-04-17 20:37 - 2016-02-12 22:49 - 00000000 ____D C:\Users\Petra Svarcova\.oracle_jre_usage
2016-04-16 17:46 - 2016-02-20 14:27 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Roaming\MPC-HC
2016-04-16 17:46 - 2016-02-12 22:49 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Roaming\Azureus
2016-04-16 17:44 - 2016-02-12 22:23 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-16 17:07 - 2016-02-12 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-16 17:07 - 2016-02-12 22:52 - 00000000 ____D C:\ProgramData\Oracle
2016-04-16 17:07 - 2016-02-12 22:52 - 00000000 ____D C:\Program Files\Java
2016-04-16 17:06 - 2016-02-12 22:53 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-04-15 20:13 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2016-04-13 17:26 - 2016-02-12 22:41 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-13 17:21 - 2016-02-12 22:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 17:19 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-13 17:12 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 17:11 - 2016-02-12 16:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 17:07 - 2016-02-12 16:20 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 20:54 - 2016-02-12 22:49 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-09 20:26 - 2016-02-12 22:58 - 00003982 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-08 19:07 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-07 22:25 - 2016-02-12 22:58 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-06 20:32 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 20:34 - 2016-02-21 23:11 - 00000000 ____D C:\Users\Petra Svarcova\Desktop\Knihovnictvi
2016-03-28 20:07 - 2016-02-12 14:01 - 00000000 ____D C:\Users\Petra Svarcova\AppData\Local\WinZip

==================== Files in the root of some directories =======

2016-02-12 15:41 - 2016-02-12 15:41 - 0000006 ____S () C:\ProgramData\7deb20d34559016bd60c2e57072d0de6dc6e9757
2016-02-12 22:52 - 2016-02-12 22:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Petra Svarcova\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Petra Svarcova\AppData\Local\Temp\libeay32.dll
C:\Users\Petra Svarcova\AppData\Local\Temp\msvcr120.dll
C:\Users\Petra Svarcova\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-21 15:18

==================== End of FRST.txt ============================

kontrola 10:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 26.04.2016
Čas skenování: 21:40
Protokol: kontrola.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.04.26.04
Databáze rootkitů: v2016.04.17.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Petra

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 553336
Uplynulý čas: 3 hod, 44 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

kontrola 7

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 27.4.2016
Čas skenování: 0:18
Protokol: kontrola2.txt
Správce: Ano

Verze: 0.0.0.0000
Databáze malwaru: v2016.04.26.06
Databáze rootkitů: v2016.04.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: User

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 544008
Uplynulý čas: 2 hod, 43 min, 39 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
PUP.Optional.ProductKeyFinder, C:\Users\User\Desktop\botnet\PETRA\produkey-x64.zip, Do karantény, [fc705e55efaa92a40a149df432cfd729],
PUP.Optional.ProductKeyFinder, C:\Users\User\Desktop\botnet\PETRA\produkey-x64\ProduKey.exe, Do karantény, [9ecefcb7f2a7d95da5791d7434cd45bb],


Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Zdravím, jen malá vsuvka a já

Stáhni zde - http://screen317.changelog.fr/SecurityCheck.exe
nebo zde - http://screen317.spywareinfoforum.org/SecurityCheck.exe
nebo zde - http://www.bleepingcomputer.com/download/securitycheck/
ulož na plochu a spusť - další informace v černém okně
až skončí, otevře se notepad - obsah zkopíruj do své odpovědi.
zavřením notepadu se ukončí i program.

7:

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 9.0.376.1
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 8 Update 91
Java version 32-bit out of Date!
Adobe Flash Player 21.0.0.213
Mozilla Firefox (45.0.2)
Mozilla Thunderbird (38.7.2)
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
Google Chrome (Plugins...)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

10:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 9.0.374.1
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Adobe Flash Player 21.0.0.213
Mozilla Firefox (45.0.2)
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Kaspersky Lab Kaspersky Security Scan kss.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Na desitkach aktualizujte javu na java.com/verify (aktualni je 8U91).


