VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o preventivku

https://forum.viry.cz:443/viewtopic.php?t=148885

Stránka 1 z 1

Prosím o preventivku

Napsal: 06 kvě 2016 09:59
od Hruzka
Ahoj, chtěla bych poprosit o preventivní kontrolu.
Zároveň už ale mám určité podezření na nějaký malware nebo něco podobného, respektive nevím, zda je mezi tím nějaká souvislost, ale před několika měsíci byla napadena moje stará emailová adresa na seznamu a od té doby jejím prostřednictvím dochází k odesílání nevyžádané pošty. Díky za pomoc.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jarka at 2016-05-06 10:57:29
Microsoft Windows 8.1
System drive C: has 46 GB (10%) free of 461 GB
Total RAM: 3535 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:31, on 6. 5. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jarka\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Jarka\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Users\Jarka\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Jarka\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Jarka\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files\trend micro\Jarka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 77.93.222.73 www.prihlas.se
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Jarka\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Jarka\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem41.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10206 bytes

======Listing Processes======





wininit.exe


C:\WINDOWS\system32\lsass.exe
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
atieclxx
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\WINDOWS\system32\Hpservice.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
dashost.exe {d591dcff-c057-4937-a3ae330fc8659a7f}
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
C:\WINDOWS\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\vcsFPService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ed725616-c748-47f8-82c6-b9a62b8fd0f8 -SystemEventPortName:HostProcess-09239924-2d86-42ad-aa6e-bfcf0adb88d0 -IoCancelEventPortName:HostProcess-234f05f6-bae7-438d-b4b6-0d2c08f519f1 -NonStateChangingEventPortName:HostProcess-36816456-1098-4855-aec6-8f3331e6d41e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8fe234bd-23d4-417e-abe0-c50f9423d8a0 -DeviceGroupId:
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ecf35ae6-2712-46d4-8b1e-7144fc0bd2ca -SystemEventPortName:HostProcess-833dfe3e-a140-4bc2-8b26-827e6f5e5ee8 -IoCancelEventPortName:HostProcess-be415f7a-6d28-41e3-a53c-e7c99ae808e2 -NonStateChangingEventPortName:HostProcess-94a90997-ce48-43d6-b003-283a6c8d8693 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a20ccaaf-56de-4d2c-beeb-75b425498191 -DeviceGroupId:WudfDefaultDevicePool
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\skydrive.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\System32\SettingSyncHost.exe" -Embedding

"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2661.94 --handshake-handle=0x150
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2452.0.1205278433\1782265803" --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,12,24,53,71 --gpu-vendor-id=0x1002 --gpu-device-id=0x9992 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.9001.1001 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/Control/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/NewSuggestType_A5_Stable_R2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_58/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_12/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="2452.1.543522254\542780304" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/Control/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A5_Stable_R2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_58/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_12/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="2452.2.1222108025\330871846" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A5_Stable_R2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_58/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_12/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="2452.3.2097424833\195730113" /prefetch:1
"C:\Users\Jarka\AppData\Roaming\Spotify\Spotify.exe"
"C:\Users\Jarka\AppData\Roaming\Spotify\SpotifyCrashService.exe"
"C:\Users\Jarka\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --channel="3772.0.874718169\1662304023" --no-sandbox --disable-d3d11 --enable-crash-reporter --lang=en-US --log-file="C:\Users\Jarka\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.28.87 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,23,51 --gpu-vendor-id=0x1002 --gpu-device-id=0x9992 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.9001.1001 --enable-crash-reporter --lang=en-US --log-file="C:\Users\Jarka\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.28.87 /prefetch:822062411
"C:\Users\Jarka\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"C:\Users\Jarka\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --disable-pinch --no-sandbox --lang=en-US --enable-crash-reporter --lang=en-US --log-file="C:\Users\Jarka\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.28.87 --disable-extensions --disable-spell-checking --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3772.1.1287307128\593727552" /prefetch:673131151
taskhost.exe
"C:\WINDOWS\FileManager\FileManager.exe" -ServerName:Microsoft.Windows.FileManager
"C:\Users\Jarka\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-06 462400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-06 173120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-10 351136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-30 2804976]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-09-20 1664000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"=C:\Users\Jarka\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2016-04-29 1525360]
"Spotify"=C:\Users\Jarka\AppData\Roaming\Spotify\Spotify.exe [2016-04-29 6890608]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-07-04 766688]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-08-29 334240]
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-16 364032]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-08-31 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2012-08-31 167024]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-06 6111312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2016-05-06 10:36:52 ----D---- C:\rsit
2016-05-06 09:43:29 ----D---- C:\NPE
2016-05-06 09:38:35 ----D---- C:\ProgramData\Norton
2016-05-02 10:51:29 ----A---- C:\WINDOWS\SYSWOW64\msvcr120_clr0400.dll
2016-05-02 10:51:29 ----A---- C:\WINDOWS\SYSWOW64\msvcp120_clr0400.dll
2016-05-02 10:51:29 ----A---- C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-05-02 10:51:29 ----A---- C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-05-01 20:41:05 ----D---- C:\Program Files\paint.net
2016-05-01 19:55:38 ----A---- C:\WINDOWS\SYSWOW64\aspnet_counters.dll
2016-05-01 19:55:38 ----A---- C:\WINDOWS\system32\aspnet_counters.dll
2016-04-13 07:52:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-04-13 07:52:22 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-04-13 07:52:19 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-04-13 07:52:18 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-04-13 07:52:17 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-04-13 07:52:17 ----A---- C:\WINDOWS\system32\wininet.dll
2016-04-13 07:52:17 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-04-13 07:52:16 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2016-04-13 07:52:16 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-04-13 07:52:16 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2016-04-13 07:52:16 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2016-04-13 07:52:15 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-04-13 07:52:15 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-04-13 07:52:14 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-04-13 07:52:14 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-04-13 07:52:14 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-04-13 07:52:12 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-04-13 07:52:12 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2016-04-13 07:52:12 ----A---- C:\WINDOWS\system32\webcheck.dll
2016-04-13 07:52:12 ----A---- C:\WINDOWS\system32\iepeers.dll
2016-04-13 07:52:12 ----A---- C:\WINDOWS\system32\dxtrans.dll
2016-04-13 07:52:11 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2016-04-13 07:52:11 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2016-04-13 07:52:11 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2016-04-13 07:52:11 ----A---- C:\WINDOWS\system32\vbscript.dll
2016-04-13 07:52:11 ----A---- C:\WINDOWS\system32\mshtmled.dll
2016-04-13 07:52:11 ----A---- C:\WINDOWS\system32\inetcomm.dll
2016-04-13 07:52:10 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2016-04-13 07:52:10 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2016-04-13 07:52:10 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-04-13 07:52:10 ----A---- C:\WINDOWS\system32\jscript.dll
2016-04-13 07:52:10 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-04-13 07:49:55 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2016-04-13 07:49:55 ----A---- C:\WINDOWS\system32\msxml3.dll
2016-04-13 07:49:53 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-04-13 07:49:53 ----A---- C:\WINDOWS\system32\ole32.dll
2016-04-13 07:49:50 ----A---- C:\WINDOWS\system32\samsrv.dll
2016-04-13 07:49:50 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-04-13 07:49:50 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-04-13 07:49:49 ----A---- C:\WINDOWS\SYSWOW64\samlib.dll
2016-04-13 07:49:49 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2016-04-13 07:49:49 ----A---- C:\WINDOWS\system32\samlib.dll
2016-04-13 07:49:49 ----A---- C:\WINDOWS\system32\drivers\mrxsmb20.sys
2016-04-13 07:49:49 ----A---- C:\WINDOWS\system32\drivers\mrxsmb10.sys
2016-04-13 07:49:49 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2016-04-13 07:49:49 ----A---- C:\WINDOWS\system32\certcli.dll
2016-04-13 07:48:08 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2016-04-13 07:48:08 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-13 07:48:07 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 07:48:07 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-04-13 07:48:06 ----A---- C:\WINDOWS\system32\winresume.exe
2016-04-13 07:48:06 ----A---- C:\WINDOWS\system32\winload.exe
2016-04-13 07:48:04 ----A---- C:\WINDOWS\system32\basesrv.dll
2016-04-13 07:48:00 ----A---- C:\WINDOWS\system32\win32k.sys
2016-03-10 17:29:09 ----A---- C:\WINDOWS\SYSWOW64\hlink.dll
2016-03-10 17:29:06 ----A---- C:\WINDOWS\system32\hlink.dll
2016-03-10 17:28:57 ----A---- C:\WINDOWS\system32\actxprxy.dll
2016-03-10 17:21:42 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-10 17:21:41 ----A---- C:\WINDOWS\SYSWOW64\glcndFilter.dll
2016-03-10 17:21:41 ----A---- C:\WINDOWS\system32\glcndFilter.dll
2016-03-10 17:21:40 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2016-03-10 17:20:08 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2016-03-10 17:20:08 ----A---- C:\WINDOWS\SYSWOW64\asycfilt.dll
2016-03-10 17:20:08 ----A---- C:\WINDOWS\system32\asycfilt.dll
2016-03-10 17:20:04 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2016-03-10 17:20:04 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2016-03-10 17:20:04 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2016-03-10 17:20:04 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2016-03-10 17:20:04 ----A---- C:\WINDOWS\system32\wuwebv.dll
2016-03-10 17:20:04 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-10 17:20:04 ----A---- C:\WINDOWS\system32\wudriver.dll
2016-03-10 17:20:04 ----A---- C:\WINDOWS\system32\wucltux.dll
2016-03-10 17:20:04 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-03-10 17:20:04 ----A---- C:\WINDOWS\system32\wuauclt.exe
2016-03-10 17:20:04 ----A---- C:\WINDOWS\system32\wuapp.exe
2016-03-10 17:20:04 ----A---- C:\WINDOWS\system32\wuapi.dll
2016-03-10 17:19:59 ----A---- C:\WINDOWS\system32\wmp.dll
2016-03-10 17:19:59 ----A---- C:\WINDOWS\system32\seclogon.dll
2016-03-10 17:19:58 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2016-03-10 17:19:57 ----A---- C:\WINDOWS\SYSWOW64\WMASF.DLL
2016-03-10 17:19:57 ----A---- C:\WINDOWS\system32\WMASF.DLL
2016-03-10 17:19:40 ----AC---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2016-03-10 17:18:44 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2016-03-10 17:18:44 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2016-03-10 17:18:44 ----A---- C:\WINDOWS\system32\atmlib.dll
2016-03-10 17:18:44 ----A---- C:\WINDOWS\system32\atmfd.dll
2016-03-10 17:18:43 ----A---- C:\WINDOWS\SYSWOW64\mfds.dll
2016-03-10 17:18:43 ----A---- C:\WINDOWS\system32\mfds.dll
2016-02-16 16:16:33 ----D---- C:\Program Files\Strogino CS Portal
2016-02-10 09:29:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2016-02-10 09:29:33 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2016-02-10 09:29:33 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-02-10 09:29:33 ----A---- C:\WINDOWS\system32\combase.dll
2016-02-10 09:29:32 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2016-02-10 09:29:32 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2016-02-10 09:29:32 ----A---- C:\WINDOWS\system32\WinTypes.dll
2016-02-10 09:29:17 ----A---- C:\WINDOWS\system32\drivers\mrxdav.sys
2016-02-10 09:29:16 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2016-02-10 09:29:16 ----A---- C:\WINDOWS\system32\kerberos.dll
2016-02-10 09:29:14 ----A---- C:\WINDOWS\SYSWOW64\WinSync.dll
2016-02-10 09:29:14 ----A---- C:\WINDOWS\system32\WinSync.dll
2016-02-10 09:29:08 ----A---- C:\WINDOWS\SYSWOW64\EncDec.dll
2016-02-10 09:29:08 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2016-02-10 09:29:08 ----A---- C:\WINDOWS\system32\EncDec.dll
2016-02-10 09:29:08 ----A---- C:\WINDOWS\system32\CPFilters.dll
2016-02-10 09:29:07 ----A---- C:\WINDOWS\SYSWOW64\mtxoci.dll
2016-02-10 09:29:07 ----A---- C:\WINDOWS\SYSWOW64\msorcl32.dll
2016-02-10 09:29:07 ----A---- C:\WINDOWS\SYSWOW64\cfgbkend.dll
2016-02-10 09:29:07 ----A---- C:\WINDOWS\system32\mtxoci.dll
2016-02-10 09:29:07 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 09:27:38 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-02-10 09:27:38 ----A---- C:\WINDOWS\system32\rdpcorets.dll

======List of files/folders modified in the last 3 months======

2016-05-06 10:57:30 ----D---- C:\Program Files\trend micro
2016-05-06 10:54:31 ----D---- C:\Users\Jarka\AppData\Roaming\Spotify
2016-05-06 10:48:03 ----D---- C:\WINDOWS\Prefetch
2016-05-06 10:47:47 ----D---- C:\Users\Jarka\AppData\Roaming\Dropbox
2016-05-06 10:31:29 ----D---- C:\WINDOWS\AppReadiness
2016-05-06 10:31:28 ----HD---- C:\Program Files\WindowsApps
2016-05-06 10:29:05 ----D---- C:\Users\Jarka\AppData\Roaming\BitTorrent
2016-05-06 10:28:53 ----D---- C:\WINDOWS\Temp
2016-05-06 10:28:53 ----D---- C:\WINDOWS\SoftwareDistribution
2016-05-06 10:28:53 ----D---- C:\WINDOWS\Inf
2016-05-06 10:28:53 ----D---- C:\WINDOWS\debug
2016-05-06 10:28:53 ----D---- C:\Windows
2016-05-06 10:27:25 ----A---- C:\WINDOWS\SYSWOW64\bscs.ini
2016-05-06 10:24:09 ----A---- C:\WINDOWS\SYSWOW64\LOCALSERVICE.INI
2016-05-06 10:24:09 ----A---- C:\WINDOWS\SYSWOW64\LOCALDEVICE.INI
2016-05-06 10:09:50 ----SHD---- C:\WINDOWS\Installer
2016-05-06 10:09:50 ----HD---- C:\Config.Msi
2016-05-06 10:09:49 ----D---- C:\Program Files (x86)\Common Files
2016-05-06 10:09:26 ----D---- C:\WINDOWS\SysWOW64
2016-05-06 10:08:57 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2016-05-06 10:08:32 ----D---- C:\Program Files (x86)\Java
2016-05-06 10:03:55 ----D---- C:\Program Files (x86)\Ubisoft
2016-05-06 10:02:16 ----D---- C:\Program Files (x86)\MyHeritage
2016-05-06 10:01:36 ----RD---- C:\Program Files (x86)
2016-05-06 10:00:11 ----D---- C:\WINDOWS\system32\sru
2016-05-06 09:55:22 ----D---- C:\WINDOWS\system32\drivers
2016-05-06 09:55:21 ----HD---- C:\ProgramData
2016-05-06 05:48:01 ----D---- C:\WINDOWS\Microsoft.NET
2016-05-05 18:39:31 ----D---- C:\WINDOWS\system32\config
2016-05-05 14:23:14 ----D---- C:\Program Files (x86)\Opera
2016-05-05 14:23:13 ----D---- C:\WINDOWS\system32\Tasks
2016-05-03 10:39:00 ----D---- C:\WINDOWS\WinSxS
2016-05-03 09:32:55 ----RD---- C:\WINDOWS\System32
2016-05-03 05:40:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-02 10:52:51 ----D---- C:\WINDOWS\CbsTemp
2016-05-02 08:59:57 ----D---- C:\JARKA
2016-05-01 22:07:19 ----D---- C:\WINDOWS\rescache
2016-05-01 20:46:12 ----RSD---- C:\WINDOWS\assembly
2016-05-01 20:41:46 ----D---- C:\WINDOWS\system32\catroot2
2016-05-01 20:41:05 ----RD---- C:\Program Files
2016-05-01 20:40:42 ----SHD---- C:\System Volume Information
2016-04-29 13:59:22 ----D---- C:\Users\Jarka\AppData\Roaming\TeamViewer
2016-04-29 13:59:22 ----D---- C:\Users\Jarka\AppData\Roaming\DAEMON Tools Lite
2016-04-24 19:12:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-04-24 19:12:58 ----D---- C:\Program Files (x86)\Electronic Arts
2016-04-13 09:49:23 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-04-13 09:49:23 ----D---- C:\WINDOWS\system32\wbem
2016-04-13 09:49:23 ----D---- C:\WINDOWS\system32\cs-CZ
2016-04-13 09:49:23 ----D---- C:\Program Files\Internet Explorer
2016-04-13 09:49:23 ----D---- C:\Program Files (x86)\Internet Explorer
2016-04-13 08:34:16 ----D---- C:\ProgramData\Microsoft Help
2016-04-13 08:31:20 ----D---- C:\WINDOWS\system32\MRT
2016-04-13 08:24:10 ----A---- C:\WINDOWS\system32\MRT.exe
2016-04-09 15:30:51 ----D---- C:\WINDOWS\system32\NDF
2016-04-09 07:27:50 ----D---- C:\Users\Jarka\AppData\Roaming\vlc
2016-04-05 23:53:01 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-04-02 20:50:32 ----D---- C:\WINDOWS\system32\DriverStore
2016-03-31 13:26:02 ----D---- C:\Program Files (x86)\TeamViewer
2016-03-20 22:05:14 ----RSD---- C:\WINDOWS\Fonts
2016-02-22 22:05:16 ----D---- C:\WINDOWS\Logs
2016-02-16 16:40:20 ----D---- C:\ProgramData\Package Cache
2016-02-13 10:48:46 ----D---- C:\Program Files\Windows Journal

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [2012-07-23 79528]
R0 amd_xata;amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [2012-07-23 26280]
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-07-29 65224]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-07-29 274808]
R0 hpdskflt;@oem41.inf,%service_desc%;HP Filter; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2012-08-22 31040]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2015-11-06 1059656]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2015-11-06 449992]
R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2013-09-20 59648]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-07-29 28656]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-07-29 90968]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2014-04-16 312480]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2014-04-16 43168]
R3 Accelerometer;@oem41.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2012-08-22 43328]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2014-07-21 13209088]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2014-07-21 626688]
R3 AtiHDAudioService;@oem10.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdW86.sys [2012-07-17 98472]
R3 BtAudioBusSrv;@oem6.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2014-11-21 53248]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [2012-07-20 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-11-21 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2014-11-21 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-11-21 81920]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [2012-08-14 48736]
R3 clwvd;@oem15.inf,%clwvd.DeviceDesc%;CyberLink Webcam Sharing Manager; C:\WINDOWS\system32\DRIVERS\clwvd.sys [2012-08-28 40944]
R3 dtsoftbus01;@oem37.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2014-02-15 283200]
R3 HpqKbFiltr;@oem32.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [2012-08-28 26504]
R3 JMCR;JMCR; C:\WINDOWS\System32\drivers\jmcr.sys [2012-07-31 175928]
R3 netr28x;@oem38.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2014-11-21 167424]
R3 rtbth;@oem36.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\WINDOWS\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;Služba Reflektor UMDF pro knihovnu SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
R3 SPUVCbv;@oem11.inf,%SPUVCb.ServiceName%;SPUVCb Driver Service; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [2012-09-23 1064184]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [2012-09-20 543744]
R3 SynTP;@oem31.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-11-21 1198080]
S3 dg_ssudbus;@oem35.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 dot4;@oem27.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem39.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\drivers\Dot4Prt.sys [2015-03-23 21928]
S3 dot4usb;@oem27.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 ssudmdm;@oem33.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 usb_rndisx;@netrndis.inf,%usb_rndis.Service.DispName%;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-08-22 20992]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2014-11-21 44544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2014-07-21 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-07-04 344064]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-07-29 146600]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-15 1578496]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-08-15 85504]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-08-29 523680]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\syswow64\svchost.exe [2014-11-21 33088]
R2 hpsrv;@oem41.inf,%hpservice_desc%;HP Service; C:\WINDOWS\system32\Hpservice.exe [2012-08-22 33600]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2014-11-21 38792]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2014-11-21 38792]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-09-20 323072]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-03-02 6942480]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-08-15 138752]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\syswow64\svchost.exe [2014-11-21 33088]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-11 1001376]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-05-01 51376]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [2013-08-22 36992]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\WINDOWS\System32\drivers\bthhfenum.sys [2014-11-21 57856]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\WINDOWS\System32\drivers\BthHFHid.sys [2013-08-22 30720]
S4 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-11-21 38792]

-----------------EOF-----------------

Re: Prosím o preventivku

Napsal: 06 kvě 2016 11:53
od Márty84
Zdravim :)

:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Re: Prosím o preventivku

Napsal: 06 kvě 2016 12:27
od Hruzka
Tak prozatím log z AdwCleaneru, log z MBAM dodám hned jak to doběhne :)

# AdwCleaner v5.115 - Log soubor vytvořen 06/05/2016 o 13:09:49
# Aktualizováno 01/05/2016 by Xplode
# Databáze : 2016-05-04.2 [Server]
# Operační systém : Windows 8.1 (X64)
# Jméno uživatele : Jarka - MILÁÁÁÁŠEK
# Spuštěno z : C:\Users\Jarka\Desktop\adwcleaner_5.115.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****


***** [ Soubory ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****


***** [ Webové prohlížeče ] *****

[-] [C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] smazáno : any-gif-animator.en.softonic.com

*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [912 bytes] - [06/05/2016 13:09:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [951 bytes] - [06/05/2016 13:06:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1056 bytes] ##########

Re: Prosím o preventivku

Napsal: 06 kvě 2016 18:13
od Hruzka
Tak to vypadá, že je asi všechno v pořádku?

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 6. 5. 2016
Čas skenování: 13:27
Protokol:
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.05.06.03
Databáze rootkitů: v2016.04.17.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Jarka

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 710069
Uplynulý čas: 5 hod, 22 min, 30 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: Prosím o preventivku

Napsal: 06 kvě 2016 18:44
od Márty84
Hruzka píše:Tak to vypadá, že je asi všechno v pořádku?
Nepredbihejme, procistime to poradne a pak se uvidi. Po docisteni bude treba tan mail preheslovat. Ale to az pak.


:arrow: Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach :)

Re: Prosím o preventivku

Napsal: 07 kvě 2016 08:14
od Hruzka
Márty84 píše:
Hruzka píše: Po docisteni bude treba tan mail preheslovat.
Ten dotyčný email od té doby už aktivně nepoužívám, přeheslovala jsem ho a jen ho občas zkontroluji, časem plánuji jeho úplné zrušení.. Každopádně zdá se, že změna hesla nepomohla a nadále se přes něj rozesílá spam.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 03
Ran by Jarka (administrator) on MILÁÁÁÁŠEK (07-05-2016 08:50:50)
Running from C:\Users\Jarka\Desktop
Loaded Profiles: Jarka (Available Profiles: Jarka & Administrator)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\bcdedit.exe
(Spotify Ltd) C:\Users\Jarka\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Jarka\AppData\Roaming\BitTorrent\BitTorrent.exe
(BitTorrent Inc.) C:\Users\Jarka\AppData\Roaming\BitTorrent\updates\7.9.6_42179\utorrentie.exe
(BitTorrent Inc.) C:\Users\Jarka\AppData\Roaming\BitTorrent\updates\7.9.6_42179\utorrentie.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-20] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-08-31] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167024 2012-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-1134397532-792521543-4184498135-1002\...\Run: [Spotify Web Helper] => C:\Users\Jarka\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-29] (Spotify Ltd)
HKU\S-1-5-21-1134397532-792521543-4184498135-1002\...\Run: [Spotify] => C:\Users\Jarka\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-29] (Spotify Ltd)
HKU\S-1-5-21-1134397532-792521543-4184498135-1002\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-1134397532-792521543-4184498135-1002\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-21-1134397532-792521543-4184498135-1002\...\MountPoints2: {3061354a-3040-11e5-bf00-a417311a0fa9} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-1134397532-792521543-4184498135-1002\...\MountPoints2: {534ee1e0-9628-11e3-be90-b4b52f913f13} - "G:\Autorun.exe"
HKU\S-1-5-21-1134397532-792521543-4184498135-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Fliqlo.scr [679936 2015-08-15] (ScreenTime Media)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-29] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 77.93.222.73 http://www.prihlas.se
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C40C9EE-04D1-4D28-89D3-3B0E9B42E1C0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8A59FA6F-92DA-4CB3-984A-62CDE1CBDA40}: [DhcpNameServer] 172.168.0.2

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-06] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-10] (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-08-14] (Skype Technologies)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Překladač Google) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-19]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-11-04]
CHR Extension: (Duolingo on the Web) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-12-19]
CHR Extension: (Angry Birds) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-15]
CHR Extension: (CacheList) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhhdbdhoghppijbjfdkiaconkmfbbpa [2016-01-05]
CHR Extension: (Dokumenty Google) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Kulečník - Osmičky) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2013-10-14]
CHR Extension: (Vyhledávání Google) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kalendář Google) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (XKit) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-10-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2014-12-29]
CHR Extension: (AdBlock) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-19]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-03-15]
CHR Extension: (goo.gl URL Shortener) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-11-17]
CHR Extension: (New XKit) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-10-14]
CHR Extension: (Typing Test - KeyHero) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2014-07-31]
CHR Extension: (A Crack in Time and Space) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmpbeckibaikflbnegjemaegnpbgjol [2015-01-01]
CHR Extension: (Momentum) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-04-19]
CHR Extension: (Mapy Google) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Cambridge Dictionaries Online) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaioomolanclklopkbfkhbmjeddbgdbj [2015-08-29]
CHR Extension: (Weather Underground) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-05-12]
CHR Extension: (Gmail) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\annopcfmbiofommjmcmcfmhklhgbhkce [2015-12-08]
CHR Extension: (Google Docs) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-08]
CHR Extension: (Google Drive) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-08]
CHR Extension: (YouTube) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-08]
CHR Extension: (Google Search) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08]
CHR Extension: (Google Sheets) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-08]
CHR Extension: (Google Docs Offline) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-09]
CHR Extension: (Gmail) - C:\Users\Jarka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-29] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-15] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-15] (IVT Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-29] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-04-16] ()
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFSrv; C:\Windows\System32\svchost.exe [38792 2014-11-21] (Microsoft Corporation)
U4 BthHFSrv; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-11-21] (Microsoft Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-20] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2015-03-23] (Windows (R) Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2014-02-15] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-04-16] ()
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [462304 2016-03-24] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-04] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-07 08:50 - 2016-05-07 08:50 - 00000000 ____D C:\Users\Jarka\Desktop\FRST-OlderVersion
2016-05-06 19:50 - 2016-05-07 08:50 - 00022184 _____ C:\Users\Jarka\Desktop\FRST.txt
2016-05-06 19:49 - 2016-05-07 08:50 - 00000000 ____D C:\FRST
2016-05-06 19:47 - 2016-05-07 08:50 - 02379264 _____ (Farbar) C:\Users\Jarka\Desktop\FRST64.exe
2016-05-06 19:27 - 2016-05-06 19:27 - 00431382 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2016-05-06 19:27 - 2016-05-06 19:27 - 00000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2016-05-06 19:27 - 2016-05-06 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-05-06 19:26 - 2016-05-06 19:27 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2016-05-06 19:26 - 2016-05-06 19:26 - 00000000 ____D C:\ProgramData\CheckPoint
2016-05-06 16:42 - 2016-05-06 16:42 - 00000000 ____D C:\Users\Jarka\Downloads\Orphan.Black.S04E04.HDTV.x264-FLEET[rarbg]
2016-05-06 16:41 - 2016-05-06 16:41 - 00002731 _____ C:\Users\Jarka\Desktop\BitTorrent.lnk
2016-05-06 13:22 - 2016-05-06 13:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-06 13:21 - 2016-05-06 13:23 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-06 13:21 - 2016-05-06 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-06 13:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-06 13:21 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-06 13:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-06 13:06 - 2016-05-06 13:17 - 00000000 ____D C:\AdwCleaner
2016-05-06 13:04 - 2016-05-06 13:04 - 03615296 _____ C:\Users\Jarka\Desktop\adwcleaner_5.115.exe
2016-05-06 10:36 - 2016-05-06 10:41 - 00000000 ____D C:\rsit
2016-05-06 10:35 - 2016-05-06 10:35 - 01222144 _____ C:\Users\Jarka\Desktop\RSITx64.exe
2016-05-06 09:43 - 2016-05-06 09:49 - 00000000 ____D C:\NPE
2016-05-06 09:38 - 2016-05-06 09:55 - 00000000 ____D C:\Users\Jarka\AppData\Local\NPE
2016-05-06 09:38 - 2016-05-06 09:38 - 00000000 ____D C:\ProgramData\Norton
2016-05-04 12:17 - 2016-05-06 22:58 - 00000000 ____D C:\Users\Jarka\AppData\LocalLow\BitTorrent
2016-05-02 10:51 - 2016-01-08 01:42 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-05-02 10:51 - 2016-01-08 01:42 - 00987848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-05-02 10:51 - 2016-01-08 01:42 - 00690016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-05-02 10:51 - 2016-01-08 01:42 - 00484552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-05-01 20:41 - 2016-05-01 20:41 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-05-01 20:41 - 2016-05-01 20:41 - 00001214 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-05-01 20:41 - 2016-05-01 20:41 - 00000000 ____D C:\Program Files\paint.net
2016-05-01 20:39 - 2016-05-01 20:51 - 00000000 ____D C:\Users\Jarka\AppData\Local\paint.net
2016-05-01 19:55 - 2016-05-01 19:55 - 00030400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-05-01 19:55 - 2016-05-01 19:55 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-04-24 15:38 - 2016-04-24 15:38 - 00002110 _____ C:\Users\Public\Desktop\The Sims™ 3.lnk
2016-04-13 07:52 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 07:52 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-13 07:52 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-13 07:52 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-13 07:52 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-13 07:52 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 07:52 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-13 07:52 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-13 07:52 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-13 07:52 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-13 07:52 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-13 07:52 - 2016-03-31 01:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-13 07:52 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-13 07:52 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-13 07:52 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-13 07:52 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-13 07:52 - 2016-03-31 01:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-13 07:52 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-13 07:52 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 07:52 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-13 07:52 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 07:52 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-13 07:52 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-13 07:52 - 2016-03-31 01:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-13 07:52 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-13 07:52 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-13 07:52 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-13 07:52 - 2016-03-31 01:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-13 07:52 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 07:52 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 07:52 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-13 07:52 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 07:52 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 07:52 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-13 07:49 - 2016-03-16 01:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 07:49 - 2016-03-15 16:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 07:49 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 07:49 - 2016-03-10 20:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-13 07:49 - 2016-03-10 20:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-13 07:49 - 2016-03-10 20:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-13 07:49 - 2016-03-10 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-13 07:49 - 2016-03-10 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-13 07:49 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 07:49 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 07:49 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 07:49 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 07:49 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-13 07:49 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-13 07:48 - 2016-03-29 16:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-04-13 07:48 - 2016-03-03 21:28 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 07:48 - 2016-03-03 21:27 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-13 07:48 - 2016-03-03 21:27 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 07:48 - 2016-03-03 21:27 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 07:48 - 2016-03-03 21:27 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 07:48 - 2016-03-03 21:27 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 07:48 - 2016-03-03 20:38 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-13 07:48 - 2016-03-03 20:29 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-13 07:48 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-07 08:54 - 2013-10-15 19:28 - 00000000 ____D C:\Users\Jarka\AppData\Roaming\BitTorrent
2016-05-07 08:50 - 2015-08-29 01:27 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-06 22:58 - 2015-02-10 23:35 - 00000000 ____D C:\Users\Jarka\AppData\Local\Spotify
2016-05-06 22:57 - 2015-02-10 23:33 - 00000000 ____D C:\Users\Jarka\AppData\Roaming\Spotify
2016-05-06 19:52 - 2012-08-16 03:46 - 00000787 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-05-06 19:48 - 2012-12-12 08:04 - 00004524 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2016-05-06 19:48 - 2012-12-12 08:04 - 00000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2016-05-06 19:38 - 2013-10-23 21:31 - 00000000 ____D C:\Users\Jarka\AppData\Roaming\TeamViewer
2016-05-06 19:33 - 2013-10-23 21:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-06 19:27 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-06 18:50 - 2015-08-29 01:27 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-06 17:41 - 2013-10-14 21:09 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1134397532-792521543-4184498135-1002
2016-05-06 13:23 - 2015-08-07 18:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-06 13:14 - 2015-07-29 07:25 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-05-06 13:13 - 2015-07-29 12:35 - 00000000 __RDO C:\Users\Jarka\OneDrive
2016-05-06 13:11 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-06 13:11 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-06 11:28 - 2013-11-28 20:57 - 12183552 ___SH C:\Users\Jarka\Desktop\Thumbs.db
2016-05-06 10:57 - 2015-08-08 08:45 - 00000000 ____D C:\Program Files\trend micro
2016-05-06 10:47 - 2014-01-12 17:13 - 00000000 ____D C:\Users\Jarka\AppData\Roaming\Dropbox
2016-05-06 10:31 - 2013-10-14 15:59 - 00000000 ____D C:\Users\Jarka\AppData\Local\Packages
2016-05-06 10:31 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-06 10:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-06 10:09 - 2015-10-14 10:03 - 00000000 ____D C:\Users\Jarka\.oracle_jre_usage
2016-05-06 10:09 - 2014-09-18 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-06 10:08 - 2014-09-18 12:23 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-05-06 10:08 - 2014-09-18 12:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-06 10:03 - 2014-02-21 20:39 - 00000000 ____D C:\Users\Jarka\AppData\Local\Ubisoft Game Launcher
2016-05-06 10:03 - 2014-02-21 20:39 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-05-06 10:02 - 2013-11-30 14:26 - 00000000 ____D C:\Program Files (x86)\MyHeritage
2016-05-05 14:23 - 2015-05-21 11:26 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-05-05 14:23 - 2014-07-04 11:05 - 00003850 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1397419789
2016-05-05 14:23 - 2014-04-13 22:09 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-03 11:04 - 2015-07-28 11:50 - 00000000 ____D C:\Users\Jarka
2016-05-03 05:40 - 2014-11-21 06:53 - 01934988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-03 05:40 - 2014-11-21 06:10 - 00802206 _____ C:\WINDOWS\system32\perfh005.dat
2016-05-03 05:40 - 2014-11-21 06:10 - 00183700 _____ C:\WINDOWS\system32\perfc005.dat
2016-05-02 10:52 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-02 08:59 - 2015-08-08 11:12 - 00000000 ____D C:\JARKA
2016-05-01 22:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-04-29 13:59 - 2014-02-15 17:20 - 00000000 ____D C:\Users\Jarka\AppData\Roaming\DAEMON Tools Lite
2016-04-28 19:53 - 2013-10-14 21:17 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-28 19:53 - 2013-10-14 21:17 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-25 08:30 - 2014-06-15 14:35 - 00000000 ____D C:\Users\Jarka\AppData\Local\Last.fm
2016-04-24 19:12 - 2014-05-07 23:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2016-04-24 19:12 - 2012-11-22 15:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-24 16:00 - 2014-05-07 23:24 - 00000000 ____D C:\Users\Jarka\Documents\Electronic Arts
2016-04-17 08:02 - 2015-11-17 23:24 - 00000000 _____ C:\Users\Jarka\Desktop\17.4..txt
2016-04-13 09:57 - 2013-08-22 16:44 - 00491784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 08:31 - 2013-10-16 09:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 08:24 - 2013-10-16 09:44 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 14:41 - 2013-10-14 21:22 - 00000000 ____D C:\Users\Jarka\AppData\Local\ElevatedDiagnostics
2016-04-09 15:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-09 07:27 - 2014-06-07 22:19 - 00000000 ____D C:\Users\Jarka\AppData\Roaming\vlc
2016-04-08 10:31 - 2013-11-03 20:42 - 00127952 _____ C:\Users\Jarka\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2014-04-02 22:05 - 2014-04-02 22:37 - 0001162 _____ () C:\Users\Jarka\AppData\Roaming\gnuplot_history
2014-08-15 12:42 - 2015-12-25 10:34 - 0000553 _____ () C:\Users\Jarka\AppData\Roaming\koukou.ini
2014-03-06 19:14 - 2014-08-15 13:08 - 0000600 _____ () C:\Users\Jarka\AppData\Roaming\winscp.rnd
2015-02-04 12:51 - 2015-02-04 12:51 - 0000000 _____ () C:\Users\Jarka\AppData\Local\BIT85AF.tmp
2014-12-29 00:33 - 2014-12-29 00:33 - 0006815 _____ () C:\Users\Jarka\AppData\Local\recently-used.xbel
2015-02-04 12:33 - 2015-02-04 12:33 - 0000000 _____ () C:\Users\Jarka\AppData\Local\{07BC0079-007B-4998-B668-0A66E055015E}
2015-01-09 18:55 - 2015-01-09 18:55 - 0000000 _____ () C:\Users\Jarka\AppData\Local\{B74CCA1F-088D-4EE1-BD6F-653AE28C9C2C}
2013-11-28 14:00 - 2015-08-09 11:18 - 0010667 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Jarka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy2ech5.dll
C:\Users\Jarka\AppData\Local\Temp\jre-8u91-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.


LastRegBack: 2016-05-06 17:42

==================== End of FRST.txt ============================

Re: Prosím o preventivku

Napsal: 07 kvě 2016 10:01
od Márty84
Nikde havet nevidim. Heslo mohlo byt prozrazeno treba pri prihlaseni na mail na jinem pc (nebo se prihlasujete vzdy jen z jednoho konkretniho stroje?) napr u znamych atd., takze problem nemusi byt v tom vasem. Kazdopadne ho znovu preheslujte.


:arrow: Zkontrolujte velikost adresare plochy.


:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:E20A635C [754]

S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Re: Prosím o preventivku

Napsal: 07 kvě 2016 10:43
od Hruzka
Je to možné, přeheslováno :)
Velikost plochy: 14,3 MB


Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03
Ran by Jarka (2016-05-07 11:22:44) Run:1
Running from C:\Users\Jarka\Desktop
Loaded Profiles: Jarka (Available Profiles: Jarka & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:E20A635C [754]

S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\ProgramData\Temp => ":E20A635C" ADS removed successfully.
gupdate => service removed successfully
gupdatem => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 566.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:24:15 ====

Re: Prosím o preventivku

Napsal: 07 kvě 2016 11:58
od Márty84
Hruzka píše:Velikost plochy: 14,3 MB
Parada :thumbsup:


:!: Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

:arrow:
vyosek píše: :arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remove disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

:arrow: Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak to s pc vypada. Pokud vse pujde jak ma, mame hotovo :)

Re: Prosím o preventivku

Napsal: 07 kvě 2016 12:37
od Hruzka
Márty84 píše: :arrow: Defragmentujte disk(y) (SSD Disky ne!)
Ehm, nějak jsem zapomněla jak poznám jestli mám SSD? :oops:
Obrázek
Je to v pořádku? Mohu přejít k té defragmentaci?

Re: Prosím o preventivku

Napsal: 07 kvě 2016 15:57
od Márty84
Pokud mate SSD, mel by vam Defraggler sam napsat, ze neni potreba defragmentovat :-)

Re: Prosím o preventivku

Napsal: 07 kvě 2016 18:02
od Hruzka
Tak jsem spustila defragmentaci, ale vypadá to na hodně dlouho - je to v normální/v pořádku? (Pravdou je, že když jsem jí prováděla tak před více jak půl rokem, tak to taky ale trvalo celou noc..)

Obrázek

Re: Prosím o preventivku

Napsal: 07 kvě 2016 18:59
od Márty84
Ano, je to normalni. Kdyz se defragmentace delsi dobu nedelala, muze to opravdu trvat treba i dva dny. Na druhou stranu ten casovy odhad nebyva zdaleka presny, takze to muze byt hotove za par hodin :)

Re: Prosím o preventivku

Napsal: 08 kvě 2016 18:55
od Hruzka
Tak defragmentace a i ten zbytek úspěšně dokončen. Zdá se tedy, že je vše snad bez problémů..Moc děkuji za kontrolu a pomoc! :)

Re: Prosím o preventivku

Napsal: 09 kvě 2016 01:38
od Márty84
Nemate vubec zac, rado se stalo! :)

Kdyby neco, staci se ozvat, budem tady ;-)

Mejte se krasne a treba zase nekdy :bye:

:closed:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz