VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=149131

Stránka 1 z 2

Prosím o kontrolu logu

Napsal: 04 čer 2016 17:25
od rebrma
Zdravím

prosím o kontrolu logu.

Stáhl jsem si nějaký "bordel" společně se SW na procházení souborů v telefonu.

Ve firefoxu mi vyskakují popupy s reklamama na Project oreon, bet365 atd atd....

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:21:20, on 4.6.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 46.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Freerider\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [wermgr] C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
O4 - HKUS\S-1-5-21-670735467-1812237546-1025010430-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-670735467-1812237546-1025010430-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{88154AED-AA65-4AD3-A39D-2147F91873DD}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6744DE0-B6F3-43F0-A204-2A273F988B83}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: NVIDIA WMI Provider (NVWMI) - Unknown owner - C:\Windows\system32\nvwmi64.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\SysWOW64\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\SysWOW64\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12755 bytes
Děkuji a budu rád za pomoc při postupu na odstranění.

Re: Prosím o kontrolu logu

Napsal: 04 čer 2016 18:09
od Rudy
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis je už za zenitem.

Re: Prosím o kontrolu logu

Napsal: 04 čer 2016 23:29
od rebrma
Děkuji, posílám nové logy.

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by Freerider (administrator) on FREERIDER-PC (05-06-2016 00:23:56)
Running from C:\Users\Freerider\Desktop
Loaded Profiles: Freerider & UpdatusUser (Available Profiles: Freerider & UpdatusUser & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(forum.viry.cz) C:\Users\Freerider\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-08-16] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2016-01-29] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2016-02-21]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.50.1 192.168.0.1
Tcpip\..\Interfaces\{245DB6AB-B2FF-4780-8706-2B647C90DB86}: [DhcpNameServer] 192.168.50.1 192.168.0.1
Tcpip\..\Interfaces\{42529813-341E-41E9-A485-4EED32048929}: [DhcpNameServer] 192.168.50.1 192.168.0.1
Tcpip\..\Interfaces\{88154AED-AA65-4AD3-A39D-2147F91873DD}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{F6744DE0-B6F3-43F0-A204-2A273F988B83}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-670735467-1812237546-1025010430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-670735467-1812237546-1025010430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-05-26] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-15] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-05-26] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-15] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Freerider\AppData\Roaming\Mozilla\Firefox\Profiles\dwgkbtnp.default
FF NetworkProxy: "http", "217.20.83.130"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Extension: Find and Replace for FireFox - C:\Users\Freerider\AppData\Roaming\Mozilla\Firefox\Profiles\dwgkbtnp.default\extensions\findandreplace@notreal.org.xpi [2016-05-04]
FF Extension: colorPicker - C:\Users\Freerider\AppData\Roaming\Mozilla\Firefox\Profiles\dwgkbtnp.default\Extensions\colorPicker@colorPicker.xpi [2016-04-27]
FF Extension: Firebug - C:\Users\Freerider\AppData\Roaming\Mozilla\Firefox\Profiles\dwgkbtnp.default\Extensions\firebug@software.joehewitt.com.xpi [2016-03-31]
FF Extension: Adblock Plus - C:\Users\Freerider\AppData\Roaming\Mozilla\Firefox\Profiles\dwgkbtnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]

Chrome: 
=======
CHR Profile: C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20]
CHR Extension: (Dokumenty Google) - C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20]
CHR Extension: (Disk Google) - C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]
CHR Extension: (YouTube) - C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]
CHR Extension: (Vyhledávání Google) - C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]
CHR Extension: (Tabulky Google) - C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-20]
CHR Extension: (Gmail) - C:\Users\Freerider\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-16] (SurfRight B.V.)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-21] (Microsoft Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6237800 2010-04-30] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2701880 2016-01-29] ()
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [242224 2016-05-25] (Microsoft Corporation) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-21] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [48464 2015-06-29] (Dell Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-14] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-30] ()
S2 HOSTNT; C:\Windows\SysWow64\Drivers\HOSTNT.sys [4032 2016-03-30] () [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-21] (Microsoft Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2016-04-02] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2016-04-02] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2016-04-02] (Acronis International GmbH)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-08-14] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-05 00:23 - 2016-06-05 00:24 - 00020732 _____ C:\Users\Freerider\Desktop\FRST.txt
2016-06-05 00:22 - 2016-06-05 00:22 - 00112640 _____ (forum.viry.cz) C:\Users\Freerider\Desktop\FRSTLauncher.exe
2016-06-05 00:20 - 2016-06-05 00:23 - 00000000 ____D C:\FRST
2016-06-05 00:20 - 2016-06-05 00:20 - 02384384 _____ (Farbar) C:\Users\Freerider\Desktop\FRST64.exe
2016-06-04 18:29 - 2016-06-04 18:29 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-04 18:20 - 2016-06-04 18:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Freerider\Downloads\HijackThis.exe
2016-06-02 23:34 - 2016-06-02 23:34 - 00000000 ____D C:\8b871e8165aa39ad1aba55cd
2016-06-02 10:54 - 2016-06-02 10:54 - 00000000 ____D C:\TempProjekty
2016-06-02 10:53 - 2016-06-02 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2016-06-02 10:53 - 2016-06-02 10:53 - 00000000 ____D C:\Program Files\WinHTTrack
2016-06-02 10:25 - 2016-06-02 10:25 - 00827418 _____ C:\Users\Freerider\Downloads\zaverecna_prace.pdf
2016-05-31 20:22 - 2016-05-31 20:22 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\iFunbox_UserCache
2016-05-31 20:22 - 2015-02-10 21:31 - 00000000 ____D C:\Users\Freerider\Desktop\ifunbox_classic
2016-05-31 07:51 - 2016-05-31 07:52 - 03933749 _____ C:\Users\Freerider\Downloads\ifunbox_classic.zip
2016-05-30 23:55 - 2016-05-30 23:55 - 00034585 _____ C:\ComboFix.txt
2016-05-30 23:46 - 2016-05-30 23:55 - 00000000 ____D C:\Qoobox
2016-05-30 23:46 - 2016-05-30 23:55 - 00000000 ____D C:\ComboFix
2016-05-30 23:46 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-30 23:46 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-30 23:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-30 23:45 - 2016-05-30 23:54 - 00000000 ____D C:\Windows\erdnt
2016-05-30 23:45 - 2016-05-30 23:45 - 00000000 ____D C:\AdwCleaner
2016-05-30 23:44 - 2016-05-30 23:45 - 05659529 ____R (Swearware) C:\Users\Freerider\Desktop\ComboFix.exe
2016-05-30 23:42 - 2016-05-30 23:42 - 03677248 _____ C:\Users\Freerider\Downloads\AdwCleaner.exe
2016-05-30 23:41 - 2016-05-30 23:47 - 00000000 ____D C:\Users\Freerider\AppData\Local\CrashDumps
2016-05-30 22:28 - 2016-05-30 22:28 - 00000000 _____ C:\autoexec.bat
2016-05-30 22:23 - 2016-05-30 22:23 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-05-30 22:22 - 2016-05-30 22:22 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\Freerider\Downloads\SpyHunter-Installer.exe
2016-05-30 21:56 - 2016-05-30 21:56 - 00000000 ____D C:\Users\Freerider\AppData\Local\pangu
2016-05-30 21:52 - 2016-05-30 21:52 - 02535424 _____ () C:\Users\Freerider\Desktop\tinyumbrella_windows-x64_8_2_0_60_InstalledJRE.exe
2016-05-30 16:29 - 2016-05-30 16:29 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-30 16:28 - 2016-05-30 18:23 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-30 16:26 - 2016-05-30 16:27 - 24125512 _____ C:\Users\Freerider\Desktop\RogueKillerX64.exe
2016-05-30 16:26 - 2016-05-30 16:26 - 01610816 _____ (Malwarebytes) C:\Users\Freerider\Desktop\JRT.exe
2016-05-23 19:18 - 2016-05-23 19:18 - 00000088 _____ C:\Users\Freerider\Downloads\ProScout97-Link-Password.txt
2016-05-23 18:47 - 2016-05-23 18:47 - 00147323 _____ C:\Users\Freerider\Downloads\Gr3eNoX-Exploit-Scanner-V1.1.rar
2016-05-23 18:47 - 2012-06-14 20:54 - 00000000 ____D C:\Users\Freerider\Downloads\Gr3eNoX Exploit Scanner V1.1
2016-05-23 18:45 - 2016-05-23 19:02 - 00000000 ____D C:\Users\Freerider\Downloads\kali-linux-light-2016.1-amd64
2016-05-18 07:37 - 2016-05-18 07:39 - 00000000 ____D C:\Users\Freerider\Desktop\HDDScan-3.3
2016-05-18 07:37 - 2016-05-18 07:37 - 03822364 _____ C:\Users\Freerider\Downloads\HDDScan-3.3.zip
2016-05-17 21:49 - 2016-05-17 21:50 - 00001024 ____H C:\AMTAG.BIN
2016-05-17 21:49 - 2015-09-24 17:57 - 01817712 _____ C:\Windows\ampa.exe
2016-05-17 21:49 - 2013-12-18 12:33 - 00017008 _____ C:\Windows\SysWOW64\ampa.sys
2016-05-17 21:49 - 2013-12-18 12:33 - 00017008 _____ C:\Windows\system32\ampa.sys
2016-05-17 21:48 - 2016-05-17 21:50 - 00000000 ____D C:\Users\Freerider\Downloads\AOMEI Partition Assistant Pro Edition 5.8 portable
2016-05-17 21:44 - 2016-05-17 21:44 - 12776382 _____ C:\Users\Freerider\Downloads\AOMEI-Partition-Assistant-Pro-Edition-5.8-portable.rar
2016-05-17 00:24 - 2016-05-17 00:24 - 00001085 _____ C:\Users\Freerider\Desktop\Cheat Engine.lnk
2016-05-17 00:24 - 2016-05-17 00:24 - 00000000 ____D C:\Users\Freerider\Documents\My Cheat Tables
2016-05-17 00:24 - 2016-05-17 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2016-05-17 00:24 - 2016-05-17 00:24 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2016-05-16 22:08 - 2016-05-16 22:09 - 09056424 _____ (Cheat Engine ) C:\Users\Freerider\Downloads\CheatEngine64.exe
2016-05-16 21:26 - 2016-05-16 21:26 - 00006942 _____ C:\Users\Freerider\Desktop\JRT.txt
2016-05-16 21:23 - 2016-05-16 21:23 - 01610816 _____ (Malwarebytes) C:\Users\Freerider\Downloads\JRT.exe
2016-05-16 19:18 - 2016-05-17 07:19 - 00000000 ___RD C:\ESD
2016-05-16 19:14 - 2016-05-16 19:14 - 01483336 _____ (Microsoft Corporation) C:\Users\Freerider\Downloads\mediacreationtool.exe
2016-05-15 22:09 - 2016-05-16 20:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-15 22:08 - 2016-05-15 22:08 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-15 22:08 - 2016-05-15 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-15 22:08 - 2016-05-15 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-15 22:08 - 2016-05-15 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-15 22:08 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-15 22:08 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-15 22:08 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-15 22:05 - 2016-05-15 22:05 - 22851472 _____ (Malwarebytes ) C:\Users\Freerider\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-15 21:59 - 2016-05-15 21:59 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-05-15 21:59 - 2016-05-15 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-15 21:59 - 2016-05-15 21:59 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-15 21:57 - 2016-05-15 21:59 - 00000000 ____D C:\Users\Freerider\Downloads\HitmanPro.3.7.14
2016-05-15 21:50 - 2016-05-15 21:50 - 12977923 _____ C:\Users\Freerider\Downloads\HitmanPro 3.7.14 Build 263 Final + Patch.rar
2016-05-15 21:48 - 2016-05-15 21:48 - 11438608 _____ (SurfRight B.V.) C:\Users\Freerider\Downloads\hitmanpro_x64.exe
2016-05-15 16:11 - 2016-05-15 16:14 - 110867232 _____ (Bitnami) C:\Users\Freerider\Downloads\xampp-win32-5.5.35-0-VC11-installer.exe
2016-05-15 14:42 - 2016-05-15 14:42 - 00000845 _____ C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-05-15 14:42 - 2016-05-15 14:42 - 00000797 _____ C:\Users\Freerider\Desktop\Start Tor Browser.lnk
2016-05-15 14:39 - 2016-05-15 14:41 - 43833160 _____ C:\Users\Freerider\Downloads\torbrowser-install-5.5.5_en-US.exe
2016-05-14 19:14 - 2016-05-14 19:14 - 00000634 _____ C:\Users\Freerider\default-soapui-workspace.xml
2016-05-14 19:13 - 2016-05-14 19:14 - 00600163 _____ C:\Users\Freerider\Documents\gsxws2-apple-soapui-project.xml
2016-05-14 19:13 - 2016-05-14 19:13 - 00002791 _____ C:\Users\Freerider\soapui-settings.xml
2016-05-14 15:22 - 2016-05-14 15:22 - 00000000 ____D C:\Users\Freerider\soapUI-Tutorials
2016-05-14 15:22 - 2016-05-14 15:22 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartBear
2016-05-14 15:21 - 2016-05-14 15:21 - 00000000 ____D C:\Program Files\SmartBear
2016-05-14 15:13 - 2016-05-14 15:21 - 144986609 _____ C:\Users\Freerider\Downloads\openlogic-soapui-4.5.2-windows-amd64-bin-2.zip
2016-05-14 11:39 - 2016-05-14 11:39 - 00003038 _____ C:\Windows\System32\Tasks\{E4BA5613-F60B-428D-BC40-F7FD8EB5693F}
2016-05-14 11:37 - 2016-05-14 11:37 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Myanmar Online Family
2016-05-14 11:37 - 2016-05-14 11:37 - 00000000 ____D C:\ProgramData\Caphyon
2016-05-13 21:50 - 2016-06-02 09:47 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Apple Computer
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\Users\Freerider\AppData\Local\Apple Computer
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\Users\Freerider\AppData\Local\Apple
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\ProgramData\Apple Computer
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\Program Files\iTunes
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\Program Files\iPod
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-13 21:49 - 2016-05-13 21:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-13 21:49 - 2016-05-13 21:49 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-13 21:49 - 2016-05-13 21:49 - 00000000 ____D C:\Program Files\Bonjour
2016-05-13 21:49 - 2016-05-13 21:49 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-13 21:49 - 2016-05-13 21:49 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-13 21:28 - 2016-06-02 10:41 - 00000000 ____D C:\Users\Freerider\Downloads\apple
2016-05-12 11:58 - 2016-05-12 11:58 - 00026427 _____ C:\Users\Freerider\Downloads\pq58884_created.svg
2016-05-11 18:25 - 2016-06-04 23:32 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442.job
2016-05-11 18:25 - 2016-06-04 18:30 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd.job
2016-05-11 18:25 - 2016-05-11 18:25 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442
2016-05-11 18:25 - 2016-05-11 18:25 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd
2016-05-10 07:54 - 2016-05-10 07:54 - 01844649 _____ C:\Users\Freerider\Downloads\NodLogin64bits.rar
2016-05-08 21:22 - 2016-05-08 21:22 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2016-05-08 21:22 - 2016-05-08 21:22 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy 2016.lnk
2016-05-08 21:22 - 2016-05-08 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2016-05-08 21:13 - 2016-05-08 21:13 - 00000000 ____D C:\Users\Freerider\Documents\OneNote Notebooks
2016-05-08 21:12 - 2016-05-08 21:12 - 00000000 ___SD C:\Users\Freerider\Documents\My Shapes
2016-05-08 21:07 - 2016-05-08 21:22 - 00002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-05-08 21:04 - 2016-06-04 18:27 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-08 21:04 - 2016-05-08 21:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-08 21:01 - 2016-05-08 21:01 - 00000000 ____D C:\Users\Freerider\Downloads\Microsoft Office 2016 Professional Plus 16.0.4229.1023 RTM
2016-05-08 20:36 - 2016-05-08 20:38 - 00000000 ____D C:\totalcmd
2016-05-08 20:36 - 2016-05-08 20:36 - 03722264 _____ (Ghisler Software GmbH) C:\Users\Freerider\Downloads\tcm851x32.exe
2016-05-08 20:36 - 2016-05-08 20:36 - 00000632 _____ C:\Users\Freerider\Desktop\Total Commander.lnk
2016-05-08 20:36 - 2016-05-08 20:36 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-05-08 20:36 - 2016-05-08 20:36 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\GHISLER
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\UC.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\RAR.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\PKZIP.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\LHA.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\ARJ.PIF
2016-05-08 20:09 - 2016-05-29 22:38 - 00000000 ____D C:\Users\Freerider\Documents\Barvinek
2016-05-08 19:08 - 2016-05-08 19:08 - 01010447 _____ C:\Users\Freerider\Downloads\O15CTRRemove.diagcab
2016-05-07 20:42 - 2016-05-08 22:57 - 00000000 ___RD C:\Users\Freerider\Documents\Scanned Documents
2016-05-07 20:42 - 2016-05-07 20:42 - 00000000 ____D C:\Users\Freerider\Documents\Fax

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 18:29 - 2016-01-06 00:50 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-04 18:29 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-04 18:10 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-04 18:10 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-04 18:06 - 2011-04-12 10:34 - 00839902 _____ C:\Windows\system32\perfh005.dat
2016-06-04 18:06 - 2011-04-12 10:34 - 00211490 _____ C:\Windows\system32\perfc005.dat
2016-06-04 18:06 - 2009-07-14 07:13 - 02068830 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-04 18:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-04 18:02 - 2016-02-16 01:47 - 00000000 ____D C:\ProgramData\VMware
2016-06-04 18:02 - 2016-01-05 02:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-04 18:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-03 07:35 - 2016-02-20 00:28 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-03 00:16 - 2016-01-05 00:13 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-02 10:15 - 2016-01-05 02:07 - 00000000 ____D C:\Users\Freerider\AppData\Local\Apps\2.0
2016-06-02 09:37 - 2016-02-16 01:49 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\VMware
2016-06-02 09:37 - 2016-02-16 01:49 - 00000000 ____D C:\Users\Freerider\AppData\Local\VMware
2016-05-31 20:22 - 2016-01-07 20:07 - 00000600 _____ C:\Users\Freerider\AppData\Roaming\winscp.rnd
2016-05-31 11:49 - 2016-01-05 02:26 - 00000000 ____D C:\Users\Freerider\AppData\Local\PokerStars.EU
2016-05-31 11:49 - 2016-01-05 02:25 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-05-30 23:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-05-30 22:27 - 2016-01-04 23:20 - 00000000 ____D C:\Users\Freerider
2016-05-30 16:24 - 2016-05-03 07:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-30 02:55 - 2016-03-02 23:21 - 00000000 ____D C:\Users\DefaultAppPool
2016-05-28 00:46 - 2016-03-10 17:15 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\TS3Client
2016-05-23 19:19 - 2016-01-06 00:58 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\uTorrent
2016-05-22 01:00 - 2016-03-20 16:15 - 00000000 ____D C:\Users\Freerider\AppData\Local\ElevatedDiagnostics
2016-05-20 08:09 - 2016-05-03 07:45 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-20 08:09 - 2016-05-03 07:45 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-05-18 18:32 - 2016-03-10 17:14 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-05-15 22:42 - 2016-01-04 23:39 - 00000000 ____D C:\ProgramData\Oracle
2016-05-15 22:38 - 2016-01-04 23:39 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-05-15 22:38 - 2016-01-04 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-15 22:37 - 2016-01-04 23:39 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-15 22:25 - 2016-01-06 10:53 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-15 22:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2016-05-15 22:03 - 2016-03-04 21:10 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-05-15 21:49 - 2016-01-25 22:24 - 00000000 ____D C:\Windows\system32\appmgmt
2016-05-15 19:19 - 2016-01-04 23:40 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-15 19:19 - 2016-01-04 23:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 19:17 - 2016-02-20 00:27 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-15 19:17 - 2016-02-20 00:27 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-15 19:17 - 2016-02-02 10:01 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Skype
2016-05-15 19:17 - 2016-01-04 23:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-15 19:17 - 2009-07-14 06:45 - 00436440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-15 17:54 - 2016-01-05 02:07 - 00112272 _____ C:\Users\Freerider\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-15 16:26 - 2016-01-17 22:15 - 00000000 ____D C:\ProgramData\SOLIDWORKS
2016-05-15 16:24 - 2016-01-17 22:15 - 00000000 ____D C:\Program Files\Common Files\SOLIDWORKS Shared
2016-05-15 16:24 - 2016-01-05 02:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-15 16:19 - 2016-01-17 22:15 - 00000000 ____D C:\Program Files\SOLIDWORKS Corp
2016-05-15 16:12 - 2016-01-17 22:05 - 00000000 ____D C:\Users\Freerider\Documents\SOLIDWORKS Downloads
2016-05-13 21:49 - 2016-01-17 22:10 - 00000000 ____D C:\ProgramData\Apple
2016-05-12 11:55 - 2016-04-24 20:21 - 00004409 _____ C:\Users\Freerider\Downloads\barvinek_logo.svg
2016-05-10 22:03 - 2016-05-05 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-10 20:56 - 2016-02-02 10:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-10 20:56 - 2016-02-02 10:00 - 00000000 ____D C:\ProgramData\Skype
2016-05-10 20:55 - 2016-01-06 00:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-10 18:24 - 2016-02-20 18:35 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\TeamViewer
2016-05-08 21:48 - 2016-01-06 00:52 - 00002196 _____ C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-08 21:48 - 2016-01-06 00:52 - 00000000 ___RD C:\Users\Freerider\OneDrive

==================== Files in the root of some directories =======

2016-01-07 20:07 - 2016-05-31 20:22 - 0000600 _____ () C:\Users\Freerider\AppData\Roaming\winscp.rnd
2016-01-05 01:08 - 2016-01-05 01:08 - 0000001 _____ () C:\Users\Freerider\AppData\Local\llftool.4.40.agreement
2016-04-02 17:28 - 2016-04-02 17:28 - 0000041 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Security Center ==================

AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Freerider\Desktop" je 392 MB.
 
 
***** Startup Programs *****
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Steam\steam.exe" -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" 

 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================
addit v příloze.

Zatím Díky moc :)

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 10:15
od Rudy
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 10:21
od rebrma
Pěknou neděli přeji :),

zde je log z adwcleaneru.

Kód: Vybrat vše

# AdwCleaner v5.119 - Log vytvořen 05/06/2016 v 11:17:27
# Aktualizováno 30/05/2016 by Xplode
# Databáze : 2016-06-03.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Freerider - FREERIDER-PC
# Spuštěno z : C:\Users\Freerider\Desktop\adwcleaner_5.119.exe
# Nastavení : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****


***** [ Soubory ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****


***** [ Naplánované úlohy ] *****


***** [ Registry ] *****

[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}

***** [ Prohlížeče ] *****


*************************

:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1375 bytů] - [05/06/2016 11:17:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [433 bytů] - [30/05/2016 23:45:12]
C:\AdwCleaner\AdwCleaner[S2].txt - [1556 bytů] - [05/06/2016 11:16:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1593 bytů] ##########
Zatím děkuji :)

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 10:29
od Rudy
Dejte nový log FRST.

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 11:58
od rebrma
Zde nový log

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by Freerider (administrator) on FREERIDER-PC (05-06-2016 12:50:42)
Running from C:\Users\Freerider\Desktop
Loaded Profiles: Freerider & UpdatusUser (Available Profiles: Freerider & UpdatusUser & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(forum.viry.cz) C:\Users\Freerider\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-08-16] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2016-01-29] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2016-02-21]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.50.1 192.168.0.1
Tcpip\..\Interfaces\{245DB6AB-B2FF-4780-8706-2B647C90DB86}: [DhcpNameServer] 192.168.50.1 192.168.0.1
Tcpip\..\Interfaces\{42529813-341E-41E9-A485-4EED32048929}: [DhcpNameServer] 192.168.50.1 192.168.0.1
Tcpip\..\Interfaces\{88154AED-AA65-4AD3-A39D-2147F91873DD}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{F6744DE0-B6F3-43F0-A204-2A273F988B83}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-670735467-1812237546-1025010430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-670735467-1812237546-1025010430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-05-26] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-15] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-05-26] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-15] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Freerider\AppData\Roaming\Mozilla\Firefox\Profiles\dwgkbtnp.default
FF NetworkProxy: "http", "217.20.83.130"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Extension: colorPicker - C:\Users\Freerider\AppData\Roaming\Mozilla\Firefox\Profiles\dwgkbtnp.default\Extensions\colorPicker@colorPicker.xpi [2016-04-27]
FF Extension: Firebug - C:\Users\Freerider\AppData\Roaming\Mozilla\Firefox\Profiles\dwgkbtnp.default\Extensions\firebug@software.joehewitt.com.xpi [2016-03-31]
FF Extension: Adblock Plus - C:\Users\Freerider\AppData\Roaming\Mozilla\Firefox\Profiles\dwgkbtnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-16] (SurfRight B.V.)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-21] (Microsoft Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6237800 2010-04-30] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2701880 2016-01-29] ()
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [242224 2016-05-25] (Microsoft Corporation) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-21] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [48464 2015-06-29] (Dell Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-14] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-30] ()
S2 HOSTNT; C:\Windows\SysWow64\Drivers\HOSTNT.sys [4032 2016-03-30] () [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-21] (Microsoft Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2016-04-02] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2016-04-02] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2016-04-02] (Acronis International GmbH)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-08-14] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-05 12:50 - 2016-06-05 12:50 - 00019226 _____ C:\Users\Freerider\Desktop\FRST.txt
2016-06-05 11:15 - 2016-06-05 11:15 - 03677248 _____ C:\Users\Freerider\Desktop\adwcleaner_5.119.exe
2016-06-05 02:39 - 2016-06-05 02:39 - 00605200 _____ C:\Users\Freerider\Downloads\Files.zip
2016-06-05 02:39 - 2012-08-06 00:45 - 00311296 _____ (Apple Inc.) C:\Users\Freerider\Desktop\qtmlclient.dll
2016-06-05 02:39 - 2007-06-28 04:07 - 01085440 _____ (Apple Inc.) C:\Users\Freerider\Desktop\iTunesMobileDevice.dll
2016-06-05 02:37 - 2016-06-05 02:38 - 00000074 _____ C:\Users\Freerider\Desktop\RecBoot.txt
2016-06-05 02:37 - 2016-06-05 02:37 - 00480165 _____ C:\Users\Freerider\Downloads\RecBoot-1.3-WIN.zip
2016-06-05 02:37 - 2010-09-01 19:08 - 00203776 _____ C:\Users\Freerider\Desktop\RecBoot.exe
2016-06-05 02:37 - 2010-08-31 17:54 - 00147968 _____ (Travis Robinson) C:\Users\Freerider\Desktop\LibUsbDotNet.dll
2016-06-05 02:35 - 2016-06-05 02:35 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-05 02:35 - 2016-06-05 02:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-05 02:35 - 2016-06-05 02:35 - 00000000 ____D C:\Program Files\iTunes
2016-06-05 02:35 - 2016-06-05 02:35 - 00000000 ____D C:\Program Files\iPod
2016-06-05 02:35 - 2016-06-05 02:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-05 02:33 - 2016-06-05 02:34 - 35836296 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Freerider\Downloads\iphone-data-recovery.exe
2016-06-05 02:27 - 2016-06-05 02:31 - 170473288 _____ (Apple Inc.) C:\Users\Freerider\Downloads\iTunes6464Setup.exe
2016-06-05 00:27 - 2016-06-05 00:27 - 00010507 _____ C:\Users\Freerider\Desktop\Addition.rar
2016-06-05 00:22 - 2016-06-05 00:22 - 00112640 _____ (forum.viry.cz) C:\Users\Freerider\Desktop\FRSTLauncher.exe
2016-06-05 00:20 - 2016-06-05 12:46 - 00000000 ____D C:\FRST
2016-06-05 00:20 - 2016-06-05 00:20 - 02384384 _____ (Farbar) C:\Users\Freerider\Desktop\FRST64.exe
2016-06-04 18:29 - 2016-06-04 18:29 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-04 18:20 - 2016-06-04 18:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Freerider\Downloads\HijackThis.exe
2016-06-02 23:34 - 2016-06-02 23:34 - 00000000 ____D C:\8b871e8165aa39ad1aba55cd
2016-06-02 10:54 - 2016-06-02 10:54 - 00000000 ____D C:\TempProjekty
2016-06-02 10:53 - 2016-06-02 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2016-06-02 10:53 - 2016-06-02 10:53 - 00000000 ____D C:\Program Files\WinHTTrack
2016-06-02 10:25 - 2016-06-02 10:25 - 00827418 _____ C:\Users\Freerider\Downloads\zaverecna_prace.pdf
2016-05-31 20:22 - 2016-05-31 20:22 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\iFunbox_UserCache
2016-05-31 20:22 - 2015-02-10 21:31 - 00000000 ____D C:\Users\Freerider\Desktop\ifunbox_classic
2016-05-31 07:51 - 2016-05-31 07:52 - 03933749 _____ C:\Users\Freerider\Downloads\ifunbox_classic.zip
2016-05-30 23:55 - 2016-05-30 23:55 - 00034585 _____ C:\ComboFix.txt
2016-05-30 23:46 - 2016-05-30 23:55 - 00000000 ____D C:\Qoobox
2016-05-30 23:46 - 2016-05-30 23:55 - 00000000 ____D C:\ComboFix
2016-05-30 23:46 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-30 23:46 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-30 23:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-30 23:46 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-30 23:45 - 2016-06-05 11:17 - 00000000 ____D C:\AdwCleaner
2016-05-30 23:45 - 2016-05-30 23:54 - 00000000 ____D C:\Windows\erdnt
2016-05-30 23:44 - 2016-05-30 23:45 - 05659529 ____R (Swearware) C:\Users\Freerider\Desktop\ComboFix.exe
2016-05-30 23:42 - 2016-05-30 23:42 - 03677248 _____ C:\Users\Freerider\Downloads\AdwCleaner.exe
2016-05-30 23:41 - 2016-05-30 23:47 - 00000000 ____D C:\Users\Freerider\AppData\Local\CrashDumps
2016-05-30 22:28 - 2016-05-30 22:28 - 00000000 _____ C:\autoexec.bat
2016-05-30 22:23 - 2016-05-30 22:23 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-05-30 22:22 - 2016-05-30 22:22 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\Freerider\Downloads\SpyHunter-Installer.exe
2016-05-30 21:56 - 2016-05-30 21:56 - 00000000 ____D C:\Users\Freerider\AppData\Local\pangu
2016-05-30 21:52 - 2016-05-30 21:52 - 02535424 _____ () C:\Users\Freerider\Desktop\tinyumbrella_windows-x64_8_2_0_60_InstalledJRE.exe
2016-05-30 16:29 - 2016-05-30 16:29 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-30 16:28 - 2016-05-30 18:23 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-30 16:26 - 2016-05-30 16:27 - 24125512 _____ C:\Users\Freerider\Desktop\RogueKillerX64.exe
2016-05-30 16:26 - 2016-05-30 16:26 - 01610816 _____ (Malwarebytes) C:\Users\Freerider\Desktop\JRT.exe
2016-05-23 19:18 - 2016-05-23 19:18 - 00000088 _____ C:\Users\Freerider\Downloads\ProScout97-Link-Password.txt