Nize je fixlist pro sedmicky

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
  HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
  BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
  BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
  BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
  Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
  CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
  CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
  CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
  CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
  CHR Plugin: (registryAccess) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.1.0_0\background/registryAccess.dll => No File
  CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
  CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
  CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
  CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
  CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
  C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi
  2016-04-23 16:59 - 2016-04-23 16:59 - 00002530 _____ C:\Users\User\Desktop\AdwCleaner[C1].txt
  2016-04-23 16:51 - 2016-04-23 16:57 - 00000000 ____D C:\AdwCleaner
  2016-04-23 16:48 - 2016-04-23 16:48 - 03683904 _____ C:\Users\User\Desktop\adwcleaner_5.112.exe
  2016-04-23 14:10 - 2016-04-23 14:10 - 00010184 _____ C:\Users\User\Desktop\Addition.zip
  2016-04-23 14:09 - 2016-04-23 14:09 - 00033499 _____ C:\Users\User\Desktop\Addition.txt
  2016-04-23 14:07 - 2016-04-26 21:04 - 00014047 _____ C:\Users\User\Desktop\FRST.txt
  2016-04-21 14:31 - 2016-04-21 14:31 - 00000000 ____D C:\rsit
  2016-04-21 14:31 - 2016-04-21 14:31 - 00000000 ____D C:\Program Files\trend micro
  File: C:\Program Files\JkDefrag.exe
  Task: {0B2C5E83-AC64-4811-B1B8-E8B786FE1009} - System32\Tasks\{26EB2ADB-233D-4335-80E6-04A0A668A121} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
  Task: {0C59818E-E123-4948-AC89-F254B725AC5A} - System32\Tasks\{CBA32B01-D6CA-4DBE-9F8C-0A7888A7763F} => pcalua.exe -a "Z:\INSTAL\pdfFactory Pro Enterprise v2.30 (OK)\FppPro230.exe" -d "Z:\INSTAL\pdfFactory Pro Enterprise v2.30 (OK)"
  Task: {4073DCFF-02B2-4540-A25F-D804E26B2DBD} - System32\Tasks\{8B767952-7B1B-4F9E-A326-46C2C8C1DB5F} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
  Task: {43CEF0F4-7CB0-44DD-9889-D7C62EA7D8F3} - System32\Tasks\{948D326B-4451-4C40-B4CC-22014EC59043} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
  Task: {513DCC44-66B7-4F86-870B-DB030C9009CA} - System32\Tasks\{7F0DD0F2-5025-456E-855B-BE7C14DA22C1} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
  Task: {558C4622-5B26-40E7-9F3A-0D60774514EC} - System32\Tasks\{F607FE05-6535-4CD7-B5C6-AC2EC82C5E7B} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
  Task: {7922E886-0DD1-4F83-BA16-88A6485C5A84} - System32\Tasks\{DA26AF17-5754-432B-BF47-C2BA09DED7F9} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
  Task: {7933F009-E147-4A26-800A-652B2FD0CD7D} - System32\Tasks\{A8FE5E57-6EBA-4C17-A410-0E56A460D2D1} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
  Task: {880F5BED-D73A-4ADA-A0A5-3713CD6D481A} - System32\Tasks\{2E64D5E0-9A7B-4581-B6DB-9BA34E59025C} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
  Task: {D1C4A0BB-7045-4E3B-9765-287FACACD6EF} - System32\Tasks\{5329B5FC-096B-4193-9F6D-9BB0C9164AAA} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
  Task: {F4F95325-77C6-4181-AD20-BB6E3468FB81} - System32\Tasks\{63F00191-0DAA-46C9-A23F-5D7E4DCBD30B} => pcalua.exe -a "Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe" -d "Z:\INSTAL\Nero 6"
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04173f7e4343c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04173f8675592.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [210]
  Hosts:
  EmptyTemp:
  End

Na desitkach:

• Stahnete Crystal Disk Info (CDI) https://osdn.jp/frs/redir.php?m=cznic&f ... o6_7_5.zip
• archiv extrahujte a spustte vyextrahovany soubor DiskInfo.exe
• ve spustenem programu kliknete nahore na Upravy -> Kopirovat (log mate nyni zkopirovany ve schrance)
• log vlozte do dalsi odpovedi (Ctrl + V)

fixlog 7:

Fix result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by User (2016-04-27 18:20:51) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (registryAccess) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.1.0_0\background/registryAccess.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi
2016-04-23 16:59 - 2016-04-23 16:59 - 00002530 _____ C:\Users\User\Desktop\AdwCleaner[C1].txt
2016-04-23 16:51 - 2016-04-23 16:57 - 00000000 ____D C:\AdwCleaner
2016-04-23 16:48 - 2016-04-23 16:48 - 03683904 _____ C:\Users\User\Desktop\adwcleaner_5.112.exe
2016-04-23 14:10 - 2016-04-23 14:10 - 00010184 _____ C:\Users\User\Desktop\Addition.zip
2016-04-23 14:09 - 2016-04-23 14:09 - 00033499 _____ C:\Users\User\Desktop\Addition.txt
2016-04-23 14:07 - 2016-04-26 21:04 - 00014047 _____ C:\Users\User\Desktop\FRST.txt
2016-04-21 14:31 - 2016-04-21 14:31 - 00000000 ____D C:\rsit
2016-04-21 14:31 - 2016-04-21 14:31 - 00000000 ____D C:\Program Files\trend micro
File: C:\Program Files\JkDefrag.exe
Task: {0B2C5E83-AC64-4811-B1B8-E8B786FE1009} - System32\Tasks\{26EB2ADB-233D-4335-80E6-04A0A668A121} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
Task: {0C59818E-E123-4948-AC89-F254B725AC5A} - System32\Tasks\{CBA32B01-D6CA-4DBE-9F8C-0A7888A7763F} => pcalua.exe -a "Z:\INSTAL\pdfFactory Pro Enterprise v2.30 (OK)\FppPro230.exe" -d "Z:\INSTAL\pdfFactory Pro Enterprise v2.30 (OK)"
Task: {4073DCFF-02B2-4540-A25F-D804E26B2DBD} - System32\Tasks\{8B767952-7B1B-4F9E-A326-46C2C8C1DB5F} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
Task: {43CEF0F4-7CB0-44DD-9889-D7C62EA7D8F3} - System32\Tasks\{948D326B-4451-4C40-B4CC-22014EC59043} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
Task: {513DCC44-66B7-4F86-870B-DB030C9009CA} - System32\Tasks\{7F0DD0F2-5025-456E-855B-BE7C14DA22C1} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
Task: {558C4622-5B26-40E7-9F3A-0D60774514EC} - System32\Tasks\{F607FE05-6535-4CD7-B5C6-AC2EC82C5E7B} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
Task: {7922E886-0DD1-4F83-BA16-88A6485C5A84} - System32\Tasks\{DA26AF17-5754-432B-BF47-C2BA09DED7F9} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
Task: {7933F009-E147-4A26-800A-652B2FD0CD7D} - System32\Tasks\{A8FE5E57-6EBA-4C17-A410-0E56A460D2D1} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
Task: {880F5BED-D73A-4ADA-A0A5-3713CD6D481A} - System32\Tasks\{2E64D5E0-9A7B-4581-B6DB-9BA34E59025C} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
Task: {D1C4A0BB-7045-4E3B-9765-287FACACD6EF} - System32\Tasks\{5329B5FC-096B-4193-9F6D-9BB0C9164AAA} => Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe
Task: {F4F95325-77C6-4181-AD20-BB6E3468FB81} - System32\Tasks\{63F00191-0DAA-46C9-A23F-5D7E4DCBD30B} => pcalua.exe -a "Z:\INSTAL\Nero 6\Nero-6.6.1.15a.exe" -d "Z:\INSTAL\Nero 6"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04173f7e4343c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04173f8675592.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [210]
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => value removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => key removed successfully.
HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => key removed successfully.
HKCR\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => key removed successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.87\pdf.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => not found.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.1.0_0\background/registryAccess.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => not found.
"C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi" => not found.
C:\Users\User\Desktop\AdwCleaner[C1].txt => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\User\Desktop\adwcleaner_5.112.exe => moved successfully
"C:\Users\User\Desktop\Addition.zip" => not found.
C:\Users\User\Desktop\Addition.txt => moved successfully
C:\Users\User\Desktop\FRST.txt => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully

========================= File: C:\Program Files\JkDefrag.exe ========================

File not signed
MD5: 166F80E95A9540EFDDB411CA993FE5C7
Creation and modification date: 2011-03-04 - 2008-08-31
Size: 0222208
Attributes: ----A
Company Name: J.C. Kessels
Internal Name: JkDefrag
Original Name: JkDefrag.exe
Product: JkDefrag
Description: JkDefrag - disk defragmentation and optimization tool
File Version: 3.36
Product Version: 3.36
Copyright: GNU General Public License

====== End of File: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B2C5E83-AC64-4811-B1B8-E8B786FE1009}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B2C5E83-AC64-4811-B1B8-E8B786FE1009}" => key removed successfully.
C:\Windows\System32\Tasks\{26EB2ADB-233D-4335-80E6-04A0A668A121} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{26EB2ADB-233D-4335-80E6-04A0A668A121}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C59818E-E123-4948-AC89-F254B725AC5A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C59818E-E123-4948-AC89-F254B725AC5A}" => key removed successfully.
C:\Windows\System32\Tasks\{CBA32B01-D6CA-4DBE-9F8C-0A7888A7763F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CBA32B01-D6CA-4DBE-9F8C-0A7888A7763F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4073DCFF-02B2-4540-A25F-D804E26B2DBD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4073DCFF-02B2-4540-A25F-D804E26B2DBD}" => key removed successfully.
C:\Windows\System32\Tasks\{8B767952-7B1B-4F9E-A326-46C2C8C1DB5F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8B767952-7B1B-4F9E-A326-46C2C8C1DB5F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43CEF0F4-7CB0-44DD-9889-D7C62EA7D8F3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43CEF0F4-7CB0-44DD-9889-D7C62EA7D8F3}" => key removed successfully.
C:\Windows\System32\Tasks\{948D326B-4451-4C40-B4CC-22014EC59043} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{948D326B-4451-4C40-B4CC-22014EC59043}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{513DCC44-66B7-4F86-870B-DB030C9009CA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{513DCC44-66B7-4F86-870B-DB030C9009CA}" => key removed successfully.
C:\Windows\System32\Tasks\{7F0DD0F2-5025-456E-855B-BE7C14DA22C1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F0DD0F2-5025-456E-855B-BE7C14DA22C1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{558C4622-5B26-40E7-9F3A-0D60774514EC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{558C4622-5B26-40E7-9F3A-0D60774514EC}" => key removed successfully.
C:\Windows\System32\Tasks\{F607FE05-6535-4CD7-B5C6-AC2EC82C5E7B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F607FE05-6535-4CD7-B5C6-AC2EC82C5E7B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7922E886-0DD1-4F83-BA16-88A6485C5A84}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7922E886-0DD1-4F83-BA16-88A6485C5A84}" => key removed successfully.
C:\Windows\System32\Tasks\{DA26AF17-5754-432B-BF47-C2BA09DED7F9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA26AF17-5754-432B-BF47-C2BA09DED7F9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7933F009-E147-4A26-800A-652B2FD0CD7D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7933F009-E147-4A26-800A-652B2FD0CD7D}" => key removed successfully.
C:\Windows\System32\Tasks\{A8FE5E57-6EBA-4C17-A410-0E56A460D2D1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A8FE5E57-6EBA-4C17-A410-0E56A460D2D1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{880F5BED-D73A-4ADA-A0A5-3713CD6D481A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{880F5BED-D73A-4ADA-A0A5-3713CD6D481A}" => key removed successfully.
C:\Windows\System32\Tasks\{2E64D5E0-9A7B-4581-B6DB-9BA34E59025C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2E64D5E0-9A7B-4581-B6DB-9BA34E59025C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1C4A0BB-7045-4E3B-9765-287FACACD6EF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C4A0BB-7045-4E3B-9765-287FACACD6EF}" => key removed successfully.
C:\Windows\System32\Tasks\{5329B5FC-096B-4193-9F6D-9BB0C9164AAA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5329B5FC-096B-4193-9F6D-9BB0C9164AAA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4F95325-77C6-4181-AD20-BB6E3468FB81}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4F95325-77C6-4181-AD20-BB6E3468FB81}" => key removed successfully.
C:\Windows\System32\Tasks\{63F00191-0DAA-46C9-A23F-5D7E4DCBD30B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{63F00191-0DAA-46C9-A23F-5D7E4DCBD30B}" => key removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04173f7e4343c.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04173f8675592.job => moved successfully
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully..
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 519 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:22:30 ====