Prosím o kontrolu logu, prý je tam malware

[delaware]

Ahoj,
prý mám v pracovním notebooku nějaký malware. Projížděli jsme jej ESET online scanem, Spybotem i antivirákem a nic. Nepoznáte to prosím z logu FRST? Moc díky předem za včasnou odpověď.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by lkalouskova (administrator) on LKALOUSKOVA (14-04-2016 13:33:48)
Running from C:\Users\lkalouskova\Downloads
Loaded Profiles: lkalouskova (Available Profiles: Administrator & lkalouskova)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\lkalouskova\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Spotify Ltd) C:\Users\lkalouskova\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\lkalouskova\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\lkalouskova\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\lkalouskova\AppData\Roaming\Spotify\Spotify.exe
(Slack Technologies) C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe
(Slack Technologies) C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe
(Slack Technologies) C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe
(Slack Technologies) C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Slack Technologies) C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Slack Technologies) C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2806199024-1202645850-2979134782-17266\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27899592 2016-01-12] (Microsoft Corporation)
HKU\S-1-5-21-2806199024-1202645850-2979134782-17266\...\Run: [GoogleChromeAutoLaunch_609F1BEA8E28D7C60BF5F7C43F5FADC2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-2806199024-1202645850-2979134782-17266\...\Run: [Spotify Web Helper] => C:\Users\lkalouskova\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-07] (Spotify Ltd)
HKU\S-1-5-21-2806199024-1202645850-2979134782-17266\...\Run: [Spotify] => C:\Users\lkalouskova\AppData\Roaming\Spotify\Spotify.exe [6891120 2016-04-07] (Spotify Ltd)
HKU\S-1-5-21-2806199024-1202645850-2979134782-17266\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\Users\lkalouskova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-03-01]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\lkalouskova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-03-30]
ShortcutTarget: Slack.lnk -> C:\Users\lkalouskova\AppData\Local\slack\Update.exe (GitHub)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-02-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-02-29]
ShortcutTarget: Slack.lnk -> C:\Users\lkalouskova\AppData\Local\slack\Update.exe (GitHub)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.6 192.168.1.2
Tcpip\..\Interfaces\{8F0F636D-11E5-4E8A-BEF2-91499137FF0C}: [DhcpNameServer] 192.168.1.6 192.168.1.2
Tcpip\..\Interfaces\{DCD9D0D6-549E-4B39-86CE-EB95BD9F6E4E}: [DhcpNameServer] 192.168.1.6 192.168.1.2

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-25] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-29]
CHR Extension: (Prezentace Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-29]
CHR Extension: (Disk Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-29]
CHR Extension: (YouTube) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-29]
CHR Extension: (Vyhledávání Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-29]
CHR Extension: (Prezentace Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-29]
CHR Extension: (Prezentace Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Prezentace Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Prezentace Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-03-01]
CHR Extension: (Prezentace Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmbmcpeaglnnglogmcnhcdagdaepep [2016-03-01]
CHR Extension: (Prezentace Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-03-01]
CHR Extension: (Cath Kidston) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm [2016-03-01]
CHR Extension: (Prezentace Google) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-04-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-12-04] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-02] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443648 2013-04-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [455936 2013-04-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [22272 2013-04-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [508160 2013-04-22] (MCCI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-16] (Sonix Tech. Co., Ltd.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-07-22] (Cisco Systems, Inc.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-25] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 13:33 - 2016-04-14 13:33 - 00022616 _____ C:\Users\lkalouskova\Downloads\FRST.txt
2016-04-14 13:32 - 2016-04-14 13:33 - 00000000 ____D C:\FRST
2016-04-14 13:32 - 2016-04-14 13:32 - 02375168 _____ (Farbar) C:\Users\lkalouskova\Downloads\FRST64.exe
2016-04-12 13:46 - 2016-04-12 13:46 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-12 13:46 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-04-12 13:42 - 2016-04-12 14:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-12 13:42 - 2016-04-12 13:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-12 13:42 - 2016-04-12 13:42 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-04-12 13:42 - 2016-04-12 13:42 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-04-12 13:42 - 2016-04-12 13:42 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-04-12 13:42 - 2016-04-12 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-04-12 13:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-04-12 13:41 - 2016-04-12 13:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\lkalouskova\Downloads\spybot-2.4.exe
2016-04-12 13:18 - 2016-04-12 13:18 - 02870984 _____ (ESET) C:\Users\lkalouskova\Downloads\esetsmartinstaller_csy.exe
2016-04-12 13:18 - 2016-04-12 13:18 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-07 14:57 - 2016-04-07 14:57 - 00903345 _____ C:\Users\lkalouskova\Downloads\zaverecna_prace.pdf
2016-03-31 10:20 - 2016-03-31 10:20 - 00018236 _____ C:\Users\lkalouskova\Downloads\Adresar-Informatorium5.xlsx
2016-03-29 10:36 - 2016-03-29 10:36 - 00000000 ____D C:\Users\lkalouskova\AppData\Roaming\Sun
2016-03-29 10:36 - 2016-03-29 10:36 - 00000000 ____D C:\Users\lkalouskova\AppData\LocalLow\Sun
2016-03-29 10:36 - 2016-03-29 10:36 - 00000000 ____D C:\Users\lkalouskova\.oracle_jre_usage
2016-03-21 12:01 - 2016-03-21 12:01 - 01094068 _____ C:\Users\lkalouskova\Downloads\vystupy_test_ss_NETU_KUBIROB.pdf.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 13:12 - 2016-02-29 17:21 - 00001312 _____ C:\Windows\system32\config\netlogon.ftl
2016-04-14 13:06 - 2016-02-29 16:01 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 12:45 - 2016-03-03 15:09 - 00000000 ____D C:\Users\lkalouskova\AppData\Local\Spotify
2016-04-14 12:43 - 2015-09-23 13:37 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 12:42 - 2016-03-03 15:09 - 00000000 ____D C:\Users\lkalouskova\AppData\Roaming\Spotify
2016-04-14 09:52 - 2009-07-14 06:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 09:52 - 2009-07-14 06:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 09:50 - 2009-08-31 02:05 - 00672048 _____ C:\Windows\system32\perfh005.dat
2016-04-14 09:50 - 2009-08-31 02:05 - 00142704 _____ C:\Windows\system32\perfc005.dat
2016-04-14 09:50 - 2009-07-14 07:13 - 01591930 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-14 09:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-14 09:45 - 2016-03-01 13:56 - 00000000 ____D C:\Users\lkalouskova\AppData\Roaming\Slack
2016-04-14 09:44 - 2016-02-29 17:24 - 00000000 __SHD C:\Users\lkalouskova\IntelGraphicsProfiles
2016-04-14 09:44 - 2016-02-29 16:01 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 09:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-13 09:41 - 2016-02-29 17:24 - 00000438 __RSH C:\Users\lkalouskova\ntuser.pol
2016-04-13 09:41 - 2016-02-29 17:24 - 00000000 ____D C:\Users\lkalouskova
2016-04-12 10:08 - 2016-02-29 16:02 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 10:08 - 2016-02-29 16:02 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-12 09:30 - 2016-02-29 17:24 - 00013368 __RSH C:\ProgramData\ntuser.pol
2016-04-08 11:43 - 2015-09-23 13:37 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 11:43 - 2015-09-23 13:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 11:43 - 2015-09-23 13:37 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-30 09:39 - 2016-03-01 13:56 - 00002110 _____ C:\Users\lkalouskova\Desktop\Slack.lnk
2016-03-30 09:39 - 2016-03-01 13:56 - 00000000 ____D C:\Users\lkalouskova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2016-03-30 09:39 - 2016-03-01 13:56 - 00000000 ____D C:\Users\lkalouskova\AppData\Local\SquirrelTemp
2016-03-30 09:39 - 2016-03-01 13:56 - 00000000 ____D C:\Users\lkalouskova\AppData\Local\slack
2016-03-16 10:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\jre-8u73-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-08 12:18

==================== End of FRST.txt ============================

[Roli]

Zdravím,

v první řadě odinstalovat Spybot SD a Spotify Web Helper.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.

[delaware]

Vše proběhlo, registry vyčištěny na vícekrát.

Tady je report z AdwCleaneru:


# AdwCleaner v5.111 - Log soubor vytvořen 15/04/2016 o 12:12:40
# Aktualizováno 14/04/2016 by Xplode
# Databáze : 2016-04-11.4 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Jméno uživatele : lkalouskova - LKALOUSKOVA
# Spuštěno z : C:\Users\lkalouskova\Downloads\adwcleaner_5.111.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****


***** [ Soubory ] *****


***** [ DLLs ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****


***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
:: Chrome preferences reset : C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [881 bytes] - [15/04/2016 12:12:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [826 bytes] - [15/04/2016 12:12:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1025 bytes] ##########

[Roli]

Použij Mbam z mého podpisu a dej mi sem z něj log po smazání.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[delaware]

Tak jsem zpět Nejprve posílám log z MBMA:


Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 18.4.2016
Čas skenování: 11:28
Protokol: log_mbam.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.04.18.02
Databáze rootkitů: v2016.04.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: lkalouskova

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 410250
Uplynulý čas: 3 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[delaware]

A tady je ComboFix:



ComboFix 16-04-13.01 - lkalouskova 18.04.2016 12:00:01.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8055.4336 [GMT 2:00]
Spuštěný z: c:\users\lkalouskova\Downloads\ComboFix.exe
AV: System Center Endpoint Protection *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: System Center Endpoint Protection *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ar\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\bg\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ca\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\cs\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\da\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\de\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\el\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\en\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\es\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fi\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fr\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\gu\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\he\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hr\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hu\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\id\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\it\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ja\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ko\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nb\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nl\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pl\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_BR\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_PT\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ro\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ru\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sk\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sl\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sr\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sv\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\tr\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\uk\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\vi\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_CN\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_TW\messages.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\computed_hashes.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\verified_contents.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_beforeload.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_contentblocking.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_common.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_chrome.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\background.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\bandaids.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.css
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\datacollection.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\declarativewebrequest.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\domainset.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filternormalizer.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filteroptions.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filterset.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filtertypes.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\myfilters.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\functions.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\gab_question.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\CHANGELOG.txt
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\checkupdates.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\idlehandler.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\delete.gif
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox1.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox2.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox3.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\facebook-sprite.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\gplus-sprite.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon128.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16_grayscale.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16_grayscale@2x.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-grayscale.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-whitelisted.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon24.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon32.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-grayscale.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-whitelisted.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon48.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\loader.gif
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\logo.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\check.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\magnifying_glass.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-card_no-shadow.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-icons.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-omnibox-card_no-shadow.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search_engine_select_arrow.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\twitter-sprite.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\jquery-ui.custom.css
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\override-page.css
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery-ui.custom.min.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.cookie.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.min.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\LICENSE
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\manifest.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\notificationoverlay.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\options.css
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.css
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.css
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.html
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\port.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\punycode.min.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\README.markdown
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\stats.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\survey.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\translators.json
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\blacklistui.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\clickwatcher.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\elementchain.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\overlay.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\load_jquery_ui.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\send_content_to_back.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_blacklist_ui.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_whitelist_ui.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\ytchannel.js
c:\users\lkalouskova\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-03-18 do 2016-04-18 )))))))))))))))))))))))))))))))
.
.
2016-04-18 10:03 . 2016-04-18 10:03 -------- d-----w- c:\users\User\AppData\Local\temp
2016-04-18 10:03 . 2016-04-18 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-18 10:03 . 2016-04-18 10:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-04-18 09:57 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D26EBFA5-13C9-495B-A5C0-6573F180C271}\mpengine.dll
2016-04-18 09:26 . 2016-04-18 09:54 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-18 09:26 . 2016-04-18 09:26 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-04-18 09:26 . 2016-04-18 09:26 -------- d-----w- c:\programdata\Malwarebytes
2016-04-18 09:26 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-18 09:26 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-18 09:26 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-15 10:24 . 2016-04-15 10:24 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2016-04-15 10:18 . 2016-04-15 10:18 -------- d-----w- c:\users\Default\AppData\Local\Google
2016-04-15 10:18 . 2016-04-15 10:18 -------- d-----w- c:\program files (x86)\Seznam.cz
2016-04-15 10:17 . 2016-04-18 09:27 -------- d-----w- c:\users\lkalouskova\AppData\Roaming\Seznam.cz
2016-04-15 10:10 . 2016-04-15 10:12 -------- d-----w- C:\AdwCleaner
2016-04-15 10:07 . 2016-04-15 10:07 -------- d-----w- c:\program files\CCleaner
2016-04-14 11:32 . 2016-04-14 11:34 -------- d-----w- C:\FRST
2016-04-12 11:46 . 2016-04-12 11:46 -------- d-----w- c:\program files\Common Files\AV
2016-04-12 11:42 . 2016-04-15 09:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2016-04-12 11:42 . 2016-04-15 09:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2016-04-12 11:42 . 2016-04-12 11:42 -------- d-----w- c:\users\lkalouskova\AppData\Local\Programs
2016-04-12 11:18 . 2016-04-12 11:18 -------- d-----w- c:\program files (x86)\ESET
2016-04-12 07:51 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-03-29 08:36 . 2016-03-29 08:36 -------- d-----w- c:\users\lkalouskova\.oracle_jre_usage
2016-03-29 07:38 . 2015-09-22 14:00 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B88D964-FFDA-4018-BD0E-2E074F58B3E0}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-08 09:43 . 2015-09-23 11:37 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 09:43 . 2015-09-23 11:37 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-25 08:02 . 2015-09-22 13:05 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-02-24 14:05 . 2015-09-18 14:40 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-02-06 10:48 . 2016-02-24 13:55 25839104 ----a-w- c:\windows\system32\mshtml.dll
2016-02-06 10:32 . 2016-02-24 13:55 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-02-06 10:24 . 2016-02-24 13:55 2887680 ----a-w- c:\windows\system32\iertutil.dll
2016-02-06 10:11 . 2016-02-24 13:55 615936 ----a-w- c:\windows\system32\ieui.dll
2016-02-06 10:10 . 2016-02-24 13:55 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-02-06 09:54 . 2016-02-24 13:55 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-02-06 09:37 . 2016-02-24 13:55 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-02-06 09:32 . 2016-02-24 13:55 14458368 ----a-w- c:\windows\system32\ieframe.dll
2016-02-06 09:09 . 2016-02-24 13:55 1547264 ----a-w- c:\windows\system32\urlmon.dll
2016-01-28 11:09 . 2016-01-28 11:09 374224 ------w- c:\windows\autosid.exe
2016-01-22 20:31 . 2016-02-24 13:56 387784 ----a-w- c:\windows\system32\iedkcs32.dll
2016-01-22 06:56 . 2016-02-24 13:56 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-01-22 06:41 . 2016-02-24 13:56 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-01-22 06:40 . 2016-02-24 13:56 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-01-22 06:40 . 2016-02-24 13:56 417792 ----a-w- c:\windows\system32\html.iec
2016-01-22 06:40 . 2016-02-24 13:56 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-01-22 06:40 . 2016-02-24 13:56 571904 ----a-w- c:\windows\system32\vbscript.dll
2016-01-22 06:33 . 2016-02-24 13:56 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-01-22 06:32 . 2016-02-24 13:56 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-01-22 06:29 . 2016-02-24 13:56 6052352 ----a-w- c:\windows\system32\jscript9.dll
2016-01-22 06:27 . 2016-02-24 13:56 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-01-22 06:27 . 2016-02-24 13:56 817664 ----a-w- c:\windows\system32\jscript.dll
2016-01-22 06:27 . 2016-02-24 13:56 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-01-22 06:27 . 2016-02-24 13:54 5573056 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-01-22 06:27 . 2016-02-24 13:54 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-01-22 06:27 . 2016-02-24 13:54 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-01-22 06:24 . 2016-02-24 13:54 1733592 ----a-w- c:\windows\system32\ntdll.dll
2016-01-22 06:20 . 2016-02-24 13:54 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-01-22 06:20 . 2016-02-24 13:54 243712 ----a-w- c:\windows\system32\wow64.dll
2016-01-22 06:20 . 2016-02-24 13:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-01-22 06:20 . 2016-02-24 13:54 215040 ----a-w- c:\windows\system32\winsrv.dll
2016-01-22 06:20 . 2016-02-24 13:56 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-01-22 06:20 . 2016-02-24 13:54 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-01-22 06:20 . 2016-02-24 13:54 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-01-22 06:20 . 2016-02-24 13:54 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-01-22 06:20 . 2016-02-24 13:54 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-01-22 06:20 . 2016-02-24 13:54 503808 ----a-w- c:\windows\system32\srcore.dll
2016-01-22 06:20 . 2016-02-24 13:54 50176 ----a-w- c:\windows\system32\srclient.dll
2016-01-22 06:19 . 2016-02-24 13:55 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-01-22 06:19 . 2016-02-24 13:54 28160 ----a-w- c:\windows\system32\secur32.dll
2016-01-22 06:19 . 2016-02-24 13:54 344064 ----a-w- c:\windows\system32\schannel.dll
2016-01-22 06:19 . 2016-02-24 13:54 1214464 ----a-w- c:\windows\system32\rpcrt4.dll
2016-01-22 06:18 . 2016-02-24 13:54 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:18 . 2016-02-24 13:54 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:18 . 2016-02-24 13:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-01-22 06:17 . 2016-02-24 13:56 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-01-22 06:17 . 2016-02-24 13:54 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-01-22 06:17 . 2016-02-24 13:54 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-01-22 06:17 . 2016-02-24 13:54 315392 ----a-w- c:\windows\system32\msv1_0.dll
2016-01-22 06:16 . 2016-02-24 13:54 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-01-22 06:16 . 2016-02-24 13:54 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-01-22 06:16 . 2016-02-24 13:54 1461248 ----a-w- c:\windows\system32\lsasrv.dll
2016-01-22 06:15 . 2016-02-24 13:54 730112 ----a-w- c:\windows\system32\kerberos.dll
2016-01-22 06:15 . 2016-02-24 13:54 422400 ----a-w- c:\windows\system32\KernelBase.dll
2016-01-22 06:15 . 2016-02-24 13:54 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-01-22 06:15 . 2016-02-24 13:55 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-01-22 06:13 . 2016-02-24 13:54 3993536 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-01-22 06:13 . 2016-02-24 13:54 3938752 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-01-22 06:13 . 2016-02-24 13:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2016-01-22 06:13 . 2016-02-24 13:54 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-01-22 06:13 . 2016-02-24 13:54 22016 ----a-w- c:\windows\system32\credssp.dll
2016-01-22 06:12 . 2016-02-24 13:55 1940992 ----a-w- c:\windows\system32\authui.dll
2016-01-22 06:12 . 2016-02-24 13:54 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-01-22 06:12 . 2016-02-24 13:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 880128 ----a-w- c:\windows\system32\advapi32.dll
2016-01-22 06:12 . 2016-02-24 13:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 686080 ----a-w- c:\windows\system32\adtschema.dll
2016-01-22 06:12 . 2016-02-24 13:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-22 06:09 . 2016-02-24 13:54 1314328 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-01-22 06:09 . 2016-02-24 13:56 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-01-22 06:08 . 2016-02-24 13:56 107520 ----a-w- c:\windows\system32\inseng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lync"="c:\program files\Microsoft Office\Office15\lync.exe" [2016-01-12 27899592]
"GoogleChromeAutoLaunch_609F1BEA8E28D7C60BF5F7C43F5FADC2"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-04-06 874648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2015-07-22 708496]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2015-12-1 1192656]
Slack.lnk - c:\users\lkalouskova\AppData\Local\slack\Update.exe --processStart slack.exe -a ""--startup"" [2016-3-1 1529312]
.
c:\users\lkalouskova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2015-12-1 1192656]
Slack.lnk - c:\users\lkalouskova\AppData\Local\slack\Update.exe --processStart slack.exe -a "--startup" [2016-3-1 1529312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\h36wgps64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 Mbm3CBus;HP hs2350 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 08:06 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{AC76BA86-0000-0000-7760-7E8A45000000}]
2015-12-18 15:42 336056 ----a-w- c:\program files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23 09:43]
.
2016-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29 14:01]
.
2016-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29 14:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-12 17:58 2348336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-12 17:58 2348336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-12 17:58 2348336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Nová poznámka - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Od&eslat do OneNotu - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Vystřihnout obrázek - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Vystřihnout tuto stránku - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Vystřihnout výběr - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Vystřihnout záložku - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
TCP: DhcpNameServer = 192.168.1.6 192.168.1.2
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-04-18 12:05:16
ComboFix-quarantined-files.txt 2016-04-18 10:05
.
Před spuštěním: Volných bajtů: 48 646 131 712
Po spuštění: Volných bajtů: 48 361 394 176
.
- - End Of File - - 2A26731C9B98979C6946EC524C36139B
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Mbam zase odinstaluj a také ještě vše od Seznam.cz


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::  
c:\programdata\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy 2

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[delaware]

Seznam Software, MBAM - odisnstalováno. Ostatní proběhlo též dle návodu.

Nový log z ComboFixu:


ComboFix 16-04-13.01 - lkalouskova 18.04.2016 13:49:35.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8055.4565 [GMT 2:00]
Spuštěný z: c:\users\lkalouskova\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\lkalouskova\Desktop\CFScript.txt
AV: System Center Endpoint Protection *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: System Center Endpoint Protection *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Spybot - Search & Destroy 2
c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe.log
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-install-av-update.exe
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-hux2.exe
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-windows-upgrade-installer.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Cleaning\160412-134857.xml
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Logs\160412-134857.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.160412-1408.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.160412-1430.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.160414-1333.txt
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-03-18 do 2016-04-18 )))))))))))))))))))))))))))))))
.
.
2016-04-18 11:52 . 2016-04-18 11:52 -------- d-----w- c:\users\User\AppData\Local\temp
2016-04-18 11:52 . 2016-04-18 11:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-18 11:52 . 2016-04-18 11:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-04-18 09:57 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D26EBFA5-13C9-495B-A5C0-6573F180C271}\mpengine.dll
2016-04-18 09:26 . 2016-04-18 09:26 -------- d-----w- c:\programdata\Malwarebytes
2016-04-15 10:24 . 2016-04-15 10:24 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2016-04-15 10:18 . 2016-04-15 10:18 -------- d-----w- c:\users\Default\AppData\Local\Google
2016-04-15 10:18 . 2016-04-18 11:46 -------- d-----w- c:\program files (x86)\Seznam.cz
2016-04-15 10:17 . 2016-04-18 11:46 -------- d-----w- c:\users\lkalouskova\AppData\Roaming\Seznam.cz
2016-04-15 10:10 . 2016-04-15 10:12 -------- d-----w- C:\AdwCleaner
2016-04-15 10:07 . 2016-04-15 10:07 -------- d-----w- c:\program files\CCleaner
2016-04-14 11:32 . 2016-04-14 11:34 -------- d-----w- C:\FRST
2016-04-12 11:46 . 2016-04-12 11:46 -------- d-----w- c:\program files\Common Files\AV
2016-04-12 11:42 . 2016-04-12 11:42 -------- d-----w- c:\users\lkalouskova\AppData\Local\Programs
2016-04-12 11:18 . 2016-04-12 11:18 -------- d-----w- c:\program files (x86)\ESET
2016-04-12 07:51 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-03-29 08:36 . 2016-03-29 08:36 -------- d-----w- c:\users\lkalouskova\.oracle_jre_usage
2016-03-29 07:38 . 2015-09-22 14:00 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B88D964-FFDA-4018-BD0E-2E074F58B3E0}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-08 09:43 . 2015-09-23 11:37 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 09:43 . 2015-09-23 11:37 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-25 08:02 . 2015-09-22 13:05 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-02-24 14:05 . 2015-09-18 14:40 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-02-06 10:48 . 2016-02-24 13:55 25839104 ----a-w- c:\windows\system32\mshtml.dll
2016-02-06 10:32 . 2016-02-24 13:55 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-02-06 10:24 . 2016-02-24 13:55 2887680 ----a-w- c:\windows\system32\iertutil.dll
2016-02-06 10:11 . 2016-02-24 13:55 615936 ----a-w- c:\windows\system32\ieui.dll
2016-02-06 10:10 . 2016-02-24 13:55 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-02-06 09:54 . 2016-02-24 13:55 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-02-06 09:37 . 2016-02-24 13:55 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-02-06 09:32 . 2016-02-24 13:55 14458368 ----a-w- c:\windows\system32\ieframe.dll
2016-02-06 09:09 . 2016-02-24 13:55 1547264 ----a-w- c:\windows\system32\urlmon.dll
2016-01-28 11:09 . 2016-01-28 11:09 374224 ------w- c:\windows\autosid.exe
2016-01-22 20:31 . 2016-02-24 13:56 387784 ----a-w- c:\windows\system32\iedkcs32.dll
2016-01-22 06:56 . 2016-02-24 13:56 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-01-22 06:41 . 2016-02-24 13:56 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-01-22 06:40 . 2016-02-24 13:56 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-01-22 06:40 . 2016-02-24 13:56 417792 ----a-w- c:\windows\system32\html.iec
2016-01-22 06:40 . 2016-02-24 13:56 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-01-22 06:40 . 2016-02-24 13:56 571904 ----a-w- c:\windows\system32\vbscript.dll
2016-01-22 06:33 . 2016-02-24 13:56 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-01-22 06:32 . 2016-02-24 13:56 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-01-22 06:29 . 2016-02-24 13:56 6052352 ----a-w- c:\windows\system32\jscript9.dll
2016-01-22 06:27 . 2016-02-24 13:56 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-01-22 06:27 . 2016-02-24 13:56 817664 ----a-w- c:\windows\system32\jscript.dll
2016-01-22 06:27 . 2016-02-24 13:56 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-01-22 06:27 . 2016-02-24 13:54 5573056 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-01-22 06:27 . 2016-02-24 13:54 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-01-22 06:27 . 2016-02-24 13:54 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-01-22 06:24 . 2016-02-24 13:54 1733592 ----a-w- c:\windows\system32\ntdll.dll
2016-01-22 06:20 . 2016-02-24 13:54 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-01-22 06:20 . 2016-02-24 13:54 243712 ----a-w- c:\windows\system32\wow64.dll
2016-01-22 06:20 . 2016-02-24 13:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-01-22 06:20 . 2016-02-24 13:54 215040 ----a-w- c:\windows\system32\winsrv.dll
2016-01-22 06:20 . 2016-02-24 13:56 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-01-22 06:20 . 2016-02-24 13:54 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-01-22 06:20 . 2016-02-24 13:54 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-01-22 06:20 . 2016-02-24 13:54 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-01-22 06:20 . 2016-02-24 13:54 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-01-22 06:20 . 2016-02-24 13:54 503808 ----a-w- c:\windows\system32\srcore.dll
2016-01-22 06:20 . 2016-02-24 13:54 50176 ----a-w- c:\windows\system32\srclient.dll
2016-01-22 06:19 . 2016-02-24 13:55 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-01-22 06:19 . 2016-02-24 13:54 28160 ----a-w- c:\windows\system32\secur32.dll
2016-01-22 06:19 . 2016-02-24 13:54 344064 ----a-w- c:\windows\system32\schannel.dll
2016-01-22 06:19 . 2016-02-24 13:54 1214464 ----a-w- c:\windows\system32\rpcrt4.dll
2016-01-22 06:18 . 2016-02-24 13:54 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:18 . 2016-02-24 13:54 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:18 . 2016-02-24 13:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-01-22 06:17 . 2016-02-24 13:56 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-01-22 06:17 . 2016-02-24 13:54 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-01-22 06:17 . 2016-02-24 13:54 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-01-22 06:17 . 2016-02-24 13:54 315392 ----a-w- c:\windows\system32\msv1_0.dll
2016-01-22 06:16 . 2016-02-24 13:54 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-01-22 06:16 . 2016-02-24 13:54 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-01-22 06:16 . 2016-02-24 13:54 1461248 ----a-w- c:\windows\system32\lsasrv.dll
2016-01-22 06:15 . 2016-02-24 13:54 730112 ----a-w- c:\windows\system32\kerberos.dll
2016-01-22 06:15 . 2016-02-24 13:54 422400 ----a-w- c:\windows\system32\KernelBase.dll
2016-01-22 06:15 . 2016-02-24 13:54 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-01-22 06:15 . 2016-02-24 13:55 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-01-22 06:13 . 2016-02-24 13:54 3993536 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-01-22 06:13 . 2016-02-24 13:54 3938752 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-01-22 06:13 . 2016-02-24 13:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2016-01-22 06:13 . 2016-02-24 13:54 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-01-22 06:13 . 2016-02-24 13:54 22016 ----a-w- c:\windows\system32\credssp.dll
2016-01-22 06:12 . 2016-02-24 13:55 1940992 ----a-w- c:\windows\system32\authui.dll
2016-01-22 06:12 . 2016-02-24 13:54 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-01-22 06:12 . 2016-02-24 13:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 880128 ----a-w- c:\windows\system32\advapi32.dll
2016-01-22 06:12 . 2016-02-24 13:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 686080 ----a-w- c:\windows\system32\adtschema.dll
2016-01-22 06:12 . 2016-02-24 13:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-22 06:12 . 2016-02-24 13:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-22 06:09 . 2016-02-24 13:54 1314328 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-01-22 06:09 . 2016-02-24 13:56 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-01-22 06:08 . 2016-02-24 13:56 107520 ----a-w- c:\windows\system32\inseng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lync"="c:\program files\Microsoft Office\Office15\lync.exe" [2016-01-12 27899592]
"GoogleChromeAutoLaunch_609F1BEA8E28D7C60BF5F7C43F5FADC2"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-04-06 874648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2015-07-22 708496]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2015-12-1 1192656]
Slack.lnk - c:\users\lkalouskova\AppData\Local\slack\Update.exe --processStart slack.exe -a ""--startup"" [2016-3-1 1529312]
.
c:\users\lkalouskova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2015-12-1 1192656]
Slack.lnk - c:\users\lkalouskova\AppData\Local\slack\Update.exe --processStart slack.exe -a "--startup" [2016-3-1 1529312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\h36wgps64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 Mbm3CBus;HP hs2350 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 08:06 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{AC76BA86-0000-0000-7760-7E8A45000000}]
2015-12-18 15:42 336056 ----a-w- c:\program files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23 09:43]
.
2016-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29 14:01]
.
2016-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29 14:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-12 17:58 2348336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-12 17:58 2348336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-12 17:58 2348336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Nová poznámka - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Od&eslat do OneNotu - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Vystřihnout obrázek - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Vystřihnout tuto stránku - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Vystřihnout výběr - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Vystřihnout záložku - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
TCP: DhcpNameServer = 192.168.1.6 192.168.1.2
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2016-04-18 13:53:47
ComboFix-quarantined-files.txt 2016-04-18 11:53
ComboFix2.txt 2016-04-18 10:05
.
Před spuštěním: Volných bajtů: 48 297 512 960
Po spuštění: Volných bajtů: 48 237 166 592
.
- - End Of File - - 54C1F2AD4B88196202F54030F7C6AF10
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
c:\program files (x86)\Seznam.cz
c:\users\lkalouskova\AppData\Roaming\Seznam.cz
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[delaware]

Done.


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\program files (x86)\Seznam.cz folder moved successfully.
c:\users\lkalouskova\AppData\Roaming\Seznam.cz folder moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: lkalouskova
->Temp folder emptied: 4263987 bytes
->Temporary Internet Files folder emptied: 7994604 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 366002053 bytes
->Flash cache emptied: 507 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6879351 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 68983497 bytes
->Flash cache emptied: 291 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56491 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 433,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 04192016_152236

Files moved on Reboot...
C:\Users\lkalouskova\AppData\Local\Temp\Slack Crashes\operation_log.txt moved successfully.
C:\Users\lkalouskova\AppData\Local\Temp\ExchangePerflog_8484fa31feb1e283cfcccd43.dat moved successfully.
C:\Users\lkalouskova\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\lkalouskova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{50E4D0CF-EF99-4159-8F39-EEBDB3CDDC83}.tmp not found!
File C:\Users\lkalouskova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7B14AEC6-33EE-4B8E-9BF1-AB6188165CA8}.tmp not found!
File C:\Users\lkalouskova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C9FE1173-75CB-4A17-A9ED-17135DA61206}.tmp not found!
File C:\Users\lkalouskova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D1E4E45D-99B8-41DD-A4CB-7F2A8BE85241}.tmp not found!
File C:\Users\lkalouskova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F8C18BA6-A6C7-4B1B-A594-194DE041A738}.tmp not found!
C:\Users\lkalouskova\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\adobegc.log scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Roli]

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Tímto máme uklizeno tak že, pak dej vědět jak se PC chová.

[delaware]

On se ten notebook nechoval divně ani předtím, jen mi psali z firemního supportu, že tam mám nějaký podivný provoz a že to vypadá na malware. Byl tam nějaký malware nakonec?

Moc díky!

[Roli]

Něco málo tam bylo, ale ještě mi sem dej aktuální log z Rsit, mrknu zda se tam ještě něco neukrývá.

[delaware]

Tak tady je :

Logfile of random's system information tool 1.10 (written by random/random)
Run by lkalouskova at 2016-04-21 10:26:55
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 50 GB (48%) free of 103 GB
Total RAM: 8055 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:56, on 21.4.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18205)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\lkalouskova.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_609F1BEA8E28D7C60BF5F7C43F5FADC2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Slack.lnk = C:\Users\lkalouskova\AppData\Local\slack\Update.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Vystřihnout obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Vystřihnout záložku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = clance.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = clance.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = clance.local
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13077 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
taskeng.exe {5B9EC325-A053-4FA4-B3E1-65A4985018CF}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe" servicemode
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-71987897-79c4-4f54-8d17-dcbc81f16564 -SystemEventPortName:HostProcess-e1a26e9d-e9a5-498d-8cc2-0f6a5897da02 -IoCancelEventPortName:HostProcess-d536fd02-c88d-4b63-90f1-d935be83d1cb -NonStateChangingEventPortName:HostProcess-001bfea4-1f44-4c8d-8382-d34e86b01239 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c3f77995-279c-4333-96e9-df1155525854 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f53e649b-9399-4256-b875-7a32c17402c9 -SystemEventPortName:HostProcess-e9b15ca8-1e33-47d8-8ea0-a7ea91667e75 -IoCancelEventPortName:HostProcess-c59764a6-a304-46ed-a1e6-bc5b0932d4ac -NonStateChangingEventPortName:HostProcess-4b014364-dc05-4359-8fe2-fc355914dbc5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7bf4ef18-d1b1-41b1-84db-6d9ecd41da2b -DeviceGroupId:
"taskhost.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\lkalouskova\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=49.0.2623.112 --handshake-handle=0xd0
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3308.0.1466261230\1565794356" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,16,25,54 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3993 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/Control/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_14/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3308.1.261732758\644733857" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/Control/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_14/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3308.2.1258524717\1939058026" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/Control/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_14/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3308.3.578508462\1582331055" /prefetch:1
"C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe" --startup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe" --type=gpu-process --channel="4724.0.2009331943\1871060833" --no-sandbox --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,23,51 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3993 /prefetch:822062411
C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe --reporter-url=https://slack.com/apps/breakpad --application-name=Slack --v=1
"C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe" --type=renderer --no-sandbox --lang=cs --register-standard-schemes=slack-resources --app-user-model-id=com.squirrel.slack.slack --node-integration=true --preload="C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\resources\app.asar\src\static\index.js" --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4724.1.192967367\1176361698" /prefetch:673131151
"C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe" --type=renderer --no-sandbox --lang=cs --register-standard-schemes=slack-resources --app-user-model-id=com.squirrel.slack.slack --node-integration=true --preload="C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\resources\app.asar\src\static\index.js" --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4724.2.142330331\1702361372" /prefetch:673131151
"C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\slack.exe" --type=renderer --no-sandbox --lang=cs --register-standard-schemes=slack-resources --app-user-model-id=com.squirrel.slack.slack --node-integration=false --preload="C:\Users\lkalouskova\AppData\Local\slack\app-2.0.3\resources\app.asar\src\static\ssb-interop" --guest-instance-id=1 --enable-blink-features --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4724.3.47511190\1872489925" /prefetch:673131151
"C:\Program Files\Microsoft Office\Office15\UcMapi.exe" -Embedding
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\totalcmd\TOTALCMD.EXE"

C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3308.106.253488869\1471321583" --ppapi-flash-args --lang=cs --device-scale-factor=1 --ignored=" --type=renderer " /prefetch:3
taskeng.exe {D2DBCE0B-B6ED-47FB-8F9E-26DD3AC8621A}
"C:\Users\lkalouskova\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12 228552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2016-01-12 2348336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12 163016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-25 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01 629456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2014-01-21 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2016-01-12 1741104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-25 172640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18 141496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-11-12 1664000]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-07 2816240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Lync"=C:\Program Files\Microsoft Office\Office15\lync.exe [2016-01-12 27899592]
"GoogleChromeAutoLaunch_609F1BEA8E28D7C60BF5F7C43F5FADC2"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-04-06 874648]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [2015-12-18 1867448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30 508104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\lkalouskova\AppData\Local\Akamai\netsession_win.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\lkalouskova\AppData\Roaming\Seznam.cz\szninstall.exe -c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\lkalouskova\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_609F1BEA8E28D7C60BF5F7C43F5FADC2]
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-04-06 874648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPConnectionManager]
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2014-04-09 185144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2014-02-10 336672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\lkalouskova\AppData\Roaming\Spotify\Spotify.exe [2016-04-15 6855280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\lkalouskova\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2016-04-15 1525360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-09-17 292088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-07-22 708496]

C:\Users\lkalouskova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
Slack.lnk - C:\Users\lkalouskova\AppData\Local\slack\Update.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2016-04-21 10:25:43 ----D---- C:\rsit
2016-04-21 10:25:43 ----D---- C:\Program Files\trend micro
2016-04-19 15:23:23 ----SHD---- C:\$RECYCLE.BIN
2016-04-18 17:40:37 ----D---- C:\swsetup
2016-04-18 17:33:19 ----D---- C:\ProgramData\Synaptics
2016-04-18 11:48:31 ----A---- C:\Windows\ntbtlog.txt
2016-04-18 11:26:12 ----D---- C:\ProgramData\Malwarebytes
2016-04-15 12:24:44 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2016-04-15 12:07:47 ----D---- C:\Program Files\CCleaner
2016-04-12 13:46:19 ----D---- C:\Program Files\Common Files\AV
2016-04-12 13:18:54 ----D---- C:\Program Files (x86)\ESET
2016-03-29 10:36:01 ----D---- C:\Users\lkalouskova\AppData\Roaming\Sun

======List of files/folders modified in the last 1 month======

2016-04-21 10:25:43 ----RD---- C:\Program Files
2016-04-21 10:09:21 ----D---- C:\Windows\system32\config
2016-04-21 10:00:28 ----D---- C:\Windows\System32
2016-04-21 10:00:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-21 09:57:44 ----A---- C:\Windows\SYSWOW64\log.txt
2016-04-21 09:56:01 ----D---- C:\Windows\Temp
2016-04-21 09:55:58 ----D---- C:\Users\lkalouskova\AppData\Roaming\Slack
2016-04-20 14:57:58 ----D---- C:\Windows\inf
2016-04-20 14:53:56 ----D---- C:\ProgramData
2016-04-20 12:10:08 ----SHD---- C:\System Volume Information
2016-04-19 15:22:36 ----RD---- C:\Program Files (x86)
2016-04-19 15:22:36 ----D---- C:\Windows\Tasks
2016-04-19 15:21:18 ----D---- C:\Windows\Prefetch
2016-04-19 15:21:07 ----D---- C:\Windows
2016-04-19 15:17:59 ----D---- C:\Windows\system32\drivers
2016-04-19 11:05:41 ----SD---- C:\Users\lkalouskova\AppData\Roaming\Microsoft
2016-04-18 17:41:23 ----D---- C:\Windows\system32\catroot
2016-04-18 17:41:14 ----D---- C:\Windows\SysWOW64
2016-04-18 17:41:03 ----D---- C:\Windows\system32\catroot2
2016-04-18 17:41:01 ----D---- C:\Windows\system32\DriverStore
2016-04-18 17:09:30 ----D---- C:\Users\lkalouskova\AppData\Roaming\Spotify
2016-04-18 13:52:43 ----A---- C:\Windows\system.ini
2016-04-18 13:52:39 ----D---- C:\Windows\system32\drivers\etc
2016-04-18 13:50:52 ----D---- C:\Windows\SYSWOW64\drivers
2016-04-18 13:50:52 ----D---- C:\Windows\AppPatch
2016-04-18 13:50:51 ----D---- C:\Program Files (x86)\Common Files
2016-04-18 11:52:28 ----D---- C:\Windows\debug
2016-04-15 12:47:14 ----RSD---- C:\Windows\Fonts
2016-04-15 12:33:25 ----SHD---- C:\Windows\Installer
2016-04-15 12:33:24 ----D---- C:\Windows\system32\Tasks
2016-04-15 12:28:38 ----D---- C:\Users\lkalouskova\AppData\Roaming\Adobe
2016-04-15 12:26:06 ----D---- C:\ProgramData\Adobe
2016-04-15 12:23:24 ----D---- C:\Program Files (x86)\Adobe
2016-04-15 12:08:50 ----D---- C:\Windows\Panther
2016-04-15 12:08:50 ----D---- C:\Windows\Logs
2016-04-15 11:28:14 ----SD---- C:\ProgramData\Microsoft
2016-04-14 01:45:09 ----N---- C:\Windows\system32\MpSigStub.exe
2016-04-12 13:46:19 ----D---- C:\Program Files\Common Files
2016-04-08 11:43:14 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2013-07-30 31040]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-09-17 20464]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2013-07-30 43328]
R3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed; C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 198144]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-10-02 172760]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2012-11-28 482128]
R3 ecnssndis; Mobile Broadband Driver; C:\Windows\System32\Drivers\wwuss64.sys [2011-10-05 26664]
R3 ecnssndisfltr; Mobile Broadband Driver Filter; C:\Windows\System32\Drivers\wwussf64.sys [2011-10-05 29736]
R3 h36wgps;HP Mobile Broadband Module NMEA; C:\Windows\system32\DRIVERS\h36wgps64.sys [2012-03-01 103184]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2013-11-04 26936]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-12-04 3775416]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-12-04 454416]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2013-09-17 358896]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2013-09-17 795632]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2013-04-26 176880]
R3 Mbm3CBus;HP hs2350 HSPA+ Mobile Broadband Module USB Device (WDM); C:\Windows\system32\DRIVERS\Mbm3CBus.sys [2013-04-22 443648]
R3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM); C:\Windows\system32\DRIVERS\Mbm3DevMt.sys [2013-04-22 455936]
R3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter; C:\Windows\system32\DRIVERS\Mbm3mdfl.sys [2013-04-22 22272]
R3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver; C:\Windows\system32\DRIVERS\Mbm3Mdm.sys [2013-04-22 508160]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-13 62784]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\Netwsw00.sys [2012-06-03 11499008]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2015-07-16 2621128]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-11-12 543744]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2014-04-07 555760]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2015-07-22 129520]
S3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed; C:\Windows\system32\DRIVERS\amppal.sys [2012-03-15 198144]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2015-07-22 52592]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-04-05 2021592]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 659976]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-23 135952]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2014-02-10 683296]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2013-07-30 33600]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2014-12-04 318568]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-01-14 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-01-14 165336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-01-14 279000]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-11-12 327680]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-01-14 366040]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2015-07-22 563088]
R2 WMCoreService;Mobile Broadband Service; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [2012-10-18 689560]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29 154440]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-12-04 280680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29 154440]
S3 hpCMSrv;HP Connection Manager 4 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2014-04-09 1448248]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-01-22 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2014-01-23 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-09-22 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

[Roli]

Ještě jednou musíme trochu pouklízet.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\