2016-05-23 18:47 - 2016-05-23 18:47 - 00147323 _____ C:\Users\Freerider\Downloads\Gr3eNoX-Exploit-Scanner-V1.1.rar
2016-05-23 18:47 - 2012-06-14 20:54 - 00000000 ____D C:\Users\Freerider\Downloads\Gr3eNoX Exploit Scanner V1.1
2016-05-23 18:45 - 2016-05-23 19:02 - 00000000 ____D C:\Users\Freerider\Downloads\kali-linux-light-2016.1-amd64
2016-05-18 07:37 - 2016-05-18 07:39 - 00000000 ____D C:\Users\Freerider\Desktop\HDDScan-3.3
2016-05-18 07:37 - 2016-05-18 07:37 - 03822364 _____ C:\Users\Freerider\Downloads\HDDScan-3.3.zip
2016-05-17 21:49 - 2016-05-17 21:50 - 00001024 ____H C:\AMTAG.BIN
2016-05-17 21:49 - 2015-09-24 17:57 - 01817712 _____ C:\Windows\ampa.exe
2016-05-17 21:49 - 2013-12-18 12:33 - 00017008 _____ C:\Windows\SysWOW64\ampa.sys
2016-05-17 21:49 - 2013-12-18 12:33 - 00017008 _____ C:\Windows\system32\ampa.sys
2016-05-17 21:48 - 2016-05-17 21:50 - 00000000 ____D C:\Users\Freerider\Downloads\AOMEI Partition Assistant Pro Edition 5.8 portable
2016-05-17 21:44 - 2016-05-17 21:44 - 12776382 _____ C:\Users\Freerider\Downloads\AOMEI-Partition-Assistant-Pro-Edition-5.8-portable.rar
2016-05-17 00:24 - 2016-05-17 00:24 - 00001085 _____ C:\Users\Freerider\Desktop\Cheat Engine.lnk
2016-05-17 00:24 - 2016-05-17 00:24 - 00000000 ____D C:\Users\Freerider\Documents\My Cheat Tables
2016-05-17 00:24 - 2016-05-17 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2016-05-17 00:24 - 2016-05-17 00:24 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2016-05-16 22:08 - 2016-05-16 22:09 - 09056424 _____ (Cheat Engine ) C:\Users\Freerider\Downloads\CheatEngine64.exe
2016-05-16 21:26 - 2016-05-16 21:26 - 00006942 _____ C:\Users\Freerider\Desktop\JRT.txt
2016-05-16 21:23 - 2016-05-16 21:23 - 01610816 _____ (Malwarebytes) C:\Users\Freerider\Downloads\JRT.exe
2016-05-16 19:18 - 2016-05-17 07:19 - 00000000 ___RD C:\ESD
2016-05-16 19:14 - 2016-05-16 19:14 - 01483336 _____ (Microsoft Corporation) C:\Users\Freerider\Downloads\mediacreationtool.exe
2016-05-15 22:08 - 2016-05-15 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-15 22:05 - 2016-05-15 22:05 - 22851472 _____ (Malwarebytes ) C:\Users\Freerider\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-15 21:59 - 2016-05-15 21:59 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-05-15 21:59 - 2016-05-15 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-15 21:59 - 2016-05-15 21:59 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-15 21:57 - 2016-05-15 21:59 - 00000000 ____D C:\Users\Freerider\Downloads\HitmanPro.3.7.14
2016-05-15 21:50 - 2016-05-15 21:50 - 12977923 _____ C:\Users\Freerider\Downloads\HitmanPro 3.7.14 Build 263 Final + Patch.rar
2016-05-15 21:48 - 2016-05-15 21:48 - 11438608 _____ (SurfRight B.V.) C:\Users\Freerider\Downloads\hitmanpro_x64.exe
2016-05-15 16:11 - 2016-05-15 16:14 - 110867232 _____ (Bitnami) C:\Users\Freerider\Downloads\xampp-win32-5.5.35-0-VC11-installer.exe
2016-05-15 14:42 - 2016-05-15 14:42 - 00000845 _____ C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-05-15 14:42 - 2016-05-15 14:42 - 00000797 _____ C:\Users\Freerider\Desktop\Start Tor Browser.lnk
2016-05-15 14:39 - 2016-05-15 14:41 - 43833160 _____ C:\Users\Freerider\Downloads\torbrowser-install-5.5.5_en-US.exe
2016-05-14 19:14 - 2016-05-14 19:14 - 00000634 _____ C:\Users\Freerider\default-soapui-workspace.xml
2016-05-14 19:13 - 2016-05-14 19:14 - 00600163 _____ C:\Users\Freerider\Documents\gsxws2-apple-soapui-project.xml
2016-05-14 19:13 - 2016-05-14 19:13 - 00002791 _____ C:\Users\Freerider\soapui-settings.xml
2016-05-14 15:22 - 2016-05-14 15:22 - 00000000 ____D C:\Users\Freerider\soapUI-Tutorials
2016-05-14 15:22 - 2016-05-14 15:22 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartBear
2016-05-14 15:21 - 2016-05-14 15:21 - 00000000 ____D C:\Program Files\SmartBear
2016-05-14 15:13 - 2016-05-14 15:21 - 144986609 _____ C:\Users\Freerider\Downloads\openlogic-soapui-4.5.2-windows-amd64-bin-2.zip
2016-05-14 11:39 - 2016-05-14 11:39 - 00003038 _____ C:\Windows\System32\Tasks\{E4BA5613-F60B-428D-BC40-F7FD8EB5693F}
2016-05-14 11:37 - 2016-05-14 11:37 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Myanmar Online Family
2016-05-14 11:37 - 2016-05-14 11:37 - 00000000 ____D C:\ProgramData\Caphyon
2016-05-13 21:50 - 2016-06-02 09:47 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Apple Computer
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\Users\Freerider\AppData\Local\Apple Computer
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\Users\Freerider\AppData\Local\Apple
2016-05-13 21:50 - 2016-05-13 21:50 - 00000000 ____D C:\ProgramData\Apple Computer
2016-05-13 21:49 - 2016-06-05 02:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-13 21:49 - 2016-05-13 21:49 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-13 21:49 - 2016-05-13 21:49 - 00000000 ____D C:\Program Files\Bonjour
2016-05-13 21:49 - 2016-05-13 21:49 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-13 21:49 - 2016-05-13 21:49 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-13 21:28 - 2016-06-02 10:41 - 00000000 ____D C:\Users\Freerider\Downloads\apple
2016-05-12 11:58 - 2016-05-12 11:58 - 00026427 _____ C:\Users\Freerider\Downloads\pq58884_created.svg
2016-05-11 18:25 - 2016-06-05 12:30 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442.job
2016-05-11 18:25 - 2016-06-05 11:18 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd.job
2016-05-11 18:25 - 2016-05-11 18:25 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442
2016-05-11 18:25 - 2016-05-11 18:25 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd
2016-05-10 07:54 - 2016-05-10 07:54 - 01844649 _____ C:\Users\Freerider\Downloads\NodLogin64bits.rar
2016-05-08 21:22 - 2016-05-08 21:22 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2016-05-08 21:22 - 2016-05-08 21:22 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy 2016.lnk
2016-05-08 21:22 - 2016-05-08 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2016-05-08 21:13 - 2016-05-08 21:13 - 00000000 ____D C:\Users\Freerider\Documents\OneNote Notebooks
2016-05-08 21:12 - 2016-05-08 21:12 - 00000000 ___SD C:\Users\Freerider\Documents\My Shapes
2016-05-08 21:07 - 2016-05-08 21:22 - 00002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-05-08 21:07 - 2016-05-08 21:22 - 00002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-05-08 21:04 - 2016-06-04 18:27 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-08 21:04 - 2016-05-08 21:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-08 21:01 - 2016-05-08 21:01 - 00000000 ____D C:\Users\Freerider\Downloads\Microsoft Office 2016 Professional Plus 16.0.4229.1023 RTM
2016-05-08 20:36 - 2016-05-08 20:38 - 00000000 ____D C:\totalcmd
2016-05-08 20:36 - 2016-05-08 20:36 - 03722264 _____ (Ghisler Software GmbH) C:\Users\Freerider\Downloads\tcm851x32.exe
2016-05-08 20:36 - 2016-05-08 20:36 - 00000632 _____ C:\Users\Freerider\Desktop\Total Commander.lnk
2016-05-08 20:36 - 2016-05-08 20:36 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-05-08 20:36 - 2016-05-08 20:36 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\GHISLER
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\UC.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\RAR.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\PKZIP.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\LHA.PIF
2016-05-08 20:36 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\ARJ.PIF
2016-05-08 20:09 - 2016-05-29 22:38 - 00000000 ____D C:\Users\Freerider\Documents\Barvinek
2016-05-08 19:08 - 2016-05-08 19:08 - 01010447 _____ C:\Users\Freerider\Downloads\O15CTRRemove.diagcab
2016-05-07 20:42 - 2016-05-08 22:57 - 00000000 ___RD C:\Users\Freerider\Documents\Scanned Documents
2016-05-07 20:42 - 2016-05-07 20:42 - 00000000 ____D C:\Users\Freerider\Documents\Fax

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-05 11:26 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-05 11:26 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-05 11:23 - 2011-04-12 10:34 - 00839902 _____ C:\Windows\system32\perfh005.dat
2016-06-05 11:23 - 2011-04-12 10:34 - 00211490 _____ C:\Windows\system32\perfc005.dat
2016-06-05 11:23 - 2009-07-14 07:13 - 02068830 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-05 11:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-05 11:18 - 2016-02-16 01:47 - 00000000 ____D C:\ProgramData\VMware
2016-06-05 11:18 - 2016-01-17 23:31 - 00000000 ____D C:\Users\UpdatusUser
2016-06-05 11:18 - 2016-01-05 02:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-05 11:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-05 11:17 - 2016-01-05 00:13 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-04 18:29 - 2016-01-06 00:50 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-04 18:29 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-03 07:35 - 2016-02-20 00:28 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-02 10:15 - 2016-01-05 02:07 - 00000000 ____D C:\Users\Freerider\AppData\Local\Apps\2.0
2016-06-02 09:37 - 2016-02-16 01:49 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\VMware
2016-06-02 09:37 - 2016-02-16 01:49 - 00000000 ____D C:\Users\Freerider\AppData\Local\VMware
2016-05-31 20:22 - 2016-01-07 20:07 - 00000600 _____ C:\Users\Freerider\AppData\Roaming\winscp.rnd
2016-05-31 11:49 - 2016-01-05 02:26 - 00000000 ____D C:\Users\Freerider\AppData\Local\PokerStars.EU
2016-05-31 11:49 - 2016-01-05 02:25 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-05-30 23:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-05-30 22:27 - 2016-01-04 23:20 - 00000000 ____D C:\Users\Freerider
2016-05-30 16:24 - 2016-05-03 07:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-30 02:55 - 2016-03-02 23:21 - 00000000 ____D C:\Users\DefaultAppPool
2016-05-28 00:46 - 2016-03-10 17:15 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\TS3Client
2016-05-23 19:19 - 2016-01-06 00:58 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\uTorrent
2016-05-22 01:00 - 2016-03-20 16:15 - 00000000 ____D C:\Users\Freerider\AppData\Local\ElevatedDiagnostics
2016-05-20 08:09 - 2016-05-03 07:45 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-20 08:09 - 2016-05-03 07:45 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-05-18 18:32 - 2016-03-10 17:14 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-05-15 22:42 - 2016-01-04 23:39 - 00000000 ____D C:\ProgramData\Oracle
2016-05-15 22:38 - 2016-01-04 23:39 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-05-15 22:38 - 2016-01-04 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-15 22:37 - 2016-01-04 23:39 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-15 22:25 - 2016-01-06 10:53 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-15 22:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2016-05-15 22:03 - 2016-03-04 21:10 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-05-15 21:49 - 2016-01-25 22:24 - 00000000 ____D C:\Windows\system32\appmgmt
2016-05-15 19:19 - 2016-01-04 23:40 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-15 19:19 - 2016-01-04 23:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 19:17 - 2016-02-20 00:27 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-15 19:17 - 2016-02-20 00:27 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-15 19:17 - 2016-02-02 10:01 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\Skype
2016-05-15 19:17 - 2016-01-04 23:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-15 19:17 - 2009-07-14 06:45 - 00436440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-15 17:54 - 2016-01-05 02:07 - 00112272 _____ C:\Users\Freerider\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-15 16:26 - 2016-01-17 22:15 - 00000000 ____D C:\ProgramData\SOLIDWORKS
2016-05-15 16:24 - 2016-01-17 22:15 - 00000000 ____D C:\Program Files\Common Files\SOLIDWORKS Shared
2016-05-15 16:24 - 2016-01-05 02:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-15 16:19 - 2016-01-17 22:15 - 00000000 ____D C:\Program Files\SOLIDWORKS Corp
2016-05-15 16:12 - 2016-01-17 22:05 - 00000000 ____D C:\Users\Freerider\Documents\SOLIDWORKS Downloads
2016-05-13 21:49 - 2016-01-17 22:10 - 00000000 ____D C:\ProgramData\Apple
2016-05-12 11:55 - 2016-04-24 20:21 - 00004409 _____ C:\Users\Freerider\Downloads\barvinek_logo.svg
2016-05-10 22:03 - 2016-05-05 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-10 20:56 - 2016-02-02 10:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-10 20:56 - 2016-02-02 10:00 - 00000000 ____D C:\ProgramData\Skype
2016-05-10 20:55 - 2016-01-06 00:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-10 18:24 - 2016-02-20 18:35 - 00000000 ____D C:\Users\Freerider\AppData\Roaming\TeamViewer
2016-05-08 21:48 - 2016-01-06 00:52 - 00002196 _____ C:\Users\Freerider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-08 21:48 - 2016-01-06 00:52 - 00000000 ___RD C:\Users\Freerider\OneDrive

==================== Files in the root of some directories =======

2016-01-07 20:07 - 2016-05-31 20:22 - 0000600 _____ () C:\Users\Freerider\AppData\Roaming\winscp.rnd
2016-01-05 01:08 - 2016-01-05 01:08 - 0000001 _____ () C:\Users\Freerider\AppData\Local\llftool.4.40.agreement
2016-04-02 17:28 - 2016-04-02 17:28 - 0000041 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\Freerider\AppData\Local\Temp\libeay32.dll
C:\Users\Freerider\AppData\Local\Temp\msvcr120.dll
C:\Users\Freerider\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Security Center ==================

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Freerider\Desktop" je 397 MB.
 
 
***** Startup Programs *****
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Steam\steam.exe" -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" 

 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================
Adds v příloze :).

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 16:25
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-670735467-1812237546-1025010430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Freerider\AppData\Local\Temp
Task: {0CBE3F4C-29AE-416A-BDF0-9D913EAB3478} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E89545A5-1DF6-40EB-8DFC-7B69894279F8} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 16:51
od rebrma
Tak po fixu a restartu nový log:

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by Freerider (2016-06-05 17:41:38) Run:1
Running from C:\Users\Freerider\Desktop
Loaded Profiles: Freerider & UpdatusUser (Available Profiles: Freerider & UpdatusUser & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-670735467-1812237546-1025010430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Freerider\AppData\Local\Temp
Task: {0CBE3F4C-29AE-416A-BDF0-9D913EAB3478} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E89545A5-1DF6-40EB-8DFC-7B69894279F8} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-670735467-1812237546-1025010430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd.job => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1aba1b05ad442 => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba1b03ff8dd => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully

"C:\Users\Freerider\AppData\Local\Temp" folder move:

Could not move "C:\Users\Freerider\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CBE3F4C-29AE-416A-BDF0-9D913EAB3478}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CBE3F4C-29AE-416A-BDF0-9D913EAB3478}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E89545A5-1DF6-40EB-8DFC-7B69894279F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E89545A5-1DF6-40EB-8DFC-7B69894279F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-06-05 17:46:08)

"C:\Users\Freerider\AppData\Local\Temp" => Could not move

==== End of Fixlog 17:46:11 ====

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 16:54
od Rudy
Smazáno. Nastala nějaká změna?

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 17:13
od rebrma
Děkuji .

Nechám běžet firefox, protože to vyskakovalo vždy až po nějakém čase afk...

Ale zatím děkuji a dám ještě dnes vědět, třeba za hodinku :).

Zatím moc děkuji.

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 18:08
od Rudy
OK, zatím není zač!

Re: Prosím o kontrolu logu

Napsal: 05 čer 2016 22:19
od rebrma
Zdravím,

tak jsem nechal PC zaplé déle a už opět.... ADNetworks či co... Opět ve FireFoxu :-(

Re: Prosím o kontrolu logu

Napsal: 06 čer 2016 17:24
od Rudy
Proveďte ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Re: Prosím o kontrolu logu

Napsal: 06 čer 2016 21:33
od rebrma
dobrý večer,

Je možné že zoek běží již 3 hodiny? Zkoušel jsem jen nenásilně (bez správce úloh a pod?) vypnout a to nejde, vždy skočí nové okno.

Děkuji.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz