VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola NTB

https://forum.viry.cz:443/viewtopic.php?t=148165

Stránka 1 z 3

Kontrola NTB

Napsal: 02 bře 2016 18:48
od mirekzilinsky
Dobrý den.
Mohu poprosit o zkontrolování NTB?Zdá se mi pomalý a nejdou odesílat bankovní platby.
I.část
Logfile of random's system information tool 1.10 (written by random/random)
Run by Mirek Žilinský at 2016-03-02 18:36:27
Microsoft Windows 8.1
System drive C: has 483 GB (53%) free of 905 GB
Total RAM: 3957 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:36:31, on 2. 3. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Mirek Žilinský.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 3A906888C9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
O4 - HKLM\..\Run: [IntellingentTouchpad] C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [Samsung Appstore] "C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\autoit.exe" "C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\up.au3"
O4 - HKUS\S-1-5-21-3463759695-2384613024-3718543959-1001\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 8265 bytes

======Listing Processes======





wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"C:\WINDOWS\system32\nvvsvc.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
dashost.exe {6e9adf0f-64d6-4419-bb902bcfb2b23b81}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"

"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe /Embedding

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-758fef6d-9c40-4d34-8399-1d9cfd797fe2 -SystemEventPortName:HostProcess-1248ca80-6cbe-4da4-85fe-a4b98fcbe879 -IoCancelEventPortName:HostProcess-8ccd038b-eedf-42e9-a979-ea36a38b8afa -NonStateChangingEventPortName:HostProcess-890a4beb-8e20-4a9d-8f2c-4287a0700051 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a9f3b9fb-8bc0-483e-947d-00c648bc7757 -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\WINDOWS\system32\GWX\GWX.exe"
"C:\WINDOWS\system32\igfxsrvc.exe" -Embedding
"C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe"

"C:\Program Files\Windows Defender\MSASCui.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --load-and-launch-app="C:\Users\Mirek Žilinský\AppData\Roaming\Mozila"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=dev-m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2657.3 --handshake-handle=0x148
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3960.0.2077794221\1098085725" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,14,23,52 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3316 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,DownloadResumption<DownloadResumptionRollout,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials="AppBannerTriggering/Aggressive/AsyncSetAsDefault/Disabled/*AutofillFieldMetadata/Enabled/*AutomaticTabDiscarding/Enabled_Once_10/*BackgroundTracing/default/BrotliEncoding/Control/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeSuggestions/FeedbackRanker CTR 1/*ClientSideDetectionModel/Model2/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/default/DownloadResumptionRollout/Enabled/*EnableMediaRouter/Enabled/EnableMediaRouterWithCastExtension/Enabled/EnableWin32kLockDownMimeTypes/FlashEnabled_Control/*ExtensionActionRedesign/Enabled/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/KeywordAllowsMissingRegistryDev/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Enabled/PasswordBranding/Disabled/*PasswordGeneration/Enabled/PasswordSmartBubble/10-Times/PluginPowerSaver/Enabled/*PreRead/EnabledNormalPriority4/*QUIC/EnabledNewRTO/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*SchedulerExpensiveTaskBlocking/Default/*SimpleCacheTrial/ExperimentYes/*SiteEngagement/Default/*SpdyEnableDependencies/Default/StackProfiling/Report profiles/*StrictSecureCookies/Disabled/*StunProbeTrial2/Default/*TriggeredResetFieldTrial/On/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UpdateRendererPriorityOnStartup/DisableStartupPriority2/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-StunInterPacketDelay/Default/use-new-media-cache/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3960.3.1206394885\540340565" --font-cache-shared-handle=4348 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 572 576 584 65536 580
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetServiceDss -RestrictPrivileges -AccessKey 70FB62A1-203C-B5AD-D349-1CF46D0E1B10 -Reinvoke
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
"C:\WINDOWS\system32\RunDll32.exe" "C:\WINDOWS\system32\WerConCpl.dll", LaunchErcApp -queuereporting
"C:\Users\Mirek Žilinský\Downloads\RSITx64 (1).exe"

