VIRY.CZ

Dobry den,
dnes po mne chtel Seznam.cz zmenu hesla z duvodu podezreleho prihlaseni k memu uctu z Izraele a EU. Projel jsem pocitac AVG, Malwarebytes Anti-Malware, adwcleaner a nic jsem nenasel. Muzete se prosim podivat jestli tam precijenom neco neni? Kolega v praci rikal, ze nedavno resil problem s restartovanim pocitace zde na foru a objevil par podezrelich veci. Ktere by se mozna mohli sirit po siti.

Diky P.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by josef (administrator) on KOMPIK (30-03-2016 13:25:05)
Running from C:\Users\josef\Desktop
Loaded Profiles: josef (Available Profiles: josef)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sysinternals - http://www.sysinternals.com) D:\sw\processExplorer\procexp.exe
(Sysinternals - http://www.sysinternals.com) C:\Users\josef\AppData\Local\Temp\PROCEXP64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(forum.viry.cz) C:\Users\josef\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-3019013337-324502661-107419074-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3019013337-324502661-107419074-1001\...\Run: [Google Update] => C:\Users\josef\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-3019013337-324502661-107419074-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3019013337-324502661-107419074-1001\...\MountPoints2: {50d4dce4-b86f-11e4-8261-206a8aa47b3b} - "G:\setup.exe"
IFEO\taskmgr.exe: [Debugger] "D:\SW\PROCESSEXPLORER\PROCEXP.EXE"
ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3019013337-324502661-107419074-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-3019013337-324502661-107419074-1001] => superproxy.tmdev:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.254.0.63 10.254.119.95 10.254.92.1 10.254.94.57
Tcpip\..\Interfaces\{01D2955B-A7AF-4E32-8E9A-127CB6A81A26}: [DhcpNameServer] 93.153.117.1 212.67.64.2
Tcpip\..\Interfaces\{901398C3-258C-4775-8EA5-894B70C304F0}: [DhcpNameServer] 10.254.0.63 10.254.119.95 10.254.92.1 10.254.94.57
ManualProxies: 1superproxy.tmdev:3128

Internet Explorer:
==================
HKU\S-1-5-21-3019013337-324502661-107419074-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3019013337-324502661-107419074-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3019013337-324502661-107419074-1001 -> DefaultScope {1EFA2624-0CD0-42AA-B0C9-0B4B01197E7D} URL =
SearchScopes: HKU\S-1-5-21-3019013337-324502661-107419074-1001 -> {1EFA2624-0CD0-42AA-B0C9-0B4B01197E7D} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-30] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-30] (Oracle Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-30] (Oracle Corporation)
DPF: HKLM-x32 {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
DPF: HKLM-x32 {F680B28A-3AEE-4C88-93ED-45AE9215C128} hxxps://adisdis.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab

FireFox:
========
FF ProfilePath: C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default
FF NetworkProxy: "backup.ftp", "superproxy.tmdev"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "superproxy.tmdev"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "superproxy.tmdev"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "superproxy.tmdev"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "superproxy.tmdev"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.99.100,192.168.33.10"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "superproxy.tmdev"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "superproxy.tmdev"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-25] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-30] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-25] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-30] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3019013337-324502661-107419074-1001: @tools.google.com/Google Update;version=3 -> C:\Users\josef\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3019013337-324502661-107419074-1001: @tools.google.com/Google Update;version=9 -> C:\Users\josef\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3019013337-324502661-107419074-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\josef\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\josef\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-25] (Cisco WebEx LLC)
FF Extension: Google Search by Image - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\extensions\google@hitachi.com.xpi [2015-06-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-06-01]
FF Extension: lori (Life-of-request info) - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9}.xpi [2015-06-01]
FF Extension: XPath Checker - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537}.xpi [2015-06-01]
FF Extension: All-in-One Gestures - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2015-06-01]
FF Extension: QuickProxy - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}.xpi [2015-06-29]
FF Extension: Google Translator for Firefox - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\extensions\translator@zoli.bod.xpi [2015-07-03]
FF Extension: Auto Refresh - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\extensions\autorefresh@plugin.xpi [2015-07-30]
FF Extension: Bamboo Feed Reader - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\extensions\{b2e69492-2358-071a-7056-24ad0c3defb1} [2016-03-25]
FF Extension: App Button Remove - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\Extensions\appbuttonremove@mozilla.org.xpi [2015-05-29]
FF Extension: Firebug - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\Extensions\firebug@software.joehewitt.com.xpi [2016-03-24]
FF Extension: Ghostery - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\Extensions\firefox@ghostery.com.xpi [2016-03-25]
FF Extension: HTTP Request Logger - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\Extensions\http-request-logger@prekageo.xpi [2015-05-29]
FF Extension: The Addon Bar (restored) - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-01-28]
FF Extension: YouTube High Definition - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-03-30]
FF Extension: BitComet Video Downloader - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-04-14] [not signed]
FF Extension: Adblock Plus - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: JavaScript Debugger - C:\Users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\dx5m20em.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2015-05-29]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\josef\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-06]
CHR Extension: (Disk Google) - C:\Users\josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-06]
CHR Extension: (YouTube) - C:\Users\josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Vyhledávání Google) - C:\Users\josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-29]
CHR Extension: (Hangouts) - C:\Users\josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-09-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-06]
CHR Extension: (Gmail) - C:\Users\josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-06]
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (http://www.BitComet.com)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-07-22] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-12-11] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
R2 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13035008 2014-11-21] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-10-17] (Acer Incorporate)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-10-17] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-24] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-19] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-07-10] (Synaptics Incorporated)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-30 13:25 - 2016-03-30 13:25 - 00028990 _____ C:\Users\josef\Desktop\FRST.txt
2016-03-30 13:04 - 2016-03-30 13:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-30 13:04 - 2016-03-30 13:04 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-30 13:04 - 2016-03-30 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-30 13:04 - 2016-03-30 13:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-30 13:04 - 2016-03-30 13:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-30 13:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-30 13:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-30 13:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-30 13:03 - 2016-03-30 13:03 - 00112640 _____ (forum.viry.cz) C:\Users\josef\Desktop\FRSTLauncher.exe
2016-03-30 13:02 - 2016-03-30 13:02 - 00112640 _____ (forum.viry.cz) C:\Users\josef\Downloads\FRSTLauncher.exe
2016-03-30 12:54 - 2016-03-30 12:59 - 00000000 ____D C:\AdwCleaner
2016-03-30 12:53 - 2016-03-30 12:53 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-30 12:10 - 2016-03-30 12:05 - 02374144 _____ (Farbar) C:\Users\josef\Desktop\FRST64.exe
2016-03-30 12:05 - 2016-03-30 13:25 - 00000000 ____D C:\FRST
2016-03-28 22:15 - 2016-03-28 22:15 - 05090750 _____ C:\Users\josef\Downloads\DPFDP5-7703020831-20160328-221234-542688653-potvrzeni.p7s
2016-03-28 22:15 - 2016-03-28 22:15 - 00328251 _____ C:\Users\josef\Downloads\DPFDP5-7703020831-20160328-221234.pdf
2016-03-28 22:15 - 2016-03-28 22:15 - 00003504 _____ C:\Users\josef\Downloads\DPFDP5-7703020831-20160328-221234-542688653-potvrzeni.pdf
2016-03-28 22:14 - 2016-03-28 22:14 - 02541848 _____ C:\Users\josef\Downloads\DPFDP5-7703020831-20160328-221234.xml
2016-03-24 12:19 - 2016-03-24 12:23 - 00000000 ____D C:\Users\josef\AppData\Roaming\Kitematic
2016-03-21 17:54 - 2016-03-21 17:54 - 00000000 ____D C:\Users\josef\AppData\Local\Atlassian
2016-03-21 11:19 - 2016-03-26 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-20 18:55 - 2016-03-20 18:55 - 00000000 ____D C:\Users\josef\AppData\Roaming\AVG
2016-03-20 18:52 - 2016-03-20 18:52 - 00000956 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-03-20 18:48 - 2016-03-20 18:52 - 00000000 ____D C:\ProgramData\Avg
2016-03-20 18:46 - 2016-03-20 18:49 - 00000000 ____D C:\Users\josef\AppData\Local\AvgSetupLog
2016-03-17 13:11 - 2016-03-17 13:11 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-03-17 13:11 - 2016-03-17 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-03-17 13:11 - 2016-03-17 13:11 - 00000000 ____D C:\Program Files\Oracle
2016-03-14 15:09 - 2016-03-30 12:58 - 00000000 ____D C:\Users\josef\AppData\Local\TortoiseGit
2016-03-11 19:13 - 2016-02-08 23:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-11 19:13 - 2016-02-08 22:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-11 19:13 - 2016-02-08 22:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-11 19:13 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-11 19:13 - 2016-02-08 22:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-11 19:13 - 2016-02-08 22:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-11 19:13 - 2016-02-08 22:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-11 19:13 - 2016-02-08 22:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-11 19:13 - 2016-02-08 22:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-11 19:13 - 2016-02-08 22:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-11 19:13 - 2016-02-08 22:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-11 19:13 - 2016-02-08 22:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-11 19:13 - 2016-02-08 21:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-11 19:13 - 2016-02-08 21:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-11 19:13 - 2016-02-08 21:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-11 19:13 - 2016-02-08 20:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-11 19:13 - 2016-02-08 20:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-11 19:13 - 2016-02-08 20:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-11 19:13 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-11 19:13 - 2016-02-08 20:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-11 19:13 - 2016-02-08 19:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-11 19:13 - 2016-02-08 19:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-11 19:13 - 2016-02-08 19:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-11 19:13 - 2016-02-08 19:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-11 19:13 - 2016-02-08 19:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-11 19:13 - 2016-02-08 19:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-11 19:13 - 2016-02-08 19:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-11 19:13 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-11 19:13 - 2016-02-08 19:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-11 19:13 - 2016-02-08 18:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-11 19:13 - 2016-02-05 16:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-11 19:13 - 2016-02-05 16:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-11 19:13 - 2016-02-05 16:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-11 19:13 - 2016-02-05 16:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-11 19:13 - 2016-01-10 19:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-03-11 19:13 - 2016-01-10 19:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-03-11 19:13 - 2016-01-10 19:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-03-11 19:13 - 2016-01-10 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-03-11 19:13 - 2016-01-10 19:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-03-11 19:13 - 2016-01-10 19:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-11 19:13 - 2016-01-10 18:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-03-11 19:13 - 2016-01-10 18:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-03-11 19:13 - 2016-01-10 18:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-03-11 19:13 - 2016-01-10 18:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-11 19:13 - 2016-01-10 18:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-03-11 19:12 - 2016-02-03 22:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-11 19:12 - 2016-02-03 22:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-11 19:12 - 2016-02-03 17:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-11 19:12 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-11 19:12 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-11 18:38 - 2016-02-12 21:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-11 18:38 - 2016-02-12 17:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-11 18:38 - 2016-02-12 16:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-11 18:38 - 2016-02-12 16:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-11 18:38 - 2016-02-12 16:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-11 18:38 - 2016-02-12 16:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-11 18:38 - 2016-02-12 16:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-11 18:38 - 2016-02-12 16:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-11 18:38 - 2016-02-12 16:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-11 18:38 - 2016-02-12 16:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-11 18:38 - 2016-02-12 16:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-11 18:38 - 2016-02-12 16:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-11 18:38 - 2016-02-11 16:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-11 18:38 - 2016-02-11 16:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-11 18:38 - 2016-02-11 16:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-11 18:38 - 2016-02-11 16:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-11 16:31 - 2015-12-09 03:51 - 00111520 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-03-11 16:30 - 2015-08-11 06:52 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-03-11 16:30 - 2015-08-11 06:52 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-03-11 16:29 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-11 16:29 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-11 16:29 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-11 16:29 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-11 16:29 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-11 16:29 - 2016-02-04 20:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-11 16:29 - 2016-02-04 20:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-11 16:29 - 2016-02-04 20:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-11 16:29 - 2016-02-04 19:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-11 16:29 - 2016-02-04 19:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-11 16:29 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-11 16:29 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-11 16:29 - 2016-01-31 21:16 - 00148832 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-11 16:29 - 2016-01-19 21:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-11 16:29 - 2016-01-19 21:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-03-11 16:29 - 2016-01-19 21:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-03-11 16:29 - 2016-01-19 21:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-11 16:29 - 2016-01-19 21:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-11 16:29 - 2016-01-19 20:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-03-11 16:29 - 2016-01-19 20:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-11 16:29 - 2016-01-19 20:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-03-11 16:29 - 2016-01-19 20:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-03-11 16:29 - 2016-01-19 19:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-11 16:29 - 2016-01-19 18:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-03-11 16:29 - 2016-01-06 20:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-03-11 16:29 - 2015-12-28 23:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-03-11 16:29 - 2015-12-28 22:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-03-11 16:29 - 2015-12-17 20:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-03-11 16:29 - 2015-12-17 18:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-03-11 16:25 - 2016-03-11 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
2016-03-11 16:25 - 2016-03-11 16:25 - 00000000 ____D C:\Program Files\TortoiseGit
2016-03-04 18:29 - 2016-03-04 18:29 - 00205784 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2016-03-04 18:29 - 2016-03-04 18:29 - 00127456 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2016-03-04 12:42 - 2016-03-30 13:06 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-04 11:55 - 2016-03-04 11:55 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-03-04 11:55 - 2016-03-04 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-04 11:55 - 2016-03-04 11:55 - 00000000 ____D C:\Program Files\CCleaner
2016-03-04 11:51 - 2016-03-04 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2016-03-04 11:51 - 2016-03-04 11:51 - 00000000 ____D C:\Program Files (x86)\Atlassian
2016-03-04 10:19 - 2016-03-04 10:19 - 00000080 _____ C:\Users\josef\.gitconfig
2016-03-02 11:21 - 2016-03-02 11:21 - 00269232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2016-02-29 12:29 - 2016-02-29 12:29 - 00000000 ____D C:\Users\josef\.gradle
2016-02-29 12:06 - 2016-02-26 14:59 - 00001156 _____ C:\Users\josef\Desktop\Android Studio.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-30 13:24 - 2015-05-07 11:44 - 00000976 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001UA.job
2016-03-30 13:22 - 2015-02-20 11:13 - 00000000 ____D C:\Users\josef\AppData\Roaming\Skype
2016-03-30 13:21 - 2015-02-25 10:43 - 00000974 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-30 13:09 - 2015-02-19 01:13 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3019013337-324502661-107419074-1001
2016-03-30 13:08 - 2015-03-09 14:33 - 00000000 ____D C:\ProgramData\Oracle
2016-03-30 13:07 - 2015-10-23 13:38 - 00000000 ____D C:\Users\josef\.oracle_jre_usage
2016-03-30 13:07 - 2015-03-09 14:36 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-30 13:07 - 2015-02-19 22:00 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-03-30 13:07 - 2015-02-19 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-03-30 13:07 - 2015-02-19 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-30 13:07 - 2015-02-19 22:00 - 00000000 ____D C:\Program Files\Java
2016-03-30 13:06 - 2014-11-22 03:49 - 00739924 _____ C:\Windows\system32\perfh005.dat
2016-03-30 13:06 - 2014-11-22 03:49 - 00151610 _____ C:\Windows\system32\perfc005.dat
2016-03-30 13:06 - 2014-03-18 12:03 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-30 13:06 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-03-30 13:05 - 2015-09-06 14:29 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-30 13:01 - 2015-02-25 10:43 - 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-30 13:01 - 2015-02-19 01:12 - 00000000 ___RD C:\Users\josef\OneDrive
2016-03-30 13:01 - 2015-02-19 01:07 - 00000000 __SHD C:\Users\josef\IntelGraphicsProfiles
2016-03-30 13:00 - 2016-02-26 14:59 - 00000091 _____ C:\HaxLogs.txt
2016-03-30 13:00 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-30 13:00 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-30 10:39 - 2015-02-20 12:13 - 00000000 ____D C:\Users\josef\.p2
2016-03-30 10:39 - 2015-02-20 10:20 - 00000000 ____D C:\Users\josef\AppData\Local\Eclipse
2016-03-30 09:23 - 2015-04-12 16:15 - 00000000 ____D C:\ProgramData\MFAData
2016-03-29 19:25 - 2015-04-14 20:25 - 00000000 ____D C:\Users\josef\AppData\Roaming\BitComet
2016-03-29 15:24 - 2015-05-07 11:44 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001Core.job
2016-03-29 11:28 - 2015-04-14 20:43 - 00000000 ____D C:\Users\josef\AppData\Roaming\vlc
2016-03-29 09:42 - 2015-03-04 12:35 - 00000600 _____ C:\Users\josef\AppData\Local\PUTTY.RND
2016-03-28 22:03 - 2015-02-19 01:07 - 00000000 ____D C:\Users\josef\AppData\Local\VirtualStore
2016-03-28 08:06 - 2015-03-17 16:48 - 00000000 ____D C:\Users\josef\AppData\Local\TSVNCache
2016-03-26 12:29 - 2015-02-19 22:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-25 14:05 - 2015-09-06 14:29 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-25 09:31 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-03-22 12:26 - 2015-05-26 13:04 - 00000000 ____D C:\Users\josef\.m2
2016-03-22 12:26 - 2015-02-19 22:16 - 00000000 ____D C:\temp
2016-03-21 17:58 - 2016-02-16 11:34 - 00000000 ____D C:\ProgramData\Atlassian
2016-03-20 18:55 - 2015-05-30 11:43 - 00000000 ____D C:\Users\josef\AppData\Local\Avg
2016-03-20 18:55 - 2015-04-12 16:16 - 00000000 ____D C:\Program Files (x86)\AVG
2016-03-20 18:52 - 2015-07-06 22:13 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-20 18:52 - 2015-04-12 16:16 - 00000000 ___HD C:\$AVG
2016-03-20 18:52 - 2015-04-12 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-03-20 18:52 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-03-17 13:11 - 2016-02-16 16:38 - 00001893 _____ C:\Users\Public\Desktop\Docker Quickstart Terminal.lnk
2016-03-17 13:11 - 2016-02-16 16:38 - 00001096 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-03-17 13:11 - 2016-02-16 16:38 - 00000997 _____ C:\Users\Public\Desktop\Kitematic (Alpha).lnk
2016-03-17 13:11 - 2016-02-16 16:38 - 00000000 ____D C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Docker
2016-03-17 13:11 - 2016-02-16 16:37 - 00000000 ____D C:\Program Files\Docker Toolbox
2016-03-17 12:47 - 2016-01-12 15:06 - 00000031 _____ C:\windows-version.txt
2016-03-17 10:17 - 2015-08-27 10:27 - 00000000 ____D C:\Users\josef\AppData\Local\CrashDumps
2016-03-15 10:50 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-03-11 19:16 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-11 19:13 - 2015-02-19 01:27 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-11 19:13 - 2015-02-19 01:27 - 00000000 ____D C:\Windows\system32\MRT
2016-03-11 19:13 - 2014-03-18 11:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-11 18:40 - 2013-08-22 16:44 - 00552792 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 16:31 - 2014-11-22 03:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-11 16:31 - 2014-11-22 03:11 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 16:25 - 2015-03-16 11:52 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-03-11 16:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Registration
2016-03-11 15:52 - 2014-11-22 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2016-03-11 11:21 - 2015-02-25 10:43 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-11 11:21 - 2015-02-25 10:43 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-11 10:39 - 2015-03-27 11:43 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3019013337-324502661-107419074-1001
2016-03-11 10:39 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-09 15:28 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 09:00 - 2015-08-24 09:28 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 09:00 - 2015-08-24 09:28 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-04 18:29 - 2016-02-10 14:05 - 00982504 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-03-04 18:29 - 2016-02-10 14:05 - 00148808 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-03-04 11:56 - 2015-03-18 23:04 - 00000000 ____D C:\Windows\Minidump
2016-03-04 11:56 - 2015-02-27 21:46 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-04 11:56 - 2015-02-19 22:04 - 00000000 ____D C:\Users\josef\AppData\Roaming\DAEMON Tools Lite
2016-03-04 11:56 - 2014-07-14 20:34 - 00000000 ____D C:\Windows\Panther
2016-03-04 10:19 - 2015-02-19 01:06 - 00000000 ____D C:\Users\josef
2016-02-29 16:50 - 2015-07-17 13:38 - 00000000 ____D C:\Users\josef\.android

==================== Files in the root of some directories =======

2015-03-04 12:18 - 2016-02-26 11:59 - 0000600 _____ () C:\Users\josef\AppData\Roaming\winscp.rnd
2015-03-04 12:35 - 2016-03-29 09:42 - 0000600 _____ () C:\Users\josef\AppData\Local\PUTTY.RND
2016-02-10 14:18 - 2016-02-10 14:18 - 0000017 _____ () C:\Users\josef\AppData\Local\resmon.resmoncfg
2014-11-22 03:29 - 2014-11-22 03:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\josef\env.bat

Some files in TEMP:
====================
C:\Users\josef\AppData\Local\Temp\avg-11f58716-3cdc-411e-9e19-f849f190f716.exe
C:\Users\josef\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\josef\AppData\Local\Temp\libeay32.dll
C:\Users\josef\AppData\Local\Temp\lombok-1.16.6-WindowsDriveInfo-x86_64.dll
C:\Users\josef\AppData\Local\Temp\msvcr120.dll
C:\Users\josef\AppData\Local\Temp\PROCEXP64.exe
C:\Users\josef\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-30 11:26

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Acer) (Fixed) (Total:79.37 GB) (Free:17.03 GB) NTFS
Drive d: (work) (Fixed) (Total:39.06 GB) (Free:23.51 GB) NTFS
Drive e: (DATA) (Fixed) (Total:915.25 GB) (Free:631.13 GB) NTFS
Drive g: (Ori and the Blind Forest) (CDROM) (Total:3.27 GB) (Free:0 GB) UDF

Available physical RAM: 13544.18 MB
Total physical RAM: 16307.27 MB
Percentage of memory in use: 16%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 119.2 GB) (Disk ID: C7FB8CF6)
Disk: 1 (Size: 931.5 GB) (Disk ID: C7FB8CC9)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001Core.job => C:\Users\josef\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001UA.job => C:\Users\josef\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\josef\Desktop" je 2 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Poustel jsem ho pred tim, nez jsem zalozil tohle vlakno. Neco malo nasel tak jsem to promazal. Po opetovnem pusteni dnes, pise ze nic nenasel.

Tento PC je váš, nebo firemní?

muj ale pouzivam ho v praci

OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3019013337-324502661-107419074-1001 -> DefaultScope {1EFA2624-0CD0-42AA-B0C9-0B4B01197E7D} URL =
SearchScopes: HKU\S-1-5-21-3019013337-324502661-107419074-1001 -> {1EFA2624-0CD0-42AA-B0C9-0B4B01197E7D} URL =
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001UA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001Core.job
C:\ProgramData\DP45977C.lfl
C:\Users\josef\env.bat
C:\Users\josef\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by josef (2016-04-04 10:42:32) Run:1
Running from C:\Users\josef\Desktop
Loaded Profiles: josef (Available Profiles: josef)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3019013337-324502661-107419074-1001 -> DefaultScope {1EFA2624-0CD0-42AA-B0C9-0B4B01197E7D} URL =
SearchScopes: HKU\S-1-5-21-3019013337-324502661-107419074-1001 -> {1EFA2624-0CD0-42AA-B0C9-0B4B01197E7D} URL =
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001UA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001Core.job
C:\ProgramData\DP45977C.lfl
C:\Users\josef\env.bat
C:\Users\josef\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3019013337-324502661-107419074-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3019013337-324502661-107419074-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1EFA2624-0CD0-42AA-B0C9-0B4B01197E7D}" => key removed successfully
HKCR\CLSID\{1EFA2624-0CD0-42AA-B0C9-0B4B01197E7D} => key not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019013337-324502661-107419074-1001Core.job => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
C:\Users\josef\env.bat => moved successfully

"C:\Users\josef\AppData\Local\Temp" folder move:

Could not move "C:\Users\josef\AppData\Local\Temp" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-04 10:44:29)

"C:\ProgramData\DP45977C.lfl" => Could not move
C:\Users\josef\AppData\Local\Temp => moved successfully

==== End of Fixlog 10:44:29 ====

Smazáno, log je OK. Ještě bych doporučil kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

ten jsem poustel nez jsem sem psal. neco to naslo tak jsem to smazal. pri dnesnim pusteni uz to nic nenaslo.
Diky moc za pomoc.

jeste otazka na zaver. podle ceho v tom logu z FRST identifikujete potencialni hrozbu? Nejsem uplna lama tak bych to treba priste zkusil sam a neprudil tady

V našem případě je malware jen toto:

C:\ProgramData\DP45977C.lfl
C:\Users\josef\env.bat

Ostatní jsou zbytečnosti.

K vyhodnocení logu to chce nějakou tu zkušenost. To, co eventuálně našel ADWCleaner jsou AdWary.

VIRY.CZ

Podezrele prihlaseni k email.seznam.cz

Podezrele prihlaseni k email.seznam.cz

Re: Podezrele prihlaseni k email.seznam.cz

Re: Podezrele prihlaseni k email.seznam.cz

Re: Podezrele prihlaseni k email.seznam.cz

Re: Podezrele prihlaseni k email.seznam.cz

Re: Podezrele prihlaseni k email.seznam.cz

Re: Podezrele prihlaseni k email.seznam.cz

Re: Podezrele prihlaseni k email.seznam.cz

Re: Podezrele prihlaseni k email.seznam.cz

Re: Podezrele prihlaseni k email.seznam.cz