Virus CrossRider

Zpráva

lukin80s · #1 Příspěvek od **lukin80s** » 26 lis 2015 17:13

Dobrý den,

mám Lenovo Z710 X64 Nod32 WIN10 a chytil jsem někde nějakého červa.

Snažil jsem se ho googlit, zkusil spyboot a několik dalších věcí (bohužel si nejsem jist, co z removerů je naopak "virem") a nakonec Malwarebites Anti-Malware. Ten vždy najde asi 5 souboru, dám vymazat / karanténa, ale za pár dní se opět objeví.

děkuju Lukáš

#2 Příspěvek od **altrok** » 27 lis 2015 02:49

Dobry den,

sice jsem vesteckou kouli dostal do opatrovnictvi, ale na takove urovni s ni zachazet jeste neumim. Poprosim Vas tedy o logy z FRST, at muzeme problemy alespon identifikovat a nasledne se pokusit o jejich odstraneni http://forum.viry.cz/viewtopic.php?f=13&t=133100

lukin80s · #3 Příspěvek od **lukin80s** » 27 lis 2015 09:35

altrok píše:Dobry den,

sice jsem vesteckou kouli dostal do opatrovnictvi, ale na takove urovni s ni zachazet jeste neumim. Poprosim Vas tedy o logy z FRST, at muzeme problemy alespon identifikovat a nasledne se pokusit o jejich odstraneni http://forum.viry.cz/viewtopic.php?f=13&t=133100

-------------------------------------------------------------------------------------

hehe

omluva, nevšiml jsem si že se to nenahrálo. Stáhl jsem oba soubory, ale luncher pořád hlásí že FRST64 není na ploše, zkoušel jsem vypnout antivir, nastavit trvale obou správce atd... nakonec jsem spustil jen ten frst64 bez toho luncheru a dostal z něj toto:

v raru je pak addition + printscreen z Malwarebytes Anti-Malware - detekce viru PUP.Optional.CrossRider, to samé jsem dal včera vyčistit .

děkuju Lukáš

--------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015
Ran by lukas (administrator) on NOTEBOOK-6 (27-11-2015 09:15:07)
Running from D:\- Lukin Data\Desktop
Loaded Profiles: lukas & winpostgr & (Available Profiles: lukas & winpostgr)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(CSH spol. s r.o.) C:\Program Files (x86)\CSH\DomovSrv\DomovSrv.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.CSH2014\MSSQL\Binn\sqlservr.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(FlexiBee Systems s.r.o.) C:\Program Files (x86)\WinStrom\WinStromService.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_65\bin\java.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(eM Client, Inc.) C:\Program Files (x86)\eM Client\MailClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-09-19] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-09-19] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-10-22] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [GoogleChromeAutoLaunch_335DEAC781E571D7D2368A08FFCEB343] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {3bb0680e-5f17-11e5-9bc4-54bef7555d3c} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {c86403bf-5f15-11e5-9bc2-806e6f6e6963} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_335DEAC781E571D7D2368A08FFCEB343] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3bb0680e-5f17-11e5-9bc4-54bef7555d3c} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c86403bf-5f15-11e5-9bc2-806e6f6e6963} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleChromeAutoLaunch_335DEAC781E571D7D2368A08FFCEB343] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {3bb0680e-5f17-11e5-9bc4-54bef7555d3c} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {c86403bf-5f15-11e5-9bc2-806e6f6e6963} - "E:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Manažer služeb CSH.lnk [2015-10-27]
ShortcutTarget: Manažer služeb CSH.lnk -> C:\Program Files (x86)\CSH\CSHSvMgr\CSHSvMgr.exe (CSH spol. s r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.254
Tcpip\..\Interfaces\{665f181d-671a-4723-ba0a-554c6cbcbbf7}: [DhcpNameServer] 192.168.0.1 192.168.0.254

Internet Explorer:
==================
HKU\S-1-5-21-530442407-2899243224-74396006-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-13] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-13] (Oracle Corporation)
DPF: HKLM-x32 {4E94DD12-E0E0-5C87-9E61-4F4C4B0052BB} hxxp://192.168.0.232:5000/webman/3rdparty/SurveillanceStation/object/SurveillanceHelper.cab?undefined
DPF: HKLM-x32 {D63FBD76-6EAA-43C0-BAFB-474D5FD9AD3F} hxxp://192.168.0.232:5000/webman/3rdparty/SurveillanceStation/object/SurveillancePlugin.cab?undefined

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper_x86_64.dll [2015-10-28] (Synology)
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.770\npSurveillancePlugin_x86_64.dll [2015-10-28] (Synology)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper.dll [2015-10-28] (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.770\npSurveillancePlugin.dll [2015-10-28] (Synology)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-20]
CHR Extension: (Dokumenty Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-20]
CHR Extension: (Disk Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Vyhledávání Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-20]
CHR Extension: (Page Analytics (by Google)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-11-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (feedly) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-09-21]
CHR Extension: (Lyoness Cashback Bar) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibocncflemnoggjhchgnakpnhdiajnjl [2015-09-21]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-11-20]
CHR Extension: (Bleaner) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-11-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-20]
CHR Extension: (ASANA Translate) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmjfjdbamonmaajclfcpicaanaonlfc [2015-09-29]
CHR Extension: (Rozšíření Odběry RSS (od Googlu)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-09-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-20]
CHR Extension: (Gmail) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-20]
CHR HKU\S-1-5-21-530442407-2899243224-74396006-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-530442407-2899243224-74396006-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 CSHDomovnik_Service; C:\Program Files (x86)\CSH\DomovSrv\DomovSrv.exe [1909952 2015-09-29] (CSH spol. s r.o.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-09-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 MSSQL$CSH2014; C:\Program Files\Microsoft SQL Server\MSSQL12.CSH2014\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Service1; C:\Program Files (x86)\WinStrom\winstromservice.exe [586752 2015-06-15] (FlexiBee Systems s.r.o.) [File not signed]
S4 SQLAgent$CSH2014; C:\Program Files\Microsoft SQL Server\MSSQL12.CSH2014\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340992 2014-10-22] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-09-19] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WinStrom-PostgreSQL; C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\pg_ctl.exe [76800 2014-03-18] (PostgreSQL Global Development Group) [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 BTHprint; C:\Windows\system32\DRIVERS\bthprint.sys [65024 2015-07-10] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-14] (ESET)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-10-12] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-09-19] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-11-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-19] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-11-18] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 09:14 - 2015-11-27 09:15 - 00000000 ____D C:\FRST
2015-11-27 09:10 - 2015-11-27 09:10 - 00015327 _____ C:\Users\lukas\Desktop\LM.bat
2015-11-27 09:10 - 2015-11-27 09:07 - 02348544 _____ (Farbar) C:\Users\Default\Desktop\FRST64.exe
2015-11-27 09:10 - 2015-11-27 09:07 - 02348544 _____ (Farbar) C:\Users\Default User\Desktop\FRST64.exe
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default\Desktop\FRSTLauncher.exe
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default User\Desktop\FRSTLauncher.exe
2015-11-27 09:05 - 2015-11-27 09:14 - 00029696 _____ C:\Users\lukas\AppData\Local\MSGBOX.EXE
2015-11-27 08:45 - 2015-11-27 08:45 - 00016148 _____ C:\Windows\system32\NOTEBOOK-6_lukas_HistoryPrediction.bin
2015-11-27 08:39 - 2015-11-27 08:39 - 00000000 ___HD C:\OneDriveTemp
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\rsit
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\Program Files\trend micro
2015-11-24 12:43 - 2015-11-24 12:43 - 00001480 _____ C:\Users\lukas\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2015-11-22 18:35 - 2015-11-22 18:35 - 00000000 ____D C:\Users\lukas\.android
2015-11-22 16:24 - 2015-11-22 16:24 - 00000000 ____D C:\Users\lukas\AppData\Roaming\SAMSUNG
2015-11-22 16:24 - 2015-11-22 16:24 - 00000000 ____D C:\Upload
2015-11-22 16:24 - 2015-11-22 16:24 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-11-22 16:24 - 2015-11-22 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-22 16:23 - 2015-11-22 16:24 - 00000000 ____D C:\Program Files\Samsung
2015-11-22 09:23 - 2015-11-27 08:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-22 09:23 - 2015-11-22 09:23 - 00001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-22 09:23 - 2015-11-22 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-22 09:23 - 2015-11-22 09:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-22 09:23 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-22 09:23 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-22 09:23 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-11-21 19:45 - 2015-11-27 08:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2015-11-21 19:40 - 2015-11-21 19:40 - 00000016 _____ C:\ProgramData\mntemp
2015-11-20 15:17 - 2015-11-20 15:17 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-18 17:02 - 2015-11-18 17:02 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-11-18 14:56 - 2015-11-24 17:05 - 00000000 ____D C:\Users\lukas\AppData\Local\CrashDumps
2015-11-18 12:59 - 2015-11-18 12:59 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-18 12:59 - 2015-11-18 12:59 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-14 09:10 - 2015-11-14 09:10 - 00001649 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windomy.lnk
2015-11-14 09:10 - 2015-11-14 09:10 - 00001637 _____ C:\Users\Public\Desktop\Windomy.lnk
2015-11-14 09:10 - 2015-11-14 09:10 - 00000133 _____ C:\Windows\ODBC.INI
2015-11-14 09:10 - 2015-11-14 09:10 - 00000000 ____D C:\WINDOMY
2015-11-13 22:01 - 2015-11-13 22:02 - 00000000 ____D C:\Users\lukas\AppData\Roaming\GHISLER
2015-11-13 22:01 - 2015-11-13 22:01 - 00000000 ____D C:\totalcmd
2015-11-13 17:15 - 2015-11-13 17:15 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Synology
2015-11-13 17:05 - 2015-11-13 17:15 - 00000000 ____D C:\Program Files (x86)\Synology
2015-11-11 16:26 - 2015-10-12 11:09 - 00450971 ____R C:\Windows\system32\Drivers\etc\hosts.20151111-162655.backup
2015-11-11 11:37 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 11:37 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-11-11 11:37 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-11-11 11:37 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 11:37 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-11-11 11:37 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 11:37 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-11-11 11:37 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2015-11-11 11:37 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-11 11:37 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 11:37 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-11 11:37 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-11-11 11:37 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 11:37 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-11-11 11:37 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2015-11-11 11:37 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-11-11 11:37 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 11:37 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-11-11 11:37 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2015-11-11 11:37 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-11-11 11:37 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2015-11-11 11:37 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2015-11-11 11:37 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 11:37 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-11-11 11:37 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-11-11 11:37 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2015-11-11 11:37 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 11:37 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 11:37 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-11-11 11:37 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2015-11-11 11:37 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 11:37 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2015-11-11 11:37 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-11-11 11:37 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-11-11 11:37 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2015-11-11 11:37 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-11-11 11:37 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2015-11-11 11:37 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-11-11 11:37 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2015-11-11 11:37 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2015-11-11 11:37 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 11:37 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-11-11 11:37 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-11-11 11:37 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-11-11 11:37 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-11-11 11:37 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 11:37 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 11:37 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 11:37 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 11:37 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 11:37 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2015-11-11 11:37 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2015-11-11 11:37 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2015-11-09 19:04 - 2015-11-21 20:55 - 00000000 ____D C:\Users\winpostgr
2015-11-09 19:04 - 2015-11-10 14:46 - 00000000 ____D C:\Users\lukas\AppData\Roaming\.winstrom
2015-11-09 19:04 - 2015-11-09 19:04 - 00001072 _____ C:\Users\Public\Desktop\FlexiBee.lnk
2015-11-09 19:04 - 2015-11-09 19:04 - 00000020 ___SH C:\Users\winpostgr\ntuser.ini
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Šablony
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Soubory cookie
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Poslední
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Okolní tiskárny
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Okolní síť
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Nabídka Start
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Dokumenty
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Data aplikací
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\AppData\Local\Data aplikací
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABRA FlexiBee
2015-11-09 19:04 - 2015-09-21 21:14 - 00000000 ____D C:\Users\winpostgr\AppData\Local\Microsoft Help
2015-11-09 19:03 - 2015-11-13 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-09 19:03 - 2015-11-13 17:13 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-09 19:03 - 2015-11-13 17:13 - 00000000 ____D C:\Users\lukas\.oracle_jre_usage
2015-11-09 19:03 - 2015-11-09 19:03 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Sun
2015-11-09 19:03 - 2015-11-09 19:03 - 00000000 ____D C:\Users\lukas\AppData\LocalLow\Sun
2015-11-09 19:02 - 2015-11-25 11:29 - 00000000 ____D C:\winstrom-data
2015-11-09 19:02 - 2015-11-13 17:14 - 00000000 ____D C:\ProgramData\Oracle
2015-11-09 19:02 - 2015-11-13 17:13 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-09 19:02 - 2015-11-09 19:04 - 00000000 ____D C:\Program Files (x86)\WinStrom
2015-11-09 19:02 - 2015-11-09 19:02 - 00000000 ____D C:\Users\lukas\AppData\LocalLow\Oracle
2015-11-09 11:44 - 2015-11-09 11:44 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Mikrotik
2015-11-08 14:38 - 2015-11-08 14:38 - 00000000 ____D C:\ProgramData\VYDAS
2015-11-06 16:51 - 2015-11-06 16:51 - 00002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2015-11-06 16:51 - 2015-11-06 16:51 - 00000000 ____D C:\Users\lukas\AppData\LocalLow\Google
2015-11-03 13:09 - 2015-11-03 13:31 - 00000000 ____D C:\Program Files (x86)\Správa bytů a nemovitostí
2015-11-03 13:09 - 2015-11-03 13:12 - 00266240 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-11-03 13:09 - 2015-11-03 13:12 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-11-03 13:09 - 2015-11-03 13:12 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Správa bytů a nemovitostí
2015-11-03 12:30 - 2015-11-03 12:30 - 00002202 _____ C:\Users\Public\Desktop\S3 Kasa.lnk
2015-11-03 12:30 - 2015-11-03 12:30 - 00002197 _____ C:\Users\Public\Desktop\Money S3.lnk
2015-11-03 12:30 - 2015-11-03 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CÍGLER SOFTWARE
2015-11-03 12:29 - 2015-11-03 12:29 - 00000000 ____D C:\Program Files (x86)\CIGLER SOFTWARE
2015-11-03 12:28 - 2015-11-03 12:31 - 00000000 ____D C:\ProgramData\CIGLER SOFTWARE
2015-10-30 20:11 - 2015-11-19 09:49 - 00000000 ___HD C:\$WINDOWS.~BT
2015-10-30 19:19 - 2014-02-21 05:20 - 00248512 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2015-10-30 18:16 - 2015-10-30 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-10-30 18:16 - 2015-10-30 18:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 09:14 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-11-27 09:06 - 2015-09-29 08:05 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Skype
2015-11-27 09:06 - 2015-09-20 17:55 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-27 08:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2015-11-27 08:46 - 2015-09-20 19:27 - 00000000 ____D C:\Users\lukas\AppData\Roaming\eM Client
2015-11-27 08:41 - 2015-09-22 11:47 - 00004206 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ED20ADD5-6D1E-453A-B8EB-24A5C0D60013}
2015-11-27 08:41 - 2015-09-20 17:53 - 00000000 ____D C:\Users\lukas\AppData\Local\Adobe
2015-11-27 08:39 - 2015-10-19 15:38 - 00000000 ___RD C:\Users\lukas\Disk Google
2015-11-27 08:39 - 2015-09-19 22:51 - 00000000 ___RD C:\Users\lukas\OneDrive
2015-11-27 08:38 - 2015-10-10 09:27 - 00001042 _____ C:\Windows\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD.job
2015-11-27 08:38 - 2015-09-20 17:55 - 00000988 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-27 08:38 - 2015-09-19 22:48 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-27 08:38 - 2015-09-19 22:48 - 00000000 __SHD C:\Users\lukas\IntelGraphicsProfiles
2015-11-26 08:36 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-25 17:11 - 2015-09-19 22:45 - 00000000 ____D C:\Users\lukas
2015-11-25 11:36 - 2015-09-19 22:48 - 02043558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-25 11:36 - 2015-07-10 17:02 - 00845616 _____ C:\Windows\system32\perfh005.dat
2015-11-25 11:36 - 2015-07-10 17:02 - 00188548 _____ C:\Windows\system32\perfc005.dat
2015-11-25 11:36 - 2015-07-10 12:02 - 00000000 ____D C:\Windows\INF
2015-11-25 11:29 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-24 15:56 - 2015-09-21 15:24 - 00000000 ____D C:\Users\lukas\AppData\Roaming\VSO
2015-11-21 19:45 - 2015-07-10 10:05 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-19 12:40 - 2015-09-21 10:44 - 00003944 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1442828689
2015-11-19 12:40 - 2015-09-21 10:44 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-19 12:40 - 2015-09-21 10:44 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-19 10:35 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache
2015-11-19 09:52 - 2015-09-19 23:31 - 00000000 ____D C:\Windows\Panther
2015-11-18 16:37 - 2015-09-20 22:17 - 00000000 ____D C:\Starcraft - broodwar
2015-11-18 10:53 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-18 10:39 - 2015-07-10 13:20 - 00408144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-18 10:35 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-18 09:25 - 2015-09-28 21:25 - 06361488 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2015-11-13 17:15 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-11-11 11:51 - 2015-09-20 17:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 11:51 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2015-11-11 11:48 - 2015-09-19 22:57 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 11:41 - 2015-09-19 22:57 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-06 16:51 - 2015-09-20 17:54 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-03 19:20 - 2015-07-10 12:06 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 13:16 - 2015-09-19 22:45 - 00000000 ____D C:\Users\lukas\AppData\Local\VirtualStore
2015-10-30 23:36 - 2015-09-29 13:38 - 00000000 ____D C:\Users\lukas\AppData\Roaming\vlc
2015-10-30 21:59 - 2015-09-29 08:05 - 00000000 ____D C:\ProgramData\Skype
2015-10-30 21:42 - 2015-09-20 17:54 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 21:42 - 2015-09-20 17:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-30 19:27 - 2015-09-20 17:35 - 00000000 ____D C:\Users\lukas\AppData\Local\Microsoft Help
2015-10-30 19:17 - 2015-10-27 15:55 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-10-30 19:17 - 2015-10-27 15:55 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-10-30 18:16 - 2015-09-20 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

==================== Files in the root of some directories =======

2015-09-28 11:15 - 2015-09-29 08:29 - 0000418 _____ () C:\Users\lukas\AppData\Roaming\DESKTOP-BDU8D0B.MTBF.txt
2015-11-24 12:43 - 2015-11-24 12:43 - 0001480 _____ () C:\Users\lukas\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2015-09-28 11:16 - 2015-09-28 11:16 - 0003584 _____ () C:\Users\lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-27 09:05 - 2015-11-27 09:14 - 0029696 _____ () C:\Users\lukas\AppData\Local\MSGBOX.EXE
2015-10-09 22:17 - 2015-10-09 22:17 - 0026253 _____ () C:\Users\lukas\AppData\Local\recently-used.xbel
2015-09-29 10:15 - 2015-09-29 10:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-10 08:15 - 2015-10-10 08:22 - 0000824 _____ () C:\ProgramData\hpzinstall.log
2015-11-21 19:40 - 2015-11-21 19:40 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\lukas\AppData\Local\Temp\dllnt_dump.dll
C:\Users\lukas\AppData\Local\Temp\HPInstaller.exe
C:\Users\lukas\AppData\Local\Temp\i4jdel0.exe
C:\Users\lukas\AppData\Local\Temp\InstHelper.exe
C:\Users\lukas\AppData\Local\Temp\sqlite3.dll
C:\Users\lukas\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-13 13:53

==================== End of FRST.txt ============================

#4 Příspěvek od **altrok** » 27 lis 2015 15:35

MBAM jeste nevycistil vsechno.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

lukin80s · #5 Příspěvek od **lukin80s** » 27 lis 2015 16:41

altrok píše: MBAM jeste nevycistil vsechno.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
ukoncete vsechny programy

kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)

kliknete na Scan, pote na Cleaning

po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

--------------------------------------------------------------------------------------------

Dobrý den,
posílám zde.
Děkuji mnohokrát
Lukáš

# AdwCleaner v5.022 - Logfile created 27/11/2015 at 16:31:03
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : lukas - NOTEBOOK-6
# Running from : D:\- Lukin Data\Desktop\adwcleaner_5.022.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[#] Folder Deleted : C:\ProgramData\mntemp
[-] Folder Deleted : C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D1A47ADC-2940-4689-98CC-88D223F3A9CE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D1A47ADC-2940-4689-98CC-88D223F3A9CE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Description

***** [ Web browsers ] *****

[-] [C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1196 bytes] ##########

#6 Příspěvek od **altrok** » 27 lis 2015 16:49

Dejte prosim logy FRST.txt a Addition.txt (staci bez FRSTLauncheru).

lukin80s · #7 Příspěvek od **lukin80s** » 27 lis 2015 17:02

altrok píše: Dejte prosim logy FRST.txt a Addition.txt (staci bez FRSTLauncheru).

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015
Ran by lukas (administrator) on NOTEBOOK-6 (27-11-2015 16:59:14)
Running from D:\- Lukin Data\Desktop
Loaded Profiles: lukas & winpostgr (Available Profiles: lukas & winpostgr)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(CSH spol. s r.o.) C:\Program Files (x86)\CSH\DomovSrv\DomovSrv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.CSH2014\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\pg_ctl.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(FlexiBee Systems s.r.o.) C:\Program Files (x86)\WinStrom\WinStromService.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_65\bin\java.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(eM Client, Inc.) C:\Program Files (x86)\eM Client\MailClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-09-19] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-09-19] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-10-22] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [GoogleChromeAutoLaunch_335DEAC781E571D7D2368A08FFCEB343] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {3bb0680e-5f17-11e5-9bc4-54bef7555d3c} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {c86403bf-5f15-11e5-9bc2-806e6f6e6963} - "E:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Manažer služeb CSH.lnk [2015-10-27]
ShortcutTarget: Manažer služeb CSH.lnk -> C:\Program Files (x86)\CSH\CSHSvMgr\CSHSvMgr.exe (CSH spol. s r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.254
Tcpip\..\Interfaces\{665f181d-671a-4723-ba0a-554c6cbcbbf7}: [DhcpNameServer] 192.168.0.1 192.168.0.254

Internet Explorer:
==================
HKU\S-1-5-21-530442407-2899243224-74396006-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-13] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-13] (Oracle Corporation)
DPF: HKLM-x32 {4E94DD12-E0E0-5C87-9E61-4F4C4B0052BB} hxxp://192.168.0.232:5000/webman/3rdparty/SurveillanceStation/object/SurveillanceHelper.cab?undefined
DPF: HKLM-x32 {D63FBD76-6EAA-43C0-BAFB-474D5FD9AD3F} hxxp://192.168.0.232:5000/webman/3rdparty/SurveillanceStation/object/SurveillancePlugin.cab?undefined

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper_x86_64.dll [2015-10-28] (Synology)
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.770\npSurveillancePlugin_x86_64.dll [2015-10-28] (Synology)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper.dll [2015-10-28] (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.770\npSurveillancePlugin.dll [2015-10-28] (Synology)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-20]
CHR Extension: (Dokumenty Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-20]
CHR Extension: (Disk Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Vyhledávání Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-20]
CHR Extension: (Page Analytics (by Google)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-11-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (feedly) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-09-21]
CHR Extension: (Lyoness Cashback Bar) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibocncflemnoggjhchgnakpnhdiajnjl [2015-09-21]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-11-27]
CHR Extension: (Bleaner) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-11-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-20]
CHR Extension: (ASANA Translate) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmjfjdbamonmaajclfcpicaanaonlfc [2015-09-29]
CHR Extension: (Rozšíření Odběry RSS (od Googlu)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-09-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-20]
CHR Extension: (Gmail) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-20]
CHR HKU\S-1-5-21-530442407-2899243224-74396006-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 CSHDomovnik_Service; C:\Program Files (x86)\CSH\DomovSrv\DomovSrv.exe [1909952 2015-09-29] (CSH spol. s r.o.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-09-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 MSSQL$CSH2014; C:\Program Files\Microsoft SQL Server\MSSQL12.CSH2014\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Service1; C:\Program Files (x86)\WinStrom\winstromservice.exe [586752 2015-06-15] (FlexiBee Systems s.r.o.) [File not signed]
S4 SQLAgent$CSH2014; C:\Program Files\Microsoft SQL Server\MSSQL12.CSH2014\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340992 2014-10-22] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-09-19] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WinStrom-PostgreSQL; C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\pg_ctl.exe [76800 2014-03-18] (PostgreSQL Global Development Group) [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 BTHprint; C:\Windows\system32\DRIVERS\bthprint.sys [65024 2015-07-10] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-14] (ESET)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-10-12] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-09-19] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-11-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-19] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-11-18] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 16:49 - 2015-11-27 16:49 - 00000000 ___HD C:\OneDriveTemp
2015-11-27 16:48 - 2015-11-27 16:48 - 00016148 _____ C:\Windows\system32\NOTEBOOK-6_lukas_HistoryPrediction.bin
2015-11-27 09:14 - 2015-11-27 16:59 - 00000000 ____D C:\FRST
2015-11-27 09:10 - 2015-11-27 09:10 - 00015327 _____ C:\Users\lukas\Desktop\LM.bat
2015-11-27 09:10 - 2015-11-27 09:07 - 02348544 _____ (Farbar) C:\Users\Default\Desktop\FRST64.exe
2015-11-27 09:10 - 2015-11-27 09:07 - 02348544 _____ (Farbar) C:\Users\Default User\Desktop\FRST64.exe
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default\Desktop\FRSTLauncher.exe
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default User\Desktop\FRSTLauncher.exe
2015-11-27 09:05 - 2015-11-27 09:20 - 00029696 _____ C:\Users\lukas\AppData\Local\MSGBOX.EXE
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\rsit
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\Program Files\trend micro
2015-11-24 12:43 - 2015-11-24 12:43 - 00001480 _____ C:\Users\lukas\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2015-11-22 18:35 - 2015-11-22 18:35 - 00000000 ____D C:\Users\lukas\.android
2015-11-22 16:24 - 2015-11-22 16:24 - 00000000 ____D C:\Users\lukas\AppData\Roaming\SAMSUNG
2015-11-22 16:24 - 2015-11-22 16:24 - 00000000 ____D C:\Upload
2015-11-22 16:24 - 2015-11-22 16:24 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-11-22 16:24 - 2015-11-22 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-22 16:23 - 2015-11-22 16:24 - 00000000 ____D C:\Program Files\Samsung
2015-11-22 09:23 - 2015-11-27 16:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-22 09:23 - 2015-11-22 09:23 - 00001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-22 09:23 - 2015-11-22 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-22 09:23 - 2015-11-22 09:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-22 09:23 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-22 09:23 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-22 09:23 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-11-21 19:45 - 2015-11-27 08:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2015-11-20 15:17 - 2015-11-20 15:17 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-18 17:02 - 2015-11-18 17:02 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-11-18 14:56 - 2015-11-24 17:05 - 00000000 ____D C:\Users\lukas\AppData\Local\CrashDumps
2015-11-18 12:59 - 2015-11-18 12:59 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-18 12:59 - 2015-11-18 12:59 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-14 09:10 - 2015-11-14 09:10 - 00001649 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windomy.lnk
2015-11-14 09:10 - 2015-11-14 09:10 - 00001637 _____ C:\Users\Public\Desktop\Windomy.lnk
2015-11-14 09:10 - 2015-11-14 09:10 - 00000133 _____ C:\Windows\ODBC.INI
2015-11-14 09:10 - 2015-11-14 09:10 - 00000000 ____D C:\WINDOMY
2015-11-13 22:01 - 2015-11-13 22:02 - 00000000 ____D C:\Users\lukas\AppData\Roaming\GHISLER
2015-11-13 22:01 - 2015-11-13 22:01 - 00000000 ____D C:\totalcmd
2015-11-13 17:15 - 2015-11-13 17:15 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Synology
2015-11-13 17:05 - 2015-11-13 17:15 - 00000000 ____D C:\Program Files (x86)\Synology
2015-11-11 16:26 - 2015-10-12 11:09 - 00450971 ____R C:\Windows\system32\Drivers\etc\hosts.20151111-162655.backup
2015-11-11 11:37 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 11:37 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-11-11 11:37 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-11-11 11:37 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 11:37 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-11-11 11:37 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 11:37 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-11-11 11:37 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2015-11-11 11:37 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-11 11:37 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 11:37 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-11 11:37 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-11-11 11:37 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 11:37 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-11-11 11:37 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2015-11-11 11:37 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-11-11 11:37 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 11:37 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-11-11 11:37 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2015-11-11 11:37 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-11-11 11:37 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2015-11-11 11:37 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2015-11-11 11:37 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 11:37 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-11-11 11:37 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-11-11 11:37 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2015-11-11 11:37 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 11:37 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 11:37 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-11-11 11:37 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2015-11-11 11:37 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 11:37 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2015-11-11 11:37 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-11-11 11:37 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-11-11 11:37 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2015-11-11 11:37 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-11-11 11:37 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2015-11-11 11:37 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-11-11 11:37 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2015-11-11 11:37 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2015-11-11 11:37 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 11:37 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-11-11 11:37 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-11-11 11:37 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-11-11 11:37 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-11-11 11:37 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 11:37 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 11:37 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 11:37 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 11:37 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 11:37 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2015-11-11 11:37 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2015-11-11 11:37 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2015-11-09 19:04 - 2015-11-21 20:55 - 00000000 ____D C:\Users\winpostgr
2015-11-09 19:04 - 2015-11-10 14:46 - 00000000 ____D C:\Users\lukas\AppData\Roaming\.winstrom
2015-11-09 19:04 - 2015-11-09 19:04 - 00001072 _____ C:\Users\Public\Desktop\FlexiBee.lnk
2015-11-09 19:04 - 2015-11-09 19:04 - 00000020 ___SH C:\Users\winpostgr\ntuser.ini
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Šablony
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Soubory cookie
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Poslední
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Okolní tiskárny
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Okolní síť
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Nabídka Start
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Dokumenty
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\Data aplikací
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 _SHDL C:\Users\winpostgr\AppData\Local\Data aplikací
2015-11-09 19:04 - 2015-11-09 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABRA FlexiBee
2015-11-09 19:04 - 2015-09-21 21:14 - 00000000 ____D C:\Users\winpostgr\AppData\Local\Microsoft Help
2015-11-09 19:03 - 2015-11-13 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-09 19:03 - 2015-11-13 17:13 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-09 19:03 - 2015-11-13 17:13 - 00000000 ____D C:\Users\lukas\.oracle_jre_usage
2015-11-09 19:03 - 2015-11-09 19:03 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Sun
2015-11-09 19:03 - 2015-11-09 19:03 - 00000000 ____D C:\Users\lukas\AppData\LocalLow\Sun
2015-11-09 19:02 - 2015-11-27 16:48 - 00000000 ____D C:\winstrom-data
2015-11-09 19:02 - 2015-11-13 17:14 - 00000000 ____D C:\ProgramData\Oracle
2015-11-09 19:02 - 2015-11-13 17:13 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-09 19:02 - 2015-11-09 19:04 - 00000000 ____D C:\Program Files (x86)\WinStrom
2015-11-09 19:02 - 2015-11-09 19:02 - 00000000 ____D C:\Users\lukas\AppData\LocalLow\Oracle
2015-11-09 11:44 - 2015-11-09 11:44 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Mikrotik
2015-11-08 14:38 - 2015-11-08 14:38 - 00000000 ____D C:\ProgramData\VYDAS
2015-11-06 16:51 - 2015-11-06 16:51 - 00002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2015-11-06 16:51 - 2015-11-06 16:51 - 00000000 ____D C:\Users\lukas\AppData\LocalLow\Google
2015-11-03 13:09 - 2015-11-03 13:31 - 00000000 ____D C:\Program Files (x86)\Správa bytů a nemovitostí
2015-11-03 13:09 - 2015-11-03 13:12 - 00266240 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-11-03 13:09 - 2015-11-03 13:12 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-11-03 13:09 - 2015-11-03 13:12 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Správa bytů a nemovitostí
2015-11-03 12:30 - 2015-11-03 12:30 - 00002202 _____ C:\Users\Public\Desktop\S3 Kasa.lnk
2015-11-03 12:30 - 2015-11-03 12:30 - 00002197 _____ C:\Users\Public\Desktop\Money S3.lnk
2015-11-03 12:30 - 2015-11-03 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CÍGLER SOFTWARE
2015-11-03 12:29 - 2015-11-03 12:29 - 00000000 ____D C:\Program Files (x86)\CIGLER SOFTWARE
2015-11-03 12:28 - 2015-11-03 12:31 - 00000000 ____D C:\ProgramData\CIGLER SOFTWARE
2015-10-30 20:11 - 2015-11-19 09:49 - 00000000 ___HD C:\$WINDOWS.~BT
2015-10-30 19:19 - 2014-02-21 05:20 - 00248512 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2015-10-30 18:16 - 2015-10-30 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-10-30 18:16 - 2015-10-30 18:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 16:56 - 2015-09-20 19:27 - 00000000 ____D C:\Users\lukas\AppData\Roaming\eM Client
2015-11-27 16:55 - 2015-09-19 22:48 - 02043558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-27 16:55 - 2015-07-10 17:02 - 00845616 _____ C:\Windows\system32\perfh005.dat
2015-11-27 16:55 - 2015-07-10 17:02 - 00188548 _____ C:\Windows\system32\perfc005.dat
2015-11-27 16:55 - 2015-07-10 12:02 - 00000000 ____D C:\Windows\INF
2015-11-27 16:51 - 2015-09-29 08:05 - 00000000 ____D C:\Users\lukas\AppData\Roaming\Skype
2015-11-27 16:49 - 2015-10-19 15:38 - 00000000 ___RD C:\Users\lukas\Disk Google
2015-11-27 16:49 - 2015-09-20 17:55 - 00000988 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-27 16:49 - 2015-09-19 22:51 - 00000000 ___RD C:\Users\lukas\OneDrive
2015-11-27 16:49 - 2015-09-19 22:48 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-27 16:49 - 2015-09-19 22:48 - 00000000 __SHD C:\Users\lukas\IntelGraphicsProfiles
2015-11-27 16:48 - 2015-10-10 09:27 - 00001042 _____ C:\Windows\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD.job
2015-11-27 16:48 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-27 16:48 - 2015-07-10 10:05 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-27 16:31 - 2015-10-12 12:01 - 00000000 ____D C:\AdwCleaner
2015-11-27 16:24 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2015-11-27 15:06 - 2015-09-20 17:55 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-27 15:01 - 2015-09-22 11:47 - 00004206 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ED20ADD5-6D1E-453A-B8EB-24A5C0D60013}
2015-11-27 09:16 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-11-27 08:41 - 2015-09-20 17:53 - 00000000 ____D C:\Users\lukas\AppData\Local\Adobe
2015-11-26 08:36 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-25 17:11 - 2015-09-19 22:45 - 00000000 ____D C:\Users\lukas
2015-11-24 15:56 - 2015-09-21 15:24 - 00000000 ____D C:\Users\lukas\AppData\Roaming\VSO
2015-11-19 12:40 - 2015-09-21 10:44 - 00003944 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1442828689
2015-11-19 12:40 - 2015-09-21 10:44 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-19 12:40 - 2015-09-21 10:44 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-19 10:35 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache
2015-11-19 09:52 - 2015-09-19 23:31 - 00000000 ____D C:\Windows\Panther
2015-11-18 16:37 - 2015-09-20 22:17 - 00000000 ____D C:\Starcraft - broodwar
2015-11-18 10:53 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-18 10:39 - 2015-07-10 13:20 - 00408144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-18 10:35 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-18 09:25 - 2015-09-28 21:25 - 06361488 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2015-11-13 17:15 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-11-11 11:51 - 2015-09-20 17:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 11:51 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2015-11-11 11:48 - 2015-09-19 22:57 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 11:41 - 2015-09-19 22:57 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-06 16:51 - 2015-09-20 17:54 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-03 19:20 - 2015-07-10 12:06 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 13:16 - 2015-09-19 22:45 - 00000000 ____D C:\Users\lukas\AppData\Local\VirtualStore
2015-10-30 23:36 - 2015-09-29 13:38 - 00000000 ____D C:\Users\lukas\AppData\Roaming\vlc
2015-10-30 21:59 - 2015-09-29 08:05 - 00000000 ____D C:\ProgramData\Skype
2015-10-30 21:42 - 2015-09-20 17:54 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 21:42 - 2015-09-20 17:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-30 19:27 - 2015-09-20 17:35 - 00000000 ____D C:\Users\lukas\AppData\Local\Microsoft Help
2015-10-30 19:17 - 2015-10-27 15:55 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-10-30 19:17 - 2015-10-27 15:55 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-10-30 18:16 - 2015-09-20 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

==================== Files in the root of some directories =======

2015-09-28 11:15 - 2015-09-29 08:29 - 0000418 _____ () C:\Users\lukas\AppData\Roaming\DESKTOP-BDU8D0B.MTBF.txt
2015-11-24 12:43 - 2015-11-24 12:43 - 0001480 _____ () C:\Users\lukas\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2015-09-28 11:16 - 2015-09-28 11:16 - 0003584 _____ () C:\Users\lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-27 09:05 - 2015-11-27 09:20 - 0029696 _____ () C:\Users\lukas\AppData\Local\MSGBOX.EXE
2015-10-09 22:17 - 2015-10-09 22:17 - 0026253 _____ () C:\Users\lukas\AppData\Local\recently-used.xbel
2015-09-29 10:15 - 2015-09-29 10:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-10 08:15 - 2015-10-10 08:22 - 0000824 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\lukas\AppData\Local\Temp\dllnt_dump.dll
C:\Users\lukas\AppData\Local\Temp\HPInstaller.exe
C:\Users\lukas\AppData\Local\Temp\i4jdel0.exe
C:\Users\lukas\AppData\Local\Temp\InstHelper.exe
C:\Users\lukas\AppData\Local\Temp\sqlite3.dll
C:\Users\lukas\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-13 13:53

==================== End of FRST.txt ============================

#8 Příspěvek od **altrok** » 27 lis 2015 18:13

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {3bb0680e-5f17-11e5-9bc4-54bef7555d3c} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {c86403bf-5f15-11e5-9bc2-806e6f6e6963} - "E:\LaunchU3.exe" -a
CHR Extension: (Bleaner) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-11-27]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-11-27]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default\Desktop\FRSTLauncher.exe
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default User\Desktop\FRSTLauncher.exe
2015-11-27 09:05 - 2015-11-27 09:20 - 00029696 _____ C:\Users\lukas\AppData\Local\MSGBOX.EXE
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\rsit
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\Program Files\trend micro
2015-11-27 16:31 - 2015-10-12 12:01 - 00000000 ____D C:\AdwCleaner
Task: {DAC7164F-6E84-4D88-AD12-9E7503C705E6} - System32\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD => C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD.job => C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe <==== ATTENTION
C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe
ShortcutWithArgument: C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1444466570&a=1003897" <==== ATTENTION
ShortcutWithArgument: C:\Users\lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1444466570&a=1003897" <==== ATTENTION
ShortcutWithArgument: C:\Users\lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://esurf.biz/?ssid=1444466570&a=1003897" <==== ATTENTION
EmptyTemp:
End

lukin80s · #9 Příspěvek od **lukin80s** » 27 lis 2015 18:42

altrok píše:

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {3bb0680e-5f17-11e5-9bc4-54bef7555d3c} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {c86403bf-5f15-11e5-9bc2-806e6f6e6963} - "E:\LaunchU3.exe" -a
CHR Extension: (Bleaner) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-11-27]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-11-27]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default\Desktop\FRSTLauncher.exe
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default User\Desktop\FRSTLauncher.exe
2015-11-27 09:05 - 2015-11-27 09:20 - 00029696 _____ C:\Users\lukas\AppData\Local\MSGBOX.EXE
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\rsit
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\Program Files\trend micro
2015-11-27 16:31 - 2015-10-12 12:01 - 00000000 ____D C:\AdwCleaner
Task: {DAC7164F-6E84-4D88-AD12-9E7503C705E6} - System32\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD => C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD.job => C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe <==== ATTENTION
C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe
ShortcutWithArgument: C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1444466570&a=1003897" <==== ATTENTION
ShortcutWithArgument: C:\Users\lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1444466570&a=1003897" <==== ATTENTION
ShortcutWithArgument: C:\Users\lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://esurf.biz/?ssid=1444466570&a=1003897" <==== ATTENTION
EmptyTemp:
End

------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version:26-11-2015
Ran by lukas (2015-11-27 18:15:34) Run:1
Running from D:\- Lukin Data\Desktop
Loaded Profiles: lukas & winpostgr (Available Profiles: lukas & winpostgr)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {3bb0680e-5f17-11e5-9bc4-54bef7555d3c} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-530442407-2899243224-74396006-1001\...\MountPoints2: {c86403bf-5f15-11e5-9bc2-806e6f6e6963} - "E:\LaunchU3.exe" -a
CHR Extension: (Bleaner) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-11-27]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-11-27]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default\Desktop\FRSTLauncher.exe
2015-11-27 09:10 - 2015-11-27 09:05 - 00112640 _____ (forum.viry.cz) C:\Users\Default User\Desktop\FRSTLauncher.exe
2015-11-27 09:05 - 2015-11-27 09:20 - 00029696 _____ C:\Users\lukas\AppData\Local\MSGBOX.EXE
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\rsit
2015-11-26 12:09 - 2015-11-26 12:09 - 00000000 ____D C:\Program Files\trend micro
2015-11-27 16:31 - 2015-10-12 12:01 - 00000000 ____D C:\AdwCleaner
Task: {DAC7164F-6E84-4D88-AD12-9E7503C705E6} - System32\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD => C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD.job => C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe <==== ATTENTION
C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe
ShortcutWithArgument: C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1444466570&a=1003897" <==== ATTENTION
ShortcutWithArgument: C:\Users\lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1444466570&a=1003897" <==== ATTENTION
ShortcutWithArgument: C:\Users\lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://esurf.biz/?ssid=1444466570&a=1003897" <==== ATTENTION
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-530442407-2899243224-74396006-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
"HKU\S-1-5-21-530442407-2899243224-74396006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bb0680e-5f17-11e5-9bc4-54bef7555d3c}" => key removed successfully
HKCR\CLSID\{3bb0680e-5f17-11e5-9bc4-54bef7555d3c} => key not found.
"HKU\S-1-5-21-530442407-2899243224-74396006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86403bf-5f15-11e5-9bc2-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{c86403bf-5f15-11e5-9bc2-806e6f6e6963} => key not found.
C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi => moved successfully
C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk => moved successfully
hpqcxs08 => service removed successfully
C:\Users\Default\Desktop\FRSTLauncher.exe => moved successfully
"C:\Users\Default User\Desktop\FRSTLauncher.exe" => not found.
C:\Users\lukas\AppData\Local\MSGBOX.EXE => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\AdwCleaner => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DAC7164F-6E84-4D88-AD12-9E7503C705E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAC7164F-6E84-4D88-AD12-9E7503C705E6}" => key removed successfully
C:\Windows\System32\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\qBZPdAu6GGxFjOuLLFKpwMWD" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\qBZPdAu6GGxFjOuLLFKpwMWD.job => moved successfully
"C:\Users\lukas\AppData\Roaming\qBZPdAu6GGxFjOuLLFKpwMWD.exe" => not found.
C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\lukas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk => Shortcut argument removed successfully.
EmptyTemp: => 8.7 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 18:22:22 ====

#10 Příspěvek od **altrok** » 27 lis 2015 18:56

Jak se pocitac chova?

Znovu spustte FRST64.exe, zatrhnete Addition.txt a Shortcut.txt. Pote kliknete na Scan - vsechny 3 vytvorene logy vlozte do pristich odpovedi.

lukin80s · #11 Příspěvek od **lukin80s** » 27 lis 2015 19:54

altrok píše: Jak se pocitac chova?

Znovu spustte FRST64.exe, zatrhnete Addition.txt a Shortcut.txt. Pote kliknete na Scan - vsechny 3 vytvorene logy vlozte do pristich odpovedi.

-------------------------
co se týče chování, ani předtím jsem neznamenával nějaké problémy vizuálně, před cca 14 dny jsem měl problémy s nějakou reklamou co se zobrazovala pak jsem to začal čistit a poslední co stále hlásilo problémy byl ten anti-malware. Spustím ho ale docela to trvá. spustím až odešlu tento příspěvek.
děkuju moc za pomoc

#12 Příspěvek od **altrok** » 28 lis 2015 03:51

OK, poslete log z MBAMu az dokonci sken.

lukin80s · #13 Příspěvek od **lukin80s** » 28 lis 2015 08:27

lukin80s píše:
altrok píše: Jak se pocitac chova?

Znovu spustte FRST64.exe, zatrhnete Addition.txt a Shortcut.txt. Pote kliknete na Scan - vsechny 3 vytvorene logy vlozte do pristich odpovedi.
-------------------------
co se týče chování, ani předtím jsem neznamenával nějaké problémy vizuálně, před cca 14 dny jsem měl problémy s nějakou reklamou co se zobrazovala pak jsem to začal čistit a poslední co stále hlásilo problémy byl ten anti-malware. Spustím ho ale docela to trvá. spustím až odešlu tento příspěvek.
děkuju moc za pomoc

-----------------------------

tak jsem to proscanoval a opět to samé:
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28.11.2015
Čas skenování: 8:23:47
Protokol:
Správce: Ano

Verze: 2.00.0.1000
Databáze malwaru: v2015.11.27.03
Databáze rootkitů: v2015.11.26.01
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Chameleon: Vypnuto

OS: Windows 8
CPU: x64
Souborový systém: NTFS
Uživatel: lukas

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 980758
Uplynulý čas: 11 hod, 11 min, 2 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Shuriken: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 3
PUP.Optional.CrossRider, C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi, , [728d86fcb8d3092d22811b76d42e936d],
PUP.Optional.CrossRider, C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0, , [728d86fcb8d3092d22811b76d42e936d],
PUP.Optional.CrossRider, C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\_metadata, , [728d86fcb8d3092d22811b76d42e936d],

Soubory: 2
PUP.Optional.CrossRider, C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\_metadata\computed_hashes.json, , [728d86fcb8d3092d22811b76d42e936d],
PUP.Optional.CrossRider, C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\_metadata\verified_contents.json, , [728d86fcb8d3092d22811b76d42e936d],

Fyzické sektory: 0
(No malicious items detected)

(end)

#14 Příspěvek od **altrok** » 29 lis 2015 23:17

Zazalohujte si zalozky a hesla v Chromu napr. pomoci http://www.stahuj.centrum.cz/internet_a ... me-backup/ a potom Chrome preinstalujte.

Netreba vzdy provadet sken MBAMem celeho systemu, ale v pruzkumniku se podivejte, zda konkretni slozka opet existuje. C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi

lukin80s · #15 Příspěvek od **lukin80s** » 30 lis 2015 12:29

altrok píše:Zazalohujte si zalozky a hesla v Chromu napr. pomoci http://www.stahuj.centrum.cz/internet_a ... me-backup/ a potom Chrome preinstalujte.

Netreba vzdy provadet sken MBAMem celeho systemu, ale v pruzkumniku se podivejte, zda konkretni slozka opet existuje. C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi

-------------------------------------------------
vypadá to dobře MBAMMem už nic nenašel

Chrom se nechtěl odinstalovat, pořád hlásil že je spuštené nějaké okno, přeinstaloval jsem ho znova, pak odinstaloval, smazal vše zde C:\Users\lukas\AppData\Local\Google\Chrome (složka Chrome neexistovala)
nainstaloval jsem znovu chorm Ta konkrétní složka tam nění, jsou tam podobné divné, ale nevím jestli tam takové složky nemají být

Při vypínání mám DDE server Windows brání ve vypnutí a visí tam Program manager, ale za vteřinu to zhasne, možná to nesouvisí.

děkuju moc, na oplátku kdyby jste chtěl něco kolem rámů na obrazy (ramomat.cz nebo zavesne-systemy.cz) rád vám zařídím slevu 40%

hezký den
Lukáš

VIRY.CZ

Virus CrossRider

Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider

Re: Virus CrossRider