C:\WINDOWS\system32\wbem\wmiprvse.exe

Re: Kontrola NTB

Napsal: 02 bře 2016 18:58
od mirekzilinsky
II.část
======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
2016-03-02 18:36:27 ----D---- C:\rsit
2016-02-09 23:56:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-02-09 23:56:35 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-02-09 23:56:35 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-02-09 23:56:35 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-02-09 23:56:35 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-02-09 23:56:32 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-02-09 23:56:32 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-02-09 23:56:29 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-02-09 23:05:44 ----A---- C:\WINDOWS\system32\shell32.dll
2016-02-09 23:05:43 ----A---- C:\WINDOWS\system32\twinui.dll
2016-02-09 23:05:42 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-02-09 23:05:41 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2016-02-09 23:05:40 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2016-02-09 23:05:40 ----A---- C:\WINDOWS\system32\authui.dll
2016-02-09 23:05:32 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 23:05:31 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2016-02-09 23:05:31 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-02-09 23:05:31 ----A---- C:\WINDOWS\system32
\KernelBase.dll
2016-02-09 23:05:31 ----A---- C:\WINDOWS\system32\combase.dll
2016-02-09 23:05:30 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2016-02-09 23:05:30 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2016-02-09 23:05:30 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-02-09 23:05:30 ----A---- C:\WINDOWS\system32\WinTypes.dll
2016-02-09 23:05:30 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 23:05:29 ----A---- C:\WINDOWS\SYSWOW64\WinSync.dll
2016-02-09 23:05:29 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2016-02-09 23:05:29 ----A---- C:\WINDOWS\system32\WinSync.dll
2016-02-09 23:05:29 ----A---- C:\WINDOWS\system32\drivers
\mrxdav.sys
2016-02-09 23:05:28 ----A---- C:\WINDOWS\system32\invagent.dll
2016-02-09 23:05:28 ----A---- C:\WINDOWS\system32\generaltel.dll
2016-02-09 23:05:28 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-02-09 23:05:28 ----A---- C:\WINDOWS\system32\aeinv.dll
2016-02-09 23:05:27 ----A---- C:\WINDOWS\system32\devinv.dll
2016-02-09 23:05:27 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2016-02-09 23:05:27 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-02-09 23:05:23 ----A---- C:\WINDOWS\SYSWOW64\mtxoci.dll
2016-02-09 23:05:23 ----A---- C:\WINDOWS\SYSWOW64\msorcl32.dll
2016-02-09 23:05:23 ----A---- C:\WINDOWS\SYSWOW64\EncDec.dll
2016-02-09 23:05:23 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2016-02-09 23:05:23 ----A---- C:\WINDOWS\system32\mtxoci.dll
2016-02-09 23:05:23 ----A---- C:\WINDOWS\system32\EncDec.dll
2016-02-09 23:05:23 ----A---- C:\WINDOWS\system32\CPFilters.dll
2016-02-09 23:05:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2016-02-09 23:05:22 ----A---- C:\WINDOWS\SYSWOW64\cfgbkend.dll
2016-02-09 23:05:21 ----A---- C:\WINDOWS\SYSWOW64\glcndFilter.dll
2016-02-09 23:05:21 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-09 23:05:21 ----A---- C:\WINDOWS\system32\glcndFilter.dll
2016-02-09 23:05:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2016-02-09 23:05:20 ----A---- C:\WINDOWS\system32\win32k.sys
2016-02-09 23:05:16 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2016-02-09 23:05:16 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2016-02-09 23:05:16 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-02-09 23:05:16 ----A---- C:\WINDOWS\system32\kerberos.dll
2016-02-09 23:05:16 ----A---- C:\WINDOWS\system32\drivers\mrxsmb20.sys
2016-02-09 23:05:16 ----A---- C:\WINDOWS\system32\drivers
\mrxsmb.sys
2016-02-09 23:05:16 ----A---- C:\WINDOWS\system32\certcli.dll
2016-02-09 23:05:15 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2016-02-09 23:05:15 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-02-09 23:05:15 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2016-02-09 23:05:09 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-02-09 23:05:07 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-02-09 23:05:05 ----A---- C:\WINDOWS\system32\wininet.dll
2016-02-09 23:05:04 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-02-09 23:05:01 ----A---- C:\WINDOWS\SYSWOW64\hlink.dll
2016-02-09 23:05:01 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-02-09 23:05:01 ----A---- C:\WINDOWS\system32\hlink.dll
2016-02-09 23:05:01 ----A---- C:\WINDOWS\system32\actxprxy.dll
2016-02-09 23:05:00 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-02-09 23:05:00 ----A---- C:\WINDOWS\system32\webcheck.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\system32\vbscript.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\system32\jscript.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\system32\inetcomm.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2016-02-09 23:04:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2016-02-09 23:04:58 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-02-09 23:04:58 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-02-09 23:04:51 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2016-02-09 23:04:51 ----A---- C:\WINDOWS\system32\wucltux.dll
2016-02-09 23:04:51 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-02-09 23:04:51 ----A---- C:\WINDOWS\system32\wuauclt.exe
2016-02-09 23:04:51 ----A---- C:\WINDOWS\system32\wuapi.dll
2016-02-09 23:04:50 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2016-02-09 23:04:50 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2016-02-09 23:04:50 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2016-02-09 23:04:50 ----A---- C:\WINDOWS\system32\wuwebv.dll
2016-02-09 23:04:50 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2016-02-09 23:04:50 ----A---- C:\WINDOWS\system32\wudriver.dll
2016-02-09 23:04:50 ----A---- C:\WINDOWS\system32\wuapp.exe
2016-02-09 23:04:47 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-02-09 23:04:47 ----A---- C:\WINDOWS\system32\rdpcorets.dll

======List of files/folders modified in the last 1 month======

2016-03-02 18:36:30 ----D---- C:\WINDOWS\Prefetch
2016-03-02 18:36:29 ----D---- C:\Program Files\trend micro
2016-03-02 18:36:16 ----D---- C:\WINDOWS\Temp
2016-03-02 18:00:05 ----D---- C:\WINDOWS\system32\sru
2016-03-02 17:04:39 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2016-03-02 17:00:13 ----D---- C:\AdwCleaner
2016-03-02 14:08:42 ----D---- C:\WINDOWS\system32\config
2016-02-29 12:18:57 ----D---- C:\WINDOWS\Microsoft.NET
2016-02-29 11:31:09 ----D---- C:\WINDOWS\Inf
2016-02-26 10:20:28 ----D---- C:\WINDOWS\CbsTemp
2016-02-26 10:20:23 ----D---- C:\WINDOWS\WinSxS
2016-02-26 10:16:11 ----SD---- C:\WINDOWS\SYSWOW64\GWX
2016-02-26 10:16:11 ----SD---- C:\WINDOWS\system32\GWX
2016-02-25 10:39:25 ----D---- C:\WINDOWS\AppReadiness
2016-02-25 10:39:22 ----HD---- C:\Program Files\WindowsApps
2016-02-24 19:27:16 ----SHD---- C:\System Volume Information
2016-02-20 14:53:29 ----D---- C:\Users\Mirek Žilinský\AppData\Roaming\Azureus
2016-02-18 21:27:20 ----SHD---- C:\WINDOWS\Installer
2016-02-18 21:26:59 ----D---- C:\WINDOWS\SysWOW64
2016-02-14 20:01:49 ----D---- C:\Users\Mirek Žilinský\AppData\Roaming\vlc
2016-02-13 21:11:08 ----D---- C:\WINDOWS\rescache
2016-02-12 23:58:22 ----RSD---- C:\WINDOWS\assembly
2016-02-12 22:52:23 ----D---- C:\WINDOWS\system32\MRT
2016-02-12 22:38:28 ----A---- C:\WINDOWS\system32\MRT.exe
2016-02-10 08:04:59 ----RD---- C:\WINDOWS\System32
2016-02-10 08:04:59 ----D---- C:\WINDOWS\system32\appraiser
2016-02-10 08:04:59 ----D---- C:\WINDOWS\apppatch
2016-02-10 08:04:58 ----D---- C:\WINDOWS\system32\drivers
2016-02-10 08:04:57 ----RD---- C:\WINDOWS\ToastData
2016-02-10 08:04:57 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-02-10 08:04:56 ----D---- C:\WINDOWS\system32\cs-CZ
2016-02-10 08:04:55 ----D---- C:\Program Files\Windows Journal
2016-02-10 08:04:54 ----D---- C:\WINDOWS\system32\wbem
2016-02-10 08:04:49 ----D---- C:\Program Files\Internet Explorer
2016-02-10 08:04:49 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-10 07:33:51 ----RD---- C:\Program Files (x86)
2016-02-10 07:33:49 ----D---- C:\WINDOWS\Tasks
2016-02-09 23:57:23 ----D---- C:\WINDOWS\system32\catroot2
2016-02-09 23:06:10 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-07-09 645952]
R0 LHDmgr;LHDmgr; C:\WINDOWS\System32\DRIVERS\LhdX64.sys [2012-10-26 39008]
R0 nvpciflt;nvpciflt; C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [2013-10-23 32544]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-11-05 381440]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R3 ACPIVPC;@oem19.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-10-26 33560]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athw8x.sys [2013-06-18 3680256]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2014-04-28 599240]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-07-10 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2013-10-03 4185600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2012-07-31 4102928]
R3 IntcDAud;@oem52.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 iwdbus;@oem59.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2013-09-26 27032]
R3 MEIx64;@oem47.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2013-01-11 64624]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2013-10-23 12572960]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RSUSBVSTOR;@oem11.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2012-06-15 315536]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2012-08-16 43832]
R3 SynTP;@oem15.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2012-08-16 447800]
R3 vm331avs;@oem16.inf,%USBCamera.DeviceDesc2%;Digital Camera 1; C:\WINDOWS\System32\Drivers\vm331avs.sys [2012-08-23 975104]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 axscsidrv;axscsidrv; C:\WINDOWS\system32\drivers\axscsidrv.sys [2013-11-13 293888]
S3 BTATH_LWFLT;@oem17.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 dg_ssudbus;@oem55.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 dtscsidrv;dtscsidrv; C:\WINDOWS\system32\drivers\dtscsidrv.sys [2013-11-05 309248]
S3 intaud_WaveExtensible;@oem58.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2013-09-26 39320]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2015-10-05 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2015-10-05 64216]
S3 nmwcd;@oem21.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;@oem27.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 ssudmdm;@oem61.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 tap0901;@oem1.inf,%DeviceDescription%;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2011-12-15 31232]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2014-11-20 34808]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Ovladač zvuků USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-12-13 121088]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2013-08-22 33280]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S4 nvvad_WaveExtensible;@oem49.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2012-08-20 211584]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-07-13 2451456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-18 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-18 276864]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2013-10-23 922912]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-10-18 1914656]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09 269504]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2013-10-03 279000]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]

-----------------EOF-----------------

Re: Kontrola NTB

Napsal: 04 bře 2016 14:08
od altrok
Krasny den Vam preju :bye:


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Cleaning
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Re: Kontrola NTB

Napsal: 06 bře 2016 10:42
od mirekzilinsky
# AdwCleaner v5.037 - Logfile created 06/03/2016 at 10:36:57
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Local]
# Operating system : Windows 8.1 (x64)
# Username : Mirek Žilinský - MIREK
# Running from : C:\Users\Mirek Žilinský\Downloads\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\6fe3bdc0-2bc8-41ca-94f2-045ec47c26c6
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key Deleted : HKU\.DEFAULT\Software\PennyBee
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Internet Speed Checker
[-] Key Deleted : HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Internet Speed Checker

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1573 bytes] - [06/03/2016 10:36:57]
C:\AdwCleaner\AdwCleaner[R10].txt - [1819 bytes] - [07/03/2015 12:33:41]
C:\AdwCleaner\AdwCleaner[R11].txt - [2085 bytes] - [03/07/2015 09:22:51]
C:\AdwCleaner\AdwCleaner[R12].txt - [4389 bytes] - [02/11/2015 22:22:59]
C:\AdwCleaner\AdwCleaner[R13].txt - [2058 bytes] - [03/11/2015 01:50:41]
C:\AdwCleaner\AdwCleaner[R14].txt - [2180 bytes] - [03/11/2015 10:32:09]
C:\AdwCleaner\AdwCleaner[R15].txt - [2681 bytes] - [25/11/2015 23:55:35]
C:\AdwCleaner\AdwCleaner[R16].txt - [2497 bytes] - [03/12/2015 13:29:00]
C:\AdwCleaner\AdwCleaner[R17].txt - [2546 bytes] - [13/12/2015 10:58:56]
C:\AdwCleaner\AdwCleaner[R18].txt - [2668 bytes] - [23/12/2015 19:07:16]
C:\AdwCleaner\AdwCleaner[R19].txt - [2790 bytes] - [14/02/2016 10:09:22]
C:\AdwCleaner\AdwCleaner[R2].txt - [11175 bytes] - [24/08/2014 08:40:38]
C:\AdwCleaner\AdwCleaner[R20].txt - [2912 bytes] - [02/03/2016 16:57:21]
C:\AdwCleaner\AdwCleaner[R3].txt - [1040 bytes] - [24/08/2014 09:17:47]
C:\AdwCleaner\AdwCleaner[R4].txt - [2711 bytes] - [20/11/2014 10:27:02]
C:\AdwCleaner\AdwCleaner[R5].txt - [1192 bytes] - [27/11/2014 23:24:22]
C:\AdwCleaner\AdwCleaner[R6].txt - [4011 bytes] - [27/12/2014 22:36:50]
C:\AdwCleaner\AdwCleaner[R7].txt - [1513 bytes] - [01/03/2015 12:01:08]
C:\AdwCleaner\AdwCleaner[R8].txt - [1451 bytes] - [01/03/2015 12:50:30]
C:\AdwCleaner\AdwCleaner[R9].txt - [1572 bytes] - [03/03/2015 10:29:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [4391 bytes] - [06/03/2016 10:34:48]
C:\AdwCleaner\AdwCleaner[S10].txt - [1889 bytes] - [07/03/2015 12:35:20]
C:\AdwCleaner\AdwCleaner[S11].txt - [2151 bytes] - [03/07/2015 09:48:09]
C:\AdwCleaner\AdwCleaner[S12].txt - [4424 bytes] - [02/11/2015 22:25:26]
C:\AdwCleaner\AdwCleaner[S13].txt - [2114 bytes] - [03/11/2015 01:52:29]
C:\AdwCleaner\AdwCleaner[S14].txt - [2236 bytes] - [03/11/2015 10:35:00]
C:\AdwCleaner\AdwCleaner[S15].txt - [2744 bytes] - [25/11/2015 23:57:41]
C:\AdwCleaner\AdwCleaner[S16].txt - [2554 bytes] - [03/12/2015 13:31:10]
C:\AdwCleaner\AdwCleaner[S17].txt - [2601 bytes] - [13/12/2015 11:00:55]
C:\AdwCleaner\AdwCleaner[S18].txt - [2723 bytes] - [23/12/2015 19:19:11]
C:\AdwCleaner\AdwCleaner[S19].txt - [2845 bytes] - [14/02/2016 10:10:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [10809 bytes] - [24/08/2014 08:42:37]
C:\AdwCleaner\AdwCleaner[S20].txt - [2967 bytes] - [02/03/2016 17:00:13]
C:\AdwCleaner\AdwCleaner[S3].txt - [992 bytes] - [24/08/2014 09:19:00]
C:\AdwCleaner\AdwCleaner[S4].txt - [2523 bytes] - [20/11/2014 10:28:52]
C:\AdwCleaner\AdwCleaner[S5].txt - [1137 bytes] - [27/11/2014 23:26:08]
C:\AdwCleaner\AdwCleaner[S6].txt - [3438 bytes] - [27/12/2014 22:38:39]
C:\AdwCleaner\AdwCleaner[S7].txt - [1573 bytes] - [01/03/2015 12:12:12]
C:\AdwCleaner\AdwCleaner[S8].txt - [1506 bytes] - [01/03/2015 12:53:21]
C:\AdwCleaner\AdwCleaner[S9].txt - [1626 bytes] - [03/03/2015 10:31:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4516 bytes] ##########

Re: Kontrola NTB

Napsal: 06 bře 2016 15:03
od altrok
:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

Re: Kontrola NTB

Napsal: 06 bře 2016 15:23
od mirekzilinsky
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Mirek Žilinský (administrator) on MIREK (06-03-2016 15:17:27)
Running from C:\Users\Mirek Žilinský\Downloads
Loaded Profiles: UpdatusUser & Mirek Žilinský (Available Profiles: UpdatusUser & Mirek Žilinský)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sports Interactive Ltd) C:\Hry\fm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-20] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-20] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-04] (Lenovo)
HKLM-x32\...\Run: [IntellingentTouchpad] => C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe [673336 2012-07-23] (Microsoft)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3463759695-2384613024-3718543959-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\Run: [] => [X]
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\Run: [Samsung Appstore] => C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\autoit.exe [934400 2015-11-30] (AutoIt Team)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{8B2CC190-D6FB-4095-8CF8-E832E3D42E07}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B4DEF534-A2A1-4CC8-9AFD-8A1EAD194371}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130873426005039805&GUID=5AEBED3A-8280-4C70-ACCA-8C3A906888C9
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130873426005048425&GUID=5AEBED3A-8280-4C70-ACCA-8C3A906888C9
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130873426005136349&GUID=5AEBED3A-8280-4C70-ACCA-8C3A906888C9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130873426005079806&GUID=5AEBED3A-8280-4C70-ACCA-8C3A906888C9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130873426005099286&GUID=5AEBED3A-8280-4C70-ACCA-8C3A906888C9
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-3463759695-2384613024-3718543959-1002 -> {7FAD90BB-C3FE-495A-A96E-8286B26C89FC} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Profile 1 -> hxxp://www.seznam.cz/
CHR StartupUrls: Profile 1 -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Prezentace Google) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02]
CHR Extension: (Dokumenty Google) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Disk Google) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mirek Žilinský\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-03-04]
CHR Extension: (AdBlock) - C:\Users\Mirek Žilinský\AppData\Roaming\Mozila [2015-11-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-20] (Qualcomm Atheros Commnucations) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-20] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2013-11-13] (Alcohol Soft Development Team)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2013-11-05] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2015-10-08] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-05] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-20] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-23] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-06 15:17 - 2016-03-06 15:19 - 00018109 _____ C:\Users\Mirek Žilinský\Downloads\FRST.txt
2016-03-06 15:16 - 2016-03-06 15:17 - 00000000 ____D C:\FRST
2016-03-06 15:15 - 2016-03-06 15:15 - 02374144 _____ (Farbar) C:\Users\Mirek Žilinský\Downloads\FRST64.exe
2016-03-06 15:14 - 2016-03-06 15:14 - 00112640 _____ (forum.viry.cz) C:\Users\Mirek Žilinský\Downloads\Nepotvrzeno 703517.crdownload
2016-03-06 10:33 - 2016-03-06 10:33 - 01518592 _____ C:\Users\Mirek Žilinský\Downloads\adwcleaner_5.037.exe
2016-03-02 18:36 - 2016-03-02 18:36 - 01222144 _____ C:\Users\Mirek Žilinský\Downloads\RSITx64 (1).exe
2016-03-02 18:36 - 2016-03-02 18:36 - 00000000 ____D C:\rsit
2016-03-02 18:35 - 2016-03-02 18:35 - 00688992 _____ (Swearware) C:\Users\Mirek Žilinský\Downloads\dds.exe
2016-03-02 18:35 - 2016-03-02 18:35 - 00688992 _____ (Swearware) C:\Users\Mirek Žilinský\Downloads\dds.com
2016-02-19 19:16 - 2016-02-19 19:16 - 00018072 _____ C:\Users\Mirek Žilinský\Downloads\[CzT]Black_Mass_Spinava_hra_Black_Mass_2015_CZ_.torrent
2016-02-15 20:59 - 2016-02-15 20:59 - 00012863 _____ C:\Users\Mirek Žilinský\Downloads\[CzT]SimCity_5_Deluxe_Edition_s_DLC_Mesta_Budoucnosti_2013_CZ_.torrent
2016-02-09 23:56 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 23:56 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-09 23:56 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 23:56 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 23:56 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 23:56 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 23:56 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 23:56 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 23:05 - 2016-01-22 09:01 - 22365992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 23:05 - 2016-01-22 08:11 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 23:05 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 23:05 - 2016-01-22 07:28 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 23:05 - 2016-01-22 06:52 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 23:05 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-02-09 23:05 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-09 23:05 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-09 23:05 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 23:05 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 23:05 - 2016-01-22 06:28 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-02-09 23:05 - 2016-01-22 06:25 - 14467072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 23:05 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-09 23:05 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-09 23:05 - 2016-01-22 06:14 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 23:05 - 2016-01-22 06:07 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-09 23:05 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 23:05 - 2016-01-22 05:58 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-09 23:05 - 2016-01-19 20:14 - 07453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 23:05 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 23:05 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 23:05 - 2016-01-19 20:12 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 23:05 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 23:05 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 23:05 - 2016-01-19 19:23 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 23:05 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 23:05 - 2016-01-19 19:15 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 23:05 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 23:05 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-02-09 23:05 - 2016-01-15 02:42 - 00033472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-02-09 23:05 - 2016-01-14 21:44 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-02-09 23:05 - 2016-01-14 21:44 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-02-09 23:05 - 2016-01-14 21:44 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-02-09 23:05 - 2016-01-14 21:44 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-02-09 23:05 - 2016-01-14 21:44 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-02-09 23:05 - 2016-01-14 21:44 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-02-09 23:05 - 2016-01-10 20:37 - 00442720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 23:05 - 2016-01-10 19:39 - 00332640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 23:05 - 2016-01-10 19:15 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-02-09 23:05 - 2016-01-10 19:15 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-02-09 23:05 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-09 23:05 - 2016-01-10 18:43 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-02-09 23:05 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 23:05 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-02-09 23:05 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 23:05 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-02-09 23:05 - 2016-01-10 18:09 - 01442304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 23:05 - 2016-01-10 18:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-02-09 23:05 - 2016-01-10 18:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 23:05 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 23:05 - 2016-01-10 17:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-02-09 23:05 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-02-09 23:05 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-02-09 23:05 - 2016-01-10 17:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 23:05 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 23:05 - 2016-01-07 19:34 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-09 23:05 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 23:05 - 2015-12-29 16:45 - 07783936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-09 23:05 - 2015-12-29 16:45 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-02-09 23:05 - 2015-12-29 16:43 - 05267968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-02-09 23:05 - 2015-12-29 16:42 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-09 23:05 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-02-09 23:05 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-02-09 23:04 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-02-09 23:04 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-02-09 23:04 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-02-09 23:04 - 2016-01-22 06:55 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-02-09 23:04 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-02-09 23:04 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-09 23:04 - 2016-01-22 06:48 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-09 23:04 - 2016-01-22 06:31 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-02-09 23:04 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-02-09 23:04 - 2016-01-22 06:25 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-09 23:04 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-02-09 23:04 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-02-09 23:04 - 2016-01-10 20:37 - 00136912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-09 23:04 - 2016-01-10 17:51 - 03707392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 23:04 - 2016-01-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-02-09 23:04 - 2016-01-10 17:38 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-02-09 23:04 - 2016-01-10 17:36 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-02-09 23:04 - 2016-01-10 17:36 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-02-09 23:04 - 2016-01-10 17:35 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-02-09 23:04 - 2016-01-10 17:35 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-09 23:04 - 2016-01-10 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-02-09 23:04 - 2016-01-10 17:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-02-09 23:04 - 2016-01-10 17:27 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-02-09 23:04 - 2016-01-10 17:26 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-09 23:04 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-09 23:04 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-07 22:50 - 2016-02-07 22:50 - 00117997 _____ C:\Users\Mirek Žilinský\Downloads\deca-durabolin-50-pil.pdf
2016-02-07 22:49 - 2016-02-07 22:49 - 00176464 _____ C:\Users\Mirek Žilinský\Downloads\deca-durabolin-50-spc.pdf
2016-02-06 16:32 - 2016-02-06 16:32 - 00011072 _____ C:\Users\Mirek Žilinský\Downloads\[CzT]American_Truck_Simulator_2016_CZ_.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-06 15:06 - 2014-05-09 22:28 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-06 14:38 - 2014-03-30 22:22 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-06 10:39 - 2015-12-07 00:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-06 10:39 - 2014-03-30 22:22 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-06 10:38 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-06 10:38 - 2013-08-22 14:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-03-06 10:36 - 2014-08-24 08:40 - 00000000 ____D C:\AdwCleaner
2016-03-06 09:02 - 2013-10-30 15:41 - 00003994 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1A049EBA-0D28-4640-BC98-853E6EFAA44E}
2016-03-04 11:56 - 2012-12-25 12:14 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3463759695-2384613024-3718543959-1002
2016-03-04 01:40 - 2012-12-26 00:40 - 00002516 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-03 16:56 - 2013-10-30 08:59 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-03 16:49 - 2015-10-30 20:11 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-02 18:36 - 2014-03-02 00:15 - 00000000 ____D C:\Program Files\trend micro
2016-03-02 16:54 - 2012-12-27 22:23 - 00000000 ____D C:\Users\Mirek Žilinský\AppData\Local\CrashDumps
2016-02-29 11:31 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-26 10:20 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-26 10:16 - 2015-04-10 13:44 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-02-26 10:16 - 2015-04-10 13:44 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-02-25 10:39 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-25 10:39 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-20 14:53 - 2012-12-27 20:51 - 00000000 ____D C:\Users\Mirek Žilinský\AppData\Roaming\Azureus
2016-02-19 19:21 - 2012-12-27 20:58 - 00000000 ____D C:\Users\Mirek Žilinský\Documents\Vuze Downloads
2016-02-18 21:27 - 2015-11-08 13:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-14 20:01 - 2013-11-08 12:22 - 00000000 ____D C:\Users\Mirek Žilinský\AppData\Roaming\vlc
2016-02-13 21:11 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-02-12 22:52 - 2013-07-22 14:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 22:38 - 2013-01-01 13:30 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 14:24 - 2013-08-22 15:44 - 00361856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-10 08:04 - 2014-12-10 17:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-10 08:04 - 2013-09-30 04:58 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 08:04 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-02-10 07:33 - 2012-12-26 00:40 - 00003944 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-10 07:33 - 2012-12-26 00:40 - 00003708 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-09 23:06 - 2016-01-20 18:06 - 08817344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-02-09 23:06 - 2014-02-16 15:25 - 00003802 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-09 23:00 - 2015-11-11 04:09 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 23:00 - 2015-11-11 04:09 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

==================== Files in the root of some directories =======

2014-04-25 16:53 - 2014-04-25 16:53 - 0000102 _____ () C:\Users\Mirek Žilinský\AppData\Local\fusioncache.dat
2012-10-26 09:08 - 2012-10-26 09:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3692.dll


Some files in TEMP:
====================
C:\Users\Mirek Žilinský\AppData\Local\Temp\i4jdel0.exe
C:\Users\Mirek Žilinský\AppData\Local\Temp\Quarantine.exe
C:\Users\Mirek Žilinský\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-06 11:37

==================== End of FRST.txt ============================

Re: Kontrola NTB

Napsal: 06 bře 2016 15:25
od mirekzilinsky
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Mirek Žilinský (2016-03-06 15:20:37)
Running from C:\Users\Mirek Žilinský\Downloads
Windows 8.1 (X64) (2013-10-30 14:02:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3463759695-2384613024-3718543959-500 - Administrator - Disabled)
Guest (S-1-5-21-3463759695-2384613024-3718543959-501 - Limited - Disabled)
Mirek Žilinský (S-1-5-21-3463759695-2384613024-3718543959-1002 - Administrator - Enabled) => C:\Users\Mirek Žilinský
UpdatusUser (S-1-5-21-3463759695-2384613024-3718543959-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Anno 2070 Deluxe v2.0.7780.0 (HKLM-x32\...\Anno 2070 Deluxe_is1) (Version: - )
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Bandizip (HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\Bandizip) (Version: 3.09 - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
Football Manager 2006 (HKLM-x32\...\{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}) (Version: 6.0.0 - SEGA)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.11 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hřebčín (HKLM-x32\...\Hřebčín_is1) (Version: 1.0 - TopQer s.r.o.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Nero 9 Essentials (HKLM-x32\...\{f1066537-1011-499e-85fc-8dd0c0ab0986}) (Version: - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA Ovladače grafiky 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{43245B34-BAEA-4716-B877-38E7E7026698}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Rayman Legends verzia 1.2.103716 (HKLM-x32\...\Rayman Legends_is1) (Version: 1.2.103716 - CzTorrent.net)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Táta hrdina (HKLM-x32\...\Táta hrdina) (Version: - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.)
Widevine Media Optimizer Chrome 6.0.0 (HKU\.DEFAULT\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
XCOM - Enemy Unknown CZ 1.0.0.11052 (HKLM-x32\...\XCOM - Enemy Unknown CZ 1.0.0.11052) (Version: - )
XCOM Enemy Within (HKLM-x32\...\XCOM Enemy Within_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3463759695-2384613024-3718543959-1002_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Mirek Žilinský\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08E592F8-62E1-44A9-BA31-4E4E1234B55A} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {0C341748-CFF3-4DA0-8309-89BC460F063C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {0C63A63D-95E4-4F0F-80AC-305EE45CD14E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
Task: {3A87F653-B9C7-4B06-AC13-63D42ED6892B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {43B25888-55C8-4203-8084-2329E4B3E36D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {52D1C79A-A7B8-4669-8737-B29E108D9A8C} - System32\Tasks\WebTV_update_playlist_PoPrihlaseni =>
Task: {53D9C0C3-115D-41FC-A879-1D6DA58E74B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {B241989D-9353-4195-8258-E8B07DD7C188} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {B5AE2BD1-0774-4305-A748-67365AE2035A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {B823B2D2-E45D-4F1D-A880-49BCA5F3EFF4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3463759695-2384613024-3718543959-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DC17D72B-28DF-42A9-AB5B-339B350881CC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3463759695-2384613024-3718543959-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-10-29 14:56 - 2013-10-23 11:30 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-30 09:03 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-20 05:55 - 2012-08-20 05:55 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-20 05:50 - 2012-08-20 05:50 - 00021504 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\cs-CZ\BtTray.cs-CZ.dll
2013-10-29 14:56 - 2013-10-23 11:30 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-03-04 01:39 - 2016-03-03 05:33 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.11\libglesv2.dll
2016-03-04 01:39 - 2016-03-03 05:32 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.11\libegl.dll
2012-10-26 08:44 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-03-04 01:39 - 2016-03-03 05:33 - 17545880 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.11\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-11-20 10:25 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3463759695-2384613024-3718543959-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mirek Žilinský\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "MobileConnect"
HKLM\...\StartupApproved\Run32: => "IntellingentTouchpad"
HKLM\...\StartupApproved\Run32: => "SpywareTerminatorShield"
HKLM\...\StartupApproved\Run32: => "SpywareTerminatorUpdater"
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\StartupApproved\Run: => "NokiaSuite.exe"
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E6E80B7F-099D-4A4C-BB0A-C235E9000201}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A17FB062-B60B-464A-BE63-2CFFED173C71}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [UDP Query User{3FBFA616-ED37-42F5-BEA6-3A856FD10DFC}C:\program files (x86)\rayman legends\rayman legends.exe] => (Allow) C:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [TCP Query User{BCCE58CC-B136-4A6F-A1F8-FF6CBA879F2D}C:\program files (x86)\rayman legends\rayman legends.exe] => (Allow) C:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{7C12BA2A-834B-4E46-9209-EDF8AFAFB193}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{9FFC3268-0328-41EF-84C9-A2B65CC76C73}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{2B344C63-E42B-4C89-A40A-2CCBCA0BB8BA}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{7A4AED44-FB92-457C-BD40-468F689049CF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{E3D86F53-DA8F-4DEE-9C63-1B29BC6CCF40}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [UDP Query User{8CE2473F-1FD1-4F50-93C6-0F13014CBEA2}C:\program files (x86)\fraxis\xcom - enemy unknown cz\binaries\win32\xcomgame.exe] => (Block) C:\program files (x86)\fraxis\xcom - enemy unknown cz\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{2691BE5F-BD31-439D-9760-68A88499A38D}C:\program files (x86)\fraxis\xcom - enemy unknown cz\binaries\win32\xcomgame.exe] => (Block) C:\program files (x86)\fraxis\xcom - enemy unknown cz\binaries\win32\xcomgame.exe
FirewallRules: [UDP Query User{6C3D9410-FE2B-459E-8B34-8E8B6AF878E9}C:\program files (x86)\fraxis\xcom - enemy unknown cz\binaries\win32\xcomgame.exe] => (Allow) C:\program files (x86)\fraxis\xcom - enemy unknown cz\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{A3500A24-C885-4A95-8C8E-DA73A2D3DAC1}C:\program files (x86)\fraxis\xcom - enemy unknown cz\binaries\win32\xcomgame.exe] => (Allow) C:\program files (x86)\fraxis\xcom - enemy unknown cz\binaries\win32\xcomgame.exe
FirewallRules: [{06D7F6A4-47A1-4075-957D-E157BC1CF55B}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{964EF381-8198-459C-A993-4577CB6D8562}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CF18E272-9779-41AC-AEBD-05FD2511A7D9}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{EFAC5257-D163-4E16-AD26-819D0C295CC9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EFF35842-6D27-4031-AE41-951176AED68A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{97948BC2-0AFB-43E1-A701-94DE56C75114}C:\program files (x86)\xcom enemy within\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\xcom enemy within\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{D42DDA7A-569F-4FB7-8935-3D6FFC060FF1}C:\program files (x86)\xcom enemy within\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\xcom enemy within\binaries\win32\xcomew.exe
FirewallRules: [{B17B0BEB-776C-4620-99B6-0C13BFFD5569}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{98514B07-1A91-447F-8082-F6FE06D80AE5}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{7A5D80FF-8F43-4018-B6CD-E2BF904D5828}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [TCP Query User{BA41DA5A-5322-41F4-8DC7-7B745D557D24}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{42019C63-BDD3-4BA6-9682-747169DB42F2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{A50275E7-103B-453A-A7E5-56530D774AF1}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6CF86C05-C19B-4D1D-9CEF-61509008D338}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{62B1B41E-1B22-4F12-BB14-AA742C2C4A9E}C:\program files (x86)\xcom enemy within\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\xcom enemy within\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{647726B5-CA12-4EEF-BEEE-6B28DEAFBB37}C:\program files (x86)\xcom enemy within\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\xcom enemy within\binaries\win32\xcomew.exe
FirewallRules: [{FFB85042-2ABC-479B-A53B-4B4443E5AB2B}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{A9A532D2-7C57-4214-B7FA-8EE0EF49EE75}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{BDD30CB8-EC2B-45C2-B54E-FD49059FFFDF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-02-2016 18:39:41 Naplánovaný kontrolní bod
24-02-2016 19:26:16 Naplánovaný kontrolní bod
04-03-2016 16:02:46 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/06/2016 03:09:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/06/2016 03:09:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/06/2016 02:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/06/2016 02:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/06/2016 02:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/06/2016 02:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/06/2016 02:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/06/2016 02:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/06/2016 02:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/06/2016 02:09:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mirek)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (03/06/2016 03:08:55 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/06/2016 03:08:55 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/06/2016 02:38:58 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/06/2016 02:38:58 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/06/2016 02:38:58 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/06/2016 02:38:57 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/06/2016 02:38:57 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/06/2016 02:38:57 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/06/2016 02:38:56 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/06/2016 02:08:55 PM) (Source: DCOM) (EventID: 10010) (User: Mirek)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca


CodeIntegrity:
===================================
Date: 2016-03-06 15:18:45.551
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-06 15:18:45.254
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-06 15:18:44.879
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-06 11:09:47.210
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-06 11:09:46.917
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-06 11:09:46.463
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-06 10:09:58.515
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-06 10:09:58.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-06 10:09:58.093
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-06 10:09:53.999
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 58%
Total physical RAM: 3956.91 MB
Available physical RAM: 1659.08 MB
Total Virtual: 4660.91 MB
Available Virtual: 1834.82 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.84 GB) (Free:471.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 72E75631)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Kontrola NTB

Napsal: 06 bře 2016 23:27
od altrok
:arrow: Po restartu dejte vedet, jak se PC chova.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Mirek Žilinský\AppData\Local\CrashDumps
Folder: C:\Users\Mirek Žilinský\AppData\Roaming\Mozila
File: C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\autoit.exe
File: C:\Users\Public\AlexaNSISPlugin.3692.dll
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
SearchScopes: HKU\S-1-5-21-3463759695-2384613024-3718543959-1002 -> {7FAD90BB-C3FE-495A-A96E-8286B26C89FC} URL = 
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [No File]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
2016-03-06 15:17 - 2016-03-06 15:19 - 00018109 _____ C:\Users\Mirek Žilinský\Downloads\FRST.txt
2016-03-06 10:33 - 2016-03-06 10:33 - 01518592 _____ C:\Users\Mirek Žilinský\Downloads\adwcleaner_5.037.exe
2016-03-02 18:36 - 2016-03-02 18:36 - 01222144 _____ C:\Users\Mirek Žilinský\Downloads\RSITx64 (1).exe
2016-03-02 18:36 - 2016-03-02 18:36 - 00000000 ____D C:\rsit
2016-03-02 18:35 - 2016-03-02 18:35 - 00688992 _____ (Swearware) C:\Users\Mirek Žilinský\Downloads\dds.exe
2016-03-02 18:35 - 2016-03-02 18:35 - 00688992 _____ (Swearware) C:\Users\Mirek Žilinský\Downloads\dds.com
2016-03-06 10:36 - 2014-08-24 08:40 - 00000000 ____D C:\AdwCleaner
2016-03-02 18:36 - 2014-03-02 00:15 - 00000000 ____D C:\Program Files\trend micro
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End

Re: Kontrola NTB

Napsal: 07 bře 2016 16:48
od mirekzilinsky
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Mirek Žilinský (2016-03-07 16:41:38) Run:1
Running from C:\Users\Mirek Žilinský\Desktop
Loaded Profiles: UpdatusUser & Mirek Žilinský & (Available Profiles: UpdatusUser & Mirek Žilinský)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Mirek Žilinský\AppData\Local\CrashDumps
Folder: C:\Users\Mirek Žilinský\AppData\Roaming\Mozila
File: C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\autoit.exe
File: C:\Users\Public\AlexaNSISPlugin.3692.dll
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
SearchScopes: HKU\S-1-5-21-3463759695-2384613024-3718543959-1002 -> {7FAD90BB-C3FE-495A-A96E-8286B26C89FC} URL =
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [No File]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
2016-03-06 15:17 - 2016-03-06 15:19 - 00018109 _____ C:\Users\Mirek Žilinský\Downloads\FRST.txt
2016-03-06 10:33 - 2016-03-06 10:33 - 01518592 _____ C:\Users\Mirek Žilinský\Downloads\adwcleaner_5.037.exe
2016-03-02 18:36 - 2016-03-02 18:36 - 01222144 _____ C:\Users\Mirek Žilinský\Downloads\RSITx64 (1).exe
2016-03-02 18:36 - 2016-03-02 18:36 - 00000000 ____D C:\rsit
2016-03-02 18:35 - 2016-03-02 18:35 - 00688992 _____ (Swearware) C:\Users\Mirek Žilinský\Downloads\dds.exe
2016-03-02 18:35 - 2016-03-02 18:35 - 00688992 _____ (Swearware) C:\Users\Mirek Žilinský\Downloads\dds.com
2016-03-06 10:36 - 2014-08-24 08:40 - 00000000 ____D C:\AdwCleaner
2016-03-02 18:36 - 2014-03-02 00:15 - 00000000 ____D C:\Program Files\trend micro
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.

========================= Folder: C:\Users\Mirek Žilinský\AppData\Local\CrashDumps ========================


====== End of Folder: ======


========================= Folder: C:\Users\Mirek Žilinský\AppData\Roaming\Mozila ========================

2015-11-30 13:26 - 2015-11-30 13:26 - 0934400 _____ (AutoIt Team) C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\Autoit.exe
2015-11-30 13:26 - 2015-11-30 13:26 - 0000109 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\bg.html
2015-11-30 13:26 - 2015-11-30 13:26 - 0256883 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\ekl.au3
2015-11-30 13:26 - 2015-11-30 13:26 - 0022934 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\ff.zip
2015-11-30 13:26 - 2015-11-30 13:26 - 0239273 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\force.au3
2015-11-30 13:26 - 2015-11-30 13:26 - 0000547 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\manifest.json
2015-11-30 13:26 - 2015-11-30 13:26 - 0248074 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\reg.au3
2015-11-30 13:26 - 2015-11-30 13:26 - 0000056 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\run.bat
2015-11-30 13:26 - 2015-11-30 13:26 - 0238058 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\sabit.au3
2015-11-30 13:26 - 2015-11-30 13:26 - 0253588 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\up.au3
2015-11-30 13:26 - 2015-11-30 13:26 - 0000001 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\vayaq.txt
2015-11-30 13:26 - 2015-11-30 13:26 - 0000003 _____ () C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\ver.dat

====== End of Folder: ======


========================= File: C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\autoit.exe ========================

File not signed
MD5: 6A93A4071CC7C22628AF40A4D872F49B
Creation and modification date: 2015-11-30 13:26 - 2015-11-30 13:26
Size: 0934400
Attributes: ----A
Company Name: AutoIt Team
Internal Name: AutoIt3.exe
Original Name: AutoIt3.exe
Product: AutoIt v3 Script
Description: AutoIt v3 Script
File Version: 3, 3, 12, 0
Product Version: 3, 3, 12, 0
Copyright: ©1999-2014 Jonathan Bennett & AutoIt Team

====== End of File: ======


========================= File: C:\Users\Public\AlexaNSISPlugin.3692.dll ========================

File not signed
MD5: 7E9181251A33F1CF894B35B1D9B12F39
Creation and modification date: 2013-10-17 14:18 - 2013-10-17 14:18
Size: 0129536
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found.
"HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7FAD90BB-C3FE-495A-A96E-8286B26C89FC}" => key removed successfully
HKCR\CLSID\{7FAD90BB-C3FE-495A-A96E-8286B26C89FC} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer" => key removed successfully
BTATH_LWFLT => service removed successfully
nvvad_WaveExtensible => service removed successfully
C:\Users\Mirek Žilinský\Downloads\FRST.txt => moved successfully
C:\Users\Mirek Žilinský\Downloads\adwcleaner_5.037.exe => moved successfully
C:\Users\Mirek Žilinský\Downloads\RSITx64 (1).exe => moved successfully
C:\rsit => moved successfully
C:\Users\Mirek Žilinský\Downloads\dds.exe => moved successfully
C:\Users\Mirek Žilinský\Downloads\dds.com => moved successfully
C:\AdwCleaner => moved successfully
C:\Program Files\trend micro => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 529.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:43:07 ====

Re: Kontrola NTB

Napsal: 07 bře 2016 16:53
od mirekzilinsky
Počítač naběhl normálně.Bohužel nemám zatím co bych zkusil zaplatit přes internetbanking,abych to vyzkoušel.

Re: Kontrola NTB

Napsal: 07 bře 2016 22:22
od altrok
:arrow: Slozka C:\Users\Mirek Žilinský\AppData\Roaming\Mozila je Vase tvorba? Vite o ni?


:arrow: Otestujte na virustotal.com C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\up.au3 - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.

Re: Kontrola NTB

Napsal: 08 bře 2016 09:21
od mirekzilinsky
Ne není...Otestuju

Re: Kontrola NTB

Napsal: 08 bře 2016 09:28
od mirekzilinsky
https://www.virustotal.com/cs/file/bb62 ... 457425489/

Re: Kontrola NTB

Napsal: 08 bře 2016 13:44
od altrok
:arrow: Reportoval jsem tento malware nekolika autorum antimalwarovych nastroju, takze brzo jiz budou uzivatele pred touto hrozbou chraneni. Jeste pred pouzitim fixlistu prosim zabalte slozku C:\Users\Mirek Žilinský\AppData\Roaming\Mozila do zipu/raru a uploadnete ji na leteckaposta.cz - link ke stazeni vlozte prosim do pristi odpovedi (po pouziti fixlistu dojde k jejimu odstraneni).

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3463759695-2384613024-3718543959-1002\...\Run: [Samsung Appstore] => C:\Users\Mirek Žilinský\AppData\Roaming\Mozila\autoit.exe [934400 2015-11-30] (AutoIt Team)
CHR Extension: (AdBlock) - C:\Users\Mirek Žilinský\AppData\Roaming\Mozila [2015-11-30]
C:\Users\Mirek Žilinský\AppData\Roaming\Mozila
EmptyTemp:
End

Re: Kontrola NTB

Napsal: 08 bře 2016 16:55
od mirekzilinsky
hxxp://leteckaposta.cz/xxxx
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz