VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Preventivka

https://forum.viry.cz:443/viewtopic.php?t=149879

Stránka 1 z 1

Preventivka

Napsal: 01 zář 2016 11:15
od Jirka K.
Dobrý den, prosím o preventivku.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Jana (administrator) on KŘIVÁNEK-PC (01-09-2016 12:01:49)
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana (Available Profiles: Křivánek & Jana)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Alza.cz a.s.) C:\Program Files (x86)\Alza Media\v1.0.27.39844\AlzaMediaAutoupdateService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\...\Run: [OscarX7Mouse5Mode] => C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe [3518976 2011-10-21] ()
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{582E5871-F563-4527-9641-23675C37B3F1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-31] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-31] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-31] (Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Skype) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-08-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]
CHR Extension: (Gmail) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlzaMedia-Autoupdate; C:\Program Files (x86)\Alza Media\v1.0.27.39844\AlzaMediaAutoupdateService.exe [48000 2014-10-03] (Alza.cz a.s.) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [135584 2011-12-09] (Futuremark Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11832 2010-06-29] (Advanced Micro Devices Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S4 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2002-10-08] () [File not signed]
S3 ALSysIO; \??\C:\Users\KIVNEK~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz135; \??\C:\Users\KIVNEK~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-01 12:01 - 2016-09-01 12:02 - 00013136 _____ C:\Users\Jana\Desktop\FRST.txt
2016-09-01 12:00 - 2016-09-01 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe
2016-09-01 11:59 - 2016-09-01 12:01 - 00000000 ____D C:\FRST
2016-09-01 11:58 - 2016-09-01 11:59 - 02397696 _____ (Farbar) C:\Users\Jana\Desktop\FRST64.exe
2016-09-01 11:50 - 2016-09-01 11:50 - 00000000 ____D C:\Users\Jana\AppData\Local\BlueStacks
2016-08-28 13:26 - 2016-08-28 13:26 - 00274760 _____ C:\Windows\Minidump\082816-327648-01.dmp
2016-08-23 18:17 - 2016-08-23 18:18 - 00000000 ____D C:\Users\Křivánek\Desktop\čebín výplaty
2016-08-17 07:51 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 07:51 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-10 13:32 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 13:32 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 13:32 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 13:32 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 13:32 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 13:32 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 13:32 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 13:32 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 13:32 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 13:32 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 13:32 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 13:32 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 13:32 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 13:32 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 13:32 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 13:31 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 13:31 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 13:31 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 13:31 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 13:31 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 13:31 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 13:31 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 13:31 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 13:31 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 13:31 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 13:31 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 13:31 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 13:31 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 13:31 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 13:31 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 13:31 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 13:31 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 13:31 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 13:31 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 13:31 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 13:31 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 13:31 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 13:31 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 13:31 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 13:31 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 13:31 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 13:31 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 13:31 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 13:31 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 13:31 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 13:31 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 13:31 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 13:31 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 13:31 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 13:31 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 13:31 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 13:31 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 13:31 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 13:31 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 13:31 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 13:31 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 13:31 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 13:31 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 13:31 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 13:31 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 13:31 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 13:31 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 13:31 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 13:31 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 13:31 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 13:31 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 13:31 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 13:31 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 13:31 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 13:31 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 13:31 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 13:31 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 13:31 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 13:31 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 13:31 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 13:31 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 13:31 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 13:31 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 13:31 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-05 09:05 - 2016-08-05 09:05 - 03142240 _____ C:\Users\Jana\Downloads\drobna-laskavost.pdf
2016-08-05 09:04 - 2016-08-05 09:04 - 01865834 _____ C:\Users\Jana\Downloads\cesta-za-laskou.pdf
2016-08-05 09:04 - 2016-08-05 09:04 - 01828434 _____ C:\Users\Jana\Downloads\bourkova-fronta.pdf
2016-08-05 09:03 - 2016-08-05 09:03 - 03019904 _____ C:\Users\Jana\Downloads\drobna-laskavost.mobi
2016-08-05 09:03 - 2016-08-05 09:03 - 02226938 _____ C:\Users\Jana\Downloads\bourkova-fronta.mobi
2016-08-05 09:02 - 2016-08-05 09:02 - 06277894 _____ C:\Users\Jana\Downloads\cesta-za-laskou.mobi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-01 11:57 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-01 11:57 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-01 11:50 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-01 11:30 - 2012-10-13 14:36 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-01 10:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-01 10:11 - 2013-07-17 14:31 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-31 09:49 - 2016-02-04 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory
2016-08-31 09:48 - 2012-04-27 22:53 - 00000000 ____D C:\Hry
2016-08-30 10:08 - 2015-09-14 15:05 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-29 22:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-28 13:26 - 2012-04-05 20:36 - 00000000 ____D C:\Windows\Minidump
2016-08-28 00:22 - 2014-09-16 17:49 - 00000000 ____D C:\Users\Jana\Documents\Activprimary3
2016-08-27 14:22 - 2011-04-12 10:34 - 00668882 _____ C:\Windows\system32\perfh005.dat
2016-08-27 14:22 - 2011-04-12 10:34 - 00141542 _____ C:\Windows\system32\perfc005.dat
2016-08-27 14:22 - 2009-07-14 07:13 - 01584626 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-27 14:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-27 14:21 - 2016-01-20 01:17 - 00000000 ____D C:\Users\Jana\Desktop\Školní 2016
2016-08-18 11:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-11 08:42 - 2009-07-14 06:45 - 00306536 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-11 01:16 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-08-11 01:08 - 2012-04-03 20:31 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 20:01 - 2016-06-21 19:24 - 00000000 ____D C:\Users\Jana\Desktop\Erbenova - náměty
2016-08-03 17:51 - 2015-11-06 22:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-02-20 01:17 - 2015-02-20 01:18 - 0003072 _____ () C:\Users\Jana\AppData\Local\file__0.localstorage
2015-09-06 23:23 - 2015-09-06 23:23 - 0032038 _____ () C:\Users\Jana\AppData\Local\SquareClock.Production_Home_Siko_WebIcon.ico
2016-02-07 12:45 - 2016-02-07 12:45 - 0000000 _____ () C:\Users\Jana\AppData\Local\{7D8FAFCB-BA39-4421-BF23-A10C978EB026}

Some files in TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\Jana\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Jana\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData:gs5sys [2816]
AlternateDataStreams: C:\Users\All Users:gs5sys [2816]
AlternateDataStreams: C:\Users\Jana:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\Data aplikací:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\Šablony:gs5sys [2560]
AlternateDataStreams: C:\Users\Jana\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\Jana\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jana\Desktop" je 35 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Preventivka

Napsal: 02 zář 2016 17:12
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Preventivka

Napsal: 03 zář 2016 13:04
od Jirka K.
# AdwCleaner v6.010 - Log soubor vytvořen 03/09/2016 na 13:52:09
# Aktualizováno dne 12/08/2016 z ToolsLib
# Databáze : 2016-09-03.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Křivánek - KŘIVÁNEK-PC
# Beží od : C:\Users\Křivánek\Desktop\adwcleaner_6.010.exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum



***** [ Služby ] *****



***** [ Adresáře ] *****

[-] Adresář smazán:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Adresář smazán:C:\Program Files (x86)\myfree codec


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupce ] *****



***** [ Plánovač úloh ] *****



***** [ Registry ] *****

[-] Klíč smazán:[x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Klíč smazán:[x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Klíč smazán:HKU\S-1-5-21-3406515104-517183750-3566915376-1000\Software\Myfree Codec
[-] Klíč smazán:HKU\S-1-5-21-3406515104-517183750-3566915376-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Klíč smazán:HKU\S-1-5-21-3406515104-517183750-3566915376-1002\Software\Myfree Codec
[#] Klíč smazán po restartování:HKCU\Software\Myfree Codec
[-] Klíč smazán:HKLM\SOFTWARE\Myfree Codec
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2326 Bajtů] - [03/09/2016 13:52:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [2739 Bajtů] - [03/09/2016 13:51:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2474 Bajtů] ##########

Re: Preventivka

Napsal: 03 zář 2016 15:44
od Rudy
Dejte nový log FRST.

Re: Preventivka

Napsal: 03 zář 2016 19:17
od Jirka K.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Jana (03-09-2016 20:09:42)
Running from C:\Users\Jana\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-03 17:55:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3406515104-517183750-3566915376-500 - Administrator - Disabled)
Guest (S-1-5-21-3406515104-517183750-3566915376-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3406515104-517183750-3566915376-1008 - Limited - Enabled)
Jana (S-1-5-21-3406515104-517183750-3566915376-1002 - Administrator - Enabled) => C:\Users\Jana
Křivánek (S-1-5-21-3406515104-517183750-3566915376-1000 - Administrator - Enabled) => C:\Users\Křivánek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
5-Mode Oscar Editor (HKLM-x32\...\OscarX7Mouse5Mode) (Version: 11.10.0001 - A4Tech)
Activprimary Viewer v3.6 (HKLM-x32\...\{919A356C-8FC7-49E2-91C4-66D25AE35121}) (Version: 3.6.22 - Promethean Ltd.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - )
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ALTER Český jazyk - Pravopisné pětiminutovky 2 DEMO (HKLM-x32\...\ALTERCJ2PPD_is1) (Version: 1.0 - Nakladatelství ALTER, s.r.o.)
Alza Media (HKLM-x32\...\cae43f19-b904-445a-8d22-0bf7c177726b_is1) (Version: 1.0.27.39844 - Alza.cz a.s.)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Banished v1.0.0 32-bit (HKLM-x32\...\{2AB66B5F-2613-477F-A4B1-CB2E8C7A2943}) (Version: 1.0.0 - Shining Rock Software LLC)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
Codec Pack - All In 1 6.0.3.0 (HKLM-x32\...\Cool's_Codec_pack_4.12) (Version: - )
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Český Jazyk 2 verze 2.30 (HKLM-x32\...\{84649EB1-E7CC-4CE7-A4CE-D0113D9B75C9}_is1) (Version: 2.30 - Nakladatelství Nová Škola)
Český jazyk 6 (instalace na disk) (HKLM-x32\...\Český jazyk 6 (instalace na disk)) (Version: - )
ČJ4 - Pravopisná cvičení (doporučená instalace) (HKLM-x32\...\ČJ4 - Pravopisná cvičení (doporučená instalace)) (Version: - )
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Fallout Collection (HKLM-x32\...\Fallout Collection) (Version: - )
FlexiBooks (HKU\S-1-5-21-3406515104-517183750-3566915376-1002\...\eaadb22a7fda717f) (Version: 3.0.5.17 - Fraus Media spol. s r.o.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Geeks3D.com FurMark 1.9.1 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version: - )
GOG.com The Settlers 4 GOLD (HKLM\...\{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HD Tune Pro 5.00 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Heroes of Might and Magic III Complete (HKLM-x32\...\InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt)
Heroes of Might and Magic III Complete (x32 Version: 1.00.0000 - CD Projekt) Hidden
Já a můj svět 1 (HKLM-x32\...\Já a můj svět 1) (Version: - )
Já a můj svět 3 (HKLM-x32\...\Já a můj svět 3) (Version: - )
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Konung: Legend of the North (HKLM-x32\...\Konung: Legend of the North) (Version: - )
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version: - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Patch v4.17b Update (HKLM-x32\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version: - RUNEFORGE Games Studios)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)
Prvouka 2 verze 2.25 (HKLM-x32\...\{D3DEEB20-6BA0-458C-A619-0D7C0B240818}_is1) (Version: 2.25 - Nakladatelství Nová Škola)
Prvouka 3 verze 2.25 (HKLM-x32\...\{AC52D51B-92CB-4D1C-8F6F-242578B0CB4D}_is1) (Version: 2.25 - Nakladatelství Nová Škola)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6358 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Rise of Nations Thrones and Patriots (HKLM-x32\...\RiseofNationsExpansion 1.0) (Version: - )
Seven Kingdoms AA (HKLM-x32\...\7kaa) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Slabikář se Samem verze 2.25 (HKLM-x32\...\{770E3496-387C-4BE7-A2A3-10142ED83A68}_is1) (Version: 2.25 - Nakladatelství Nová škola Brno)
Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.2.0.8 - GOG.com)
Stronghold HD (HKLM-x32\...\GOGPACKSTRONGHOLDHD_is1) (Version: 2.1.0.4 - GOG.com)
StrongholdCrusader (HKLM\...\{5a56ddf5-f2fd-4a53-b852-909002f9df30}.sdb) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Guild 2 - Pirates of the European Seas (HKLM-x32\...\The Guild 2 - Pirates of the European Seas) (Version: V 1.20 - JoWood)
The Guild II (HKLM-x32\...\The Guild II) (Version: - )
The Settlers IV GOLD (HKLM-x32\...\GOGPACKSETTLERS4GOLD_is1) (Version: 2.0.0.4 - GOG.com)
Theme Hospital (HKLM-x32\...\GOGPACKTHEMEHOSPITAL_is1) (Version: 2.0.0.5 - GOG.com)
Tropico 3 (HKLM-x32\...\{6CA1CD8C-2D65-491E-9467-00A3ACA4A0A9}) (Version: 1.00.0000 - Kalypso)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-3406515104-517183750-3566915376-1002\...\Warcraft III) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Živá Abeceda verze 2.25 (HKLM-x32\...\{968A4FBF-C1CE-4CC6-8BD2-0949BD9DD816}_is1) (Version: 2.25 - Nakladatelství Nová Škola)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AA15C88-A299-47CD-AD38-69CF10248F79} - System32\Tasks\{63A4ED5A-63D8-4236-888F-EE3E1064EFE5} => pcalua.exe -a C:\Users\Jana\Downloads\forge-1.7.10-10.13.4.1564-1.7.10-installer-win.exe -d C:\Users\Jana\Downloads
Task: {3BBC09A3-24B1-4DB1-97FC-B6D893C99B86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7781D43F-DACB-4621-B48C-66063BB70B4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {DACBC92E-996B-42D1-BB0A-9083C4B9B189} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E937DFDF-C085-4FF2-B67E-39EC37490704} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Jana\AppData\Local\Microsoft\Windows\GameExplorer\{5DDD898C-C750-4CBB-8612-186BB32254BC}\SupportTasks\1\Podpora.lnk -> hxxp://www.gatheringofdevelopers.com/
Shortcut: C:\Users\Jana\AppData\Local\Microsoft\Windows\GameExplorer\{5DDD898C-C750-4CBB-8612-186BB32254BC}\SupportTasks\0\Další hry od společnosti Microsoft.lnk -> hxxp://crusader.godgames.com/
Shortcut: C:\Users\Jana\AppData\Local\Microsoft\Windows\GameExplorer\{21D6DDDD-286B-44E1-A6CA-596655AE88C5}\SupportTasks\1\Podpora.lnk -> hxxp://support.microsoft.com/
Shortcut: C:\Users\Jana\AppData\Local\Microsoft\Windows\GameExplorer\{21D6DDDD-286B-44E1-A6CA-596655AE88C5}\SupportTasks\0\Další hry od společnosti Microsoft.lnk -> hxxp://www.riseofnations.com/
Shortcut: C:\Users\Jana\AppData\Local\Microsoft\Windows\GameExplorer\{0740C939-66FD-47DC-B629-D5276821B0F4}\SupportTasks\0\Podpora.lnk -> hxxp://microsoft.com/support//

==================== Loaded Modules (Whitelisted) ==============

2012-12-19 16:32 - 2012-12-19 16:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-09-01 10:11 - 2016-08-31 04:16 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\libglesv2.dll
2016-09-01 10:11 - 2016-08-31 04:16 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\libegl.dll
2012-08-18 18:07 - 2011-10-21 10:06 - 03518976 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe
2012-08-18 18:07 - 2010-12-02 17:56 - 00815104 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\Data\X7_5Mode\Forms\OSD_Text\OSD_Text.dll
2012-08-18 18:07 - 2011-01-09 20:45 - 00088064 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\DLL\DLL_MouseDeviceManager.dll
2012-08-18 18:07 - 2011-04-06 16:06 - 00067072 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\DLL\DLL_PenSuit.dll
2012-08-18 18:07 - 2011-06-22 10:54 - 02328064 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\Data\X7_5Mode\Forms\ScreenCapture\ScreenCapture.dll
2012-08-18 18:07 - 2011-03-21 19:33 - 00999424 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\Data\X7_5Mode\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2012-08-18 18:07 - 2011-05-20 16:52 - 00901632 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\Data\X7_5Mode\Forms\ProfileHint\ProfileHint.dll
2012-08-18 18:07 - 2010-12-03 14:43 - 00943104 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\Data\X7_5Mode\Forms\KeySettingRemind\KeySettingRemind.dll
2012-08-18 18:07 - 2010-09-20 14:18 - 00085504 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\DLL\DLL_ZoomControl.dll
2012-08-18 18:07 - 2010-09-20 14:18 - 00054272 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\DLL\DLL_ScrollbarControl.dll
2012-08-18 18:07 - 2011-04-12 15:14 - 00063488 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\DLL\DLL_AnalyzeGesturesInRight.dll
2012-08-18 18:07 - 2010-11-01 20:16 - 00062976 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\DLL\DLL_AnalyzeGesturesInOne.dll
2012-08-18 18:07 - 2011-03-29 15:09 - 00117760 _____ () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\DLL\DLL_Wheel4D.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys [2816]
AlternateDataStreams: C:\Users\All Users:gs5sys [2816]
AlternateDataStreams: C:\Users\Jana:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\Data aplikací:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\Šablony:gs5sys [2560]
AlternateDataStreams: C:\Users\Jana\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\Jana\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3406515104-517183750-3566915376-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Křivánek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D107AF7D-7077-45B1-83BD-260C88FEC108}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{13431BE2-1DB9-46A4-8F65-63E036578312}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{C0DDB5CE-73B7-4F74-BE55-9016E5FC05C0}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DF21D50A-9EC0-4137-AB20-221DCEE103A4}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{00166631-B3A9-40E1-A541-3E07E73E4552}C:\hry\age of mythology\aom.exe] => (Allow) C:\hry\age of mythology\aom.exe
FirewallRules: [UDP Query User{52FF4154-AA3B-44A3-82E5-EE277CB67E5C}C:\hry\age of mythology\aom.exe] => (Allow) C:\hry\age of mythology\aom.exe
FirewallRules: [TCP Query User{F06502EA-71F1-4363-98E7-70A078410899}C:\hry\age of mythology\aomx.exe] => (Allow) C:\hry\age of mythology\aomx.exe
FirewallRules: [UDP Query User{5E08CDFD-E93F-4AC6-A5E4-9FFDC2638501}C:\hry\age of mythology\aomx.exe] => (Allow) C:\hry\age of mythology\aomx.exe
FirewallRules: [TCP Query User{7112AD1C-E82C-4DB4-89D8-1DDB94955546}C:\hry\the guild ii\guildii.exe] => (Allow) C:\hry\the guild ii\guildii.exe
FirewallRules: [UDP Query User{C068BA75-EAF7-42B9-9E92-DAD8FAFE3EC4}C:\hry\the guild ii\guildii.exe] => (Allow) C:\hry\the guild ii\guildii.exe
FirewallRules: [TCP Query User{8DF6126E-1E20-429C-8A36-3EC3620F3356}C:\hry\the guild 2 - pirates of the european seas\guildii.exe] => (Allow) C:\hry\the guild 2 - pirates of the european seas\guildii.exe
FirewallRules: [UDP Query User{BCA46A20-1B2D-457F-8F0F-B9CA285AFE17}C:\hry\the guild 2 - pirates of the european seas\guildii.exe] => (Allow) C:\hry\the guild 2 - pirates of the european seas\guildii.exe
FirewallRules: [TCP Query User{4CDFAC0B-C9CD-43E6-8340-B4A4C0FB8E3C}C:\hry\the guild 2 - renaissance\guildii.exe] => (Allow) C:\hry\the guild 2 - renaissance\guildii.exe
FirewallRules: [UDP Query User{13895A13-2263-4B8D-AE43-5F624EDC7174}C:\hry\the guild 2 - renaissance\guildii.exe] => (Allow) C:\hry\the guild 2 - renaissance\guildii.exe
FirewallRules: [{A82D9573-8E35-4D16-85A0-BDFE0BC72E0A}] => (Allow) C:\Program Files (x86)\Kalypso\Tropico 3\tropico3.exe
FirewallRules: [{7D375474-4B2E-403C-8D27-099C590F989E}] => (Allow) C:\Program Files (x86)\Kalypso\Tropico 3\tropico3.exe
FirewallRules: [TCP Query User{7AF6357E-6A0E-475F-A58D-BFB385D045F9}C:\hry\heroes 3 complete\heroes3.exe] => (Allow) C:\hry\heroes 3 complete\heroes3.exe
FirewallRules: [UDP Query User{6075FF0A-2602-4F0D-B951-0CF56A30046A}C:\hry\heroes 3 complete\heroes3.exe] => (Allow) C:\hry\heroes 3 complete\heroes3.exe
FirewallRules: [TCP Query User{0DA9CB13-C48C-4B05-800B-DB189FF8DB2E}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{623F7E40-9EDE-4237-B257-DB5F18886FBA}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{8F132BB1-567E-4351-9739-873D7715FFD7}C:\hry\stronghold hd\stronghold.exe] => (Allow) C:\hry\stronghold hd\stronghold.exe
FirewallRules: [UDP Query User{EF4C6142-562E-407A-8D3E-1EE571B99B1B}C:\hry\stronghold hd\stronghold.exe] => (Allow) C:\hry\stronghold hd\stronghold.exe
FirewallRules: [TCP Query User{1B4C9285-4B85-4C95-A92A-A8B88AC61824}C:\hry\rise of nations\patriots.exe] => (Allow) C:\hry\rise of nations\patriots.exe
FirewallRules: [UDP Query User{AFC2B7AF-767F-4280-A115-CBC2A368C13C}C:\hry\rise of nations\patriots.exe] => (Allow) C:\hry\rise of nations\patriots.exe
FirewallRules: [TCP Query User{09D23C7F-0D1C-4EF8-9AD1-B49001DA5D79}C:\hry\stronghold crusader extreme hd\stronghold_crusader_extreme.exe] => (Allow) C:\hry\stronghold crusader extreme hd\stronghold_crusader_extreme.exe
FirewallRules: [UDP Query User{F3CA1747-297B-4A11-9CD2-B1DB73AEC800}C:\hry\stronghold crusader extreme hd\stronghold_crusader_extreme.exe] => (Allow) C:\hry\stronghold crusader extreme hd\stronghold_crusader_extreme.exe
FirewallRules: [TCP Query User{8185A31A-BA78-460F-AE9C-08C5672AAA62}C:\hry\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) C:\hry\stronghold crusader extreme hd\stronghold crusader.exe
FirewallRules: [UDP Query User{854986D2-D529-4974-967F-997BE959240C}C:\hry\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) C:\hry\stronghold crusader extreme hd\stronghold crusader.exe
FirewallRules: [TCP Query User{3842C947-7227-417F-9199-1C5EE03EAA49}C:\hry\seven kingdoms\7kaa.exe] => (Allow) C:\hry\seven kingdoms\7kaa.exe
FirewallRules: [UDP Query User{CC255E7C-92CF-4391-914B-A1FDBB0A0FEF}C:\hry\seven kingdoms\7kaa.exe] => (Allow) C:\hry\seven kingdoms\7kaa.exe
FirewallRules: [{74CD1556-A74B-4CFB-96F9-BDE93F8C7508}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{304C3EAC-1F5C-4FBE-A94E-2E40C9051C08}C:\hry\the settlers iv gold\exe\s4_main.exe] => (Allow) C:\hry\the settlers iv gold\exe\s4_main.exe
FirewallRules: [UDP Query User{C3EED933-DDAD-4CCD-88E9-1164597AEB3F}C:\hry\the settlers iv gold\exe\s4_main.exe] => (Allow) C:\hry\the settlers iv gold\exe\s4_main.exe
FirewallRules: [TCP Query User{B0934A75-CAC8-45F7-9446-98CD9C139699}C:\hry\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\hry\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{DBF29920-4F91-4941-9185-DD615C8426ED}C:\hry\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\hry\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{ADB6CE9F-22D9-45CF-8106-023F20F31672}C:\hry\dungeon keeper 2\dkii-dx.exe] => (Allow) C:\hry\dungeon keeper 2\dkii-dx.exe
FirewallRules: [UDP Query User{9F1FDD12-B5CE-4460-B56F-576BA9EF60B6}C:\hry\dungeon keeper 2\dkii-dx.exe] => (Allow) C:\hry\dungeon keeper 2\dkii-dx.exe
FirewallRules: [TCP Query User{20EE5177-84C6-42A4-AC5C-62BC10C41D51}C:\hry\knights and merchants\km_tpr.exe] => (Allow) C:\hry\knights and merchants\km_tpr.exe
FirewallRules: [UDP Query User{E442CE7E-3FE0-4B6B-ADFA-04902987AE96}C:\hry\knights and merchants\km_tpr.exe] => (Allow) C:\hry\knights and merchants\km_tpr.exe
FirewallRules: [TCP Query User{45F2DB8B-89BD-4DF5-86B5-9C2C019BD00E}C:\hry\wolfenstein - enemy territory\et.exe] => (Allow) C:\hry\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{4B757D34-5488-4678-B598-F7C4E466B7FC}C:\hry\wolfenstein - enemy territory\et.exe] => (Allow) C:\hry\wolfenstein - enemy territory\et.exe
FirewallRules: [{D657E915-0A48-4441-A675-B228BF0B4800}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{29303EF8-4F5F-4490-ACB8-F010AD368A0E}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{29F1929C-6B98-479A-BF6D-25ADD6C4A9CA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3A09D1CB-BE52-4AF6-B250-E13F804A7CAA}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{12A91C44-17F1-49C9-9C1B-564ED13D5A64}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

==================== Restore Points =========================

01-09-2016 11:49:02 Removed BlueStacks App Player
02-09-2016 09:53:19 Removed Samsung Kies
03-09-2016 14:07:03 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2016 01:55:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/03/2016 09:11:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2016 09:45:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2016 05:26:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Kies.exe, verze: 1.0.0.1821, časové razítko: 0x5357afa9
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23418, časové razítko: 0x5708a7e4
Kód výjimky: 0xe0434352
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0xc20
Čas spuštění chybující aplikace: 0x01d2046525ba3693
Cesta k chybující aplikaci: C:\Program Files (x86)\Samsung\Kies\Kies.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 646092b2-7058-11e6-b285-50e54955b81b

Error: (09/01/2016 05:26:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Kies.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ComponentModel.Win32Exception
na System.Diagnostics.ProcessManager.OpenProcess(Int32, Int32, Boolean)
na System.Diagnostics.Process.GetProcessHandle(Int32, Boolean)
na System.Diagnostics.Process.OpenProcessHandle(Int32)
na System.Diagnostics.Process.get_Handle()
na Kies.App.CheckExistenceTrayAgent()
na Kies.App..ctor()
na Kies.App.Main()

Error: (09/01/2016 11:52:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Kies.exe, verze: 1.0.0.1821, časové razítko: 0x5357afa9
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23418, časové razítko: 0x5708a7e4
Kód výjimky: 0xe0434352
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0xc9c
Čas spuštění chybující aplikace: 0x01d204368e1fc5da
Cesta k chybující aplikaci: C:\Program Files (x86)\Samsung\Kies\Kies.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: cd9dd4d6-7029-11e6-b285-50e54955b81b

Error: (09/01/2016 11:52:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Kies.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ComponentModel.Win32Exception
na System.Diagnostics.ProcessManager.OpenProcess(Int32, Int32, Boolean)
na System.Diagnostics.Process.GetProcessHandle(Int32, Boolean)
na System.Diagnostics.Process.OpenProcessHandle(Int32)
na System.Diagnostics.Process.get_Handle()
na Kies.App.CheckExistenceTrayAgent()
na Kies.App..ctor()
na Kies.App.Main()

Error: (09/01/2016 10:22:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2016 08:46:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/31/2016 06:02:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Kies.exe, verze: 1.0.0.1821, časové razítko: 0x5357afa9
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23418, časové razítko: 0x5708a7e4
Kód výjimky: 0xe0434352
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x770
Čas spuštění chybující aplikace: 0x01d203a113da2b05
Cesta k chybující aplikaci: C:\Program Files (x86)\Samsung\Kies\Kies.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 5355b2bb-6f94-11e6-b65a-50e54955b81b


System errors:
=============
Error: (09/03/2016 01:52:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (09/03/2016 01:51:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (09/03/2016 01:51:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (09/03/2016 01:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PMBDeviceInfoProvider byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/03/2016 01:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Skype Click to Call PNR Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/03/2016 01:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Skype Click to Call Updater byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/03/2016 01:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/03/2016 01:51:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba AlzaMedia-Autoupdate byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (09/03/2016 01:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/03/2016 01:51:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 631 Quad-Core Processor
Percentage of memory in use: 45%
Total physical RAM: 4093.37 MB
Available physical RAM: 2234.76 MB
Total Virtual: 8184.92 MB
Available Virtual: 5788.47 MB

==================== Drives ================================

Drive c: (Systém) (Fixed) (Total:114.16 GB) (Free:22.73 GB) NTFS
Drive d: (Data) (Fixed) (Total:118.63 GB) (Free:68.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A7A4F9B3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=114.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=118.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Preventivka

Napsal: 03 zář 2016 19:34
od Rudy
Potřebuji vidět i log FRST. Toto je pouze Additional.

Re: Preventivka

Napsal: 04 zář 2016 15:53
od Jirka K.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Jana (administrator) on KŘIVÁNEK-PC (04-09-2016 16:40:23)
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana (Available Profiles: Křivánek & Jana)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alza.cz a.s.) C:\Program Files (x86)\Alza Media\v1.0.27.39844\AlzaMediaAutoupdateService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\...\Run: [OscarX7Mouse5Mode] => C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe [3518976 2011-10-21] ()
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{582E5871-F563-4527-9641-23675C37B3F1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-31] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-31] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-31] (Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Skype) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-08-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]
CHR Extension: (Gmail) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlzaMedia-Autoupdate; C:\Program Files (x86)\Alza Media\v1.0.27.39844\AlzaMediaAutoupdateService.exe [48000 2014-10-03] (Alza.cz a.s.) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [135584 2011-12-09] (Futuremark Corporation)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11832 2010-06-29] (Advanced Micro Devices Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S4 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2002-10-08] () [File not signed]
S3 ALSysIO; \??\C:\Users\KIVNEK~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz135; \??\C:\Users\KIVNEK~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-04 16:40 - 2016-09-04 16:40 - 00013343 _____ C:\Users\Jana\Desktop\FRST.txt
2016-09-04 09:24 - 2016-09-04 11:33 - 00000000 ____D C:\Users\Křivánek\AppData\Local\LogMeIn Hamachi
2016-09-04 09:24 - 2016-09-04 09:24 - 00000000 ____D C:\Users\Křivánek\AppData\Local\LogMeIn
2016-09-04 01:19 - 2016-09-04 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-09-04 01:19 - 2016-09-04 01:19 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-09-04 01:18 - 2016-09-04 16:34 - 00000000 ____D C:\Users\Jana\AppData\Local\LogMeIn Hamachi
2016-09-04 01:14 - 2016-09-04 02:14 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-09-04 01:14 - 2016-09-04 02:14 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-09-04 01:13 - 2016-09-04 01:13 - 00000000 ____D C:\Users\Jana\AppData\Local\LogMeIn
2016-09-04 01:13 - 2016-09-04 01:13 - 00000000 ____D C:\ProgramData\LogMeIn
2016-09-04 01:13 - 2016-07-20 12:08 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-09-04 01:06 - 2016-09-04 01:07 - 08364032 _____ C:\Users\Jana\Downloads\hamachi.msi
2016-09-03 13:49 - 2016-09-03 13:52 - 00000000 ____D C:\AdwCleaner
2016-09-03 13:49 - 2016-09-03 13:49 - 03826240 _____ C:\Users\Křivánek\Desktop\adwcleaner_6.010.exe
2016-09-01 12:00 - 2016-09-01 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe
2016-09-01 11:59 - 2016-09-04 16:40 - 00000000 ____D C:\FRST
2016-09-01 11:58 - 2016-09-01 11:59 - 02397696 _____ (Farbar) C:\Users\Jana\Desktop\FRST64.exe
2016-09-01 11:50 - 2016-09-01 11:50 - 00000000 ____D C:\Users\Jana\AppData\Local\BlueStacks
2016-08-28 13:26 - 2016-08-28 13:26 - 00274760 _____ C:\Windows\Minidump\082816-327648-01.dmp
2016-08-23 18:17 - 2016-08-23 18:18 - 00000000 ____D C:\Users\Křivánek\Desktop\čebín výplaty
2016-08-17 07:51 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 07:51 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-10 13:32 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 13:32 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 13:32 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 13:32 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 13:32 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 13:32 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 13:32 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 13:32 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 13:32 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 13:32 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 13:32 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 13:32 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 13:32 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 13:32 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 13:32 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 13:31 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 13:31 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 13:31 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 13:31 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 13:31 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 13:31 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 13:31 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 13:31 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 13:31 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 13:31 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 13:31 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 13:31 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 13:31 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 13:31 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 13:31 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 13:31 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 13:31 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 13:31 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 13:31 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 13:31 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 13:31 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 13:31 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 13:31 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 13:31 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 13:31 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 13:31 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 13:31 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 13:31 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 13:31 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 13:31 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 13:31 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 13:31 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 13:31 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 13:31 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 13:31 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 13:31 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 13:31 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 13:31 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 13:31 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 13:31 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 13:31 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 13:31 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 13:31 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 13:31 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 13:31 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 13:31 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 13:31 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 13:31 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 13:31 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 13:31 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 13:31 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 13:31 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 13:31 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 13:31 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 13:31 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 13:31 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 13:31 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 13:31 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 13:31 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 13:31 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 13:31 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 13:31 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 13:31 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 13:31 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-05 09:05 - 2016-08-05 09:05 - 03142240 _____ C:\Users\Jana\Downloads\drobna-laskavost.pdf
2016-08-05 09:04 - 2016-08-05 09:04 - 01865834 _____ C:\Users\Jana\Downloads\cesta-za-laskou.pdf
2016-08-05 09:04 - 2016-08-05 09:04 - 01828434 _____ C:\Users\Jana\Downloads\bourkova-fronta.pdf
2016-08-05 09:03 - 2016-08-05 09:03 - 03019904 _____ C:\Users\Jana\Downloads\drobna-laskavost.mobi
2016-08-05 09:03 - 2016-08-05 09:03 - 02226938 _____ C:\Users\Jana\Downloads\bourkova-fronta.mobi
2016-08-05 09:02 - 2016-08-05 09:02 - 06277894 _____ C:\Users\Jana\Downloads\cesta-za-laskou.mobi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-04 16:40 - 2014-08-04 16:06 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Skype
2016-09-04 16:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-04 11:32 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-04 11:32 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-04 11:30 - 2012-10-13 14:36 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-03 21:13 - 2013-09-28 11:01 - 00000000 ____D C:\Users\Křivánek\AppData\Local\Google
2016-09-02 09:56 - 2014-05-11 16:37 - 00000000 ____D C:\ProgramData\Samsung
2016-09-02 09:56 - 2014-05-11 16:22 - 00000000 ____D C:\Users\Křivánek\AppData\Roaming\Samsung
2016-09-02 09:56 - 2014-05-11 16:21 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-09-02 09:56 - 2012-04-03 19:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-01 12:15 - 2012-04-27 22:53 - 00000000 ____D C:\Hry
2016-09-01 11:50 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-01 10:11 - 2013-07-17 14:31 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-31 09:49 - 2016-02-04 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory
2016-08-30 10:08 - 2015-09-14 15:05 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-29 22:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-28 13:26 - 2012-04-05 20:36 - 00000000 ____D C:\Windows\Minidump
2016-08-28 00:22 - 2014-09-16 17:49 - 00000000 ____D C:\Users\Jana\Documents\Activprimary3
2016-08-27 14:22 - 2011-04-12 10:34 - 00668882 _____ C:\Windows\system32\perfh005.dat
2016-08-27 14:22 - 2011-04-12 10:34 - 00141542 _____ C:\Windows\system32\perfc005.dat
2016-08-27 14:22 - 2009-07-14 07:13 - 01584626 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-27 14:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-27 14:21 - 2016-01-20 01:17 - 00000000 ____D C:\Users\Jana\Desktop\Školní 2016
2016-08-18 11:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-11 08:42 - 2009-07-14 06:45 - 00306536 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-11 01:16 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-08-11 01:08 - 2012-04-03 20:31 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 20:01 - 2016-06-21 19:24 - 00000000 ____D C:\Users\Jana\Desktop\Erbenova - náměty

==================== Files in the root of some directories =======

2015-02-20 01:17 - 2015-02-20 01:18 - 0003072 _____ () C:\Users\Jana\AppData\Local\file__0.localstorage
2015-09-06 23:23 - 2015-09-06 23:23 - 0032038 _____ () C:\Users\Jana\AppData\Local\SquareClock.Production_Home_Siko_WebIcon.ico
2016-02-07 12:45 - 2016-02-07 12:45 - 0000000 _____ () C:\Users\Jana\AppData\Local\{7D8FAFCB-BA39-4421-BF23-A10C978EB026}

Some files in TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\Jana\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Jana\AppData\Local\Temp\uninstall.exe
C:\Users\Křivánek\AppData\Local\Temp\libeay32.dll
C:\Users\Křivánek\AppData\Local\Temp\msvcr120.dll
C:\Users\Křivánek\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jana\Desktop" je 35 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Preventivka

Napsal: 04 zář 2016 16:00
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
C:\Users\Jana\AppData\Local\Temp
C:\Users\Křivánek\AppData\Local\Temp
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData:gs5sys [2816]
AlternateDataStreams: C:\Users\All Users:gs5sys [2816]
AlternateDataStreams: C:\Users\Jana:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\Data aplikací:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\Šablony:gs5sys [2560]
AlternateDataStreams: C:\Users\Jana\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\Jana\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Preventivka

Napsal: 04 zář 2016 21:02
od Jirka K.
Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Jana (04-09-2016 21:35:49) Run:1
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana (Available Profiles: Křivánek & Jana)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
C:\Users\Jana\AppData\Local\Temp
C:\Users\Křivánek\AppData\Local\Temp
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData:gs5sys [2816]
AlternateDataStreams: C:\Users\All Users:gs5sys [2816]
AlternateDataStreams: C:\Users\Jana:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\Data aplikací:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\Šablony:gs5sys [2560]
AlternateDataStreams: C:\Users\Jana\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\Jana\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Jana\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2560]
End
*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
"C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx" => not found.

"C:\Users\Jana\AppData\Local\Temp" folder move:

Could not move "C:\Users\Jana\AppData\Local\Temp" => Scheduled to move on reboot.

C:\Users\Křivánek\AppData\Local\Temp => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\Jana => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
"C:\ProgramData\Data aplikací" => ":gs5sys" ADS not found.
"C:\ProgramData\Templates" => ":gs5sys" ADS not found.
"C:\ProgramData\Šablony" => ":gs5sys" ADS not found.
"C:\Users\Jana\Data aplikací" => ":gs5sys" ADS not found.
"C:\Users\Jana\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\Jana\Soubory cookie" => ":gs5sys" ADS not found.
"C:\Users\Jana\Šablony" => ":gs5sys" ADS not found.
C:\Users\Jana\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Jana\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\Jana\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\Jana\AppData\Local\Data aplikací" => ":gs5sys" ADS not found.
"C:\Users\Jana\AppData\Local\History" => ":gs5sys" ADS not found.
C:\Users\Jana\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-09-2016 21:38:57)

C:\Users\Jana\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:38:58 ====

Re: Preventivka

Napsal: 04 zář 2016 21:27
od Rudy
Smazáno. Log by již měl být OK.

Re: Preventivka

Napsal: 05 zář 2016 13:42
od Jirka K.
Přikládám log, pokud je vše ok, díky za spolupráci.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Jana (administrator) on KŘIVÁNEK-PC (05-09-2016 14:33:27)
Running from C:\Users\Jana\Desktop
Loaded Profiles: Křivánek & Jana (Available Profiles: Křivánek & Jana)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alza.cz a.s.) C:\Program Files (x86)\Alza Media\v1.0.27.39844\AlzaMediaAutoupdateService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKU\S-1-5-21-3406515104-517183750-3566915376-1000\...\MountPoints2: {11b4bc73-7de7-11e1-bf4c-806e6f6e6963} - E:\ppk.exe
HKU\S-1-5-21-3406515104-517183750-3566915376-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\...\Run: [OscarX7Mouse5Mode] => C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe [3518976 2011-10-21] ()
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{582E5871-F563-4527-9641-23675C37B3F1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3406515104-517183750-3566915376-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3406515104-517183750-3566915376-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-31] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-31] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3406515104-517183750-3566915376-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]
CHR Extension: (Gmail) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlzaMedia-Autoupdate; C:\Program Files (x86)\Alza Media\v1.0.27.39844\AlzaMediaAutoupdateService.exe [48000 2014-10-03] (Alza.cz a.s.) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [135584 2011-12-09] (Futuremark Corporation)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11832 2010-06-29] (Advanced Micro Devices Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S4 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2002-10-08] () [File not signed]
S3 ALSysIO; \??\C:\Users\KIVNEK~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz135; \??\C:\Users\KIVNEK~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 14:33 - 2016-09-05 14:33 - 00013289 _____ C:\Users\Jana\Desktop\FRST.txt
2016-09-04 21:35 - 2016-09-04 21:38 - 00006839 _____ C:\Users\Jana\Desktop\Fixlog.txt
2016-09-04 09:24 - 2016-09-05 14:19 - 00000000 ____D C:\Users\Křivánek\AppData\Local\LogMeIn Hamachi
2016-09-04 09:24 - 2016-09-04 09:24 - 00000000 ____D C:\Users\Křivánek\AppData\Local\LogMeIn
2016-09-04 01:19 - 2016-09-04 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-09-04 01:19 - 2016-09-04 01:19 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-09-04 01:18 - 2016-09-05 14:28 - 00000000 ____D C:\Users\Jana\AppData\Local\LogMeIn Hamachi
2016-09-04 01:14 - 2016-09-04 02:14 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-09-04 01:14 - 2016-09-04 02:14 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-09-04 01:13 - 2016-09-04 01:13 - 00000000 ____D C:\Users\Jana\AppData\Local\LogMeIn
2016-09-04 01:13 - 2016-09-04 01:13 - 00000000 ____D C:\ProgramData\LogMeIn
2016-09-04 01:13 - 2016-07-20 12:08 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-09-04 01:06 - 2016-09-04 01:07 - 08364032 _____ C:\Users\Jana\Downloads\hamachi.msi
2016-09-03 13:49 - 2016-09-03 13:52 - 00000000 ____D C:\AdwCleaner
2016-09-03 13:49 - 2016-09-03 13:49 - 03826240 _____ C:\Users\Křivánek\Desktop\adwcleaner_6.010.exe
2016-09-01 12:00 - 2016-09-01 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe
2016-09-01 11:59 - 2016-09-05 14:33 - 00000000 ____D C:\FRST
2016-09-01 11:58 - 2016-09-01 11:59 - 02397696 _____ (Farbar) C:\Users\Jana\Desktop\FRST64.exe
2016-09-01 11:50 - 2016-09-01 11:50 - 00000000 ____D C:\Users\Jana\AppData\Local\BlueStacks
2016-08-28 13:26 - 2016-08-28 13:26 - 00274760 _____ C:\Windows\Minidump\082816-327648-01.dmp
2016-08-23 18:17 - 2016-08-23 18:18 - 00000000 ____D C:\Users\Křivánek\Desktop\čebín výplaty
2016-08-17 07:51 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 07:51 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-10 13:32 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 13:32 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 13:32 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 13:32 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 13:32 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 13:32 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 13:32 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 13:32 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 13:32 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 13:32 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 13:32 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 13:32 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 13:32 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 13:32 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 13:32 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 13:32 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 13:32 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 13:31 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 13:31 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 13:31 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 13:31 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 13:31 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 13:31 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 13:31 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 13:31 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 13:31 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 13:31 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 13:31 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 13:31 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 13:31 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 13:31 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 13:31 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 13:31 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 13:31 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 13:31 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 13:31 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 13:31 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 13:31 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 13:31 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 13:31 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 13:31 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 13:31 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 13:31 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 13:31 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 13:31 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 13:31 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 13:31 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 13:31 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 13:31 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 13:31 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 13:31 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 13:31 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 13:31 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 13:31 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 13:31 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 13:31 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 13:31 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 13:31 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 13:31 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 13:31 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 13:31 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 13:31 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 13:31 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 13:31 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 13:31 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 13:31 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 13:31 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 13:31 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 13:31 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 13:31 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 13:31 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 13:31 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 13:31 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 13:31 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 13:31 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 13:31 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 13:31 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 13:31 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 13:31 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 13:31 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 13:31 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 14:30 - 2012-10-13 14:36 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-05 14:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-04 22:54 - 2014-08-04 16:06 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Skype
2016-09-04 22:16 - 2016-01-17 14:28 - 00000000 ____D C:\Users\Jana\AppData\Roaming\.minecraft
2016-09-04 22:09 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-04 22:09 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-04 22:06 - 2014-10-10 14:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-04 22:06 - 2014-08-04 16:06 - 00000000 ____D C:\ProgramData\Skype
2016-09-03 21:13 - 2013-09-28 11:01 - 00000000 ____D C:\Users\Křivánek\AppData\Local\Google
2016-09-02 09:56 - 2014-05-11 16:37 - 00000000 ____D C:\ProgramData\Samsung
2016-09-02 09:56 - 2014-05-11 16:22 - 00000000 ____D C:\Users\Křivánek\AppData\Roaming\Samsung
2016-09-02 09:56 - 2014-05-11 16:21 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-09-02 09:56 - 2012-04-03 19:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-01 12:15 - 2012-04-27 22:53 - 00000000 ____D C:\Hry
2016-09-01 11:50 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-01 10:11 - 2013-07-17 14:31 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-31 09:49 - 2016-02-04 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory
2016-08-30 10:08 - 2015-09-14 15:05 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-29 22:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-28 13:26 - 2012-04-05 20:36 - 00000000 ____D C:\Windows\Minidump
2016-08-28 00:22 - 2014-09-16 17:49 - 00000000 ____D C:\Users\Jana\Documents\Activprimary3
2016-08-27 14:22 - 2011-04-12 10:34 - 00668882 _____ C:\Windows\system32\perfh005.dat
2016-08-27 14:22 - 2011-04-12 10:34 - 00141542 _____ C:\Windows\system32\perfc005.dat
2016-08-27 14:22 - 2009-07-14 07:13 - 01584626 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-27 14:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-27 14:21 - 2016-01-20 01:17 - 00000000 ____D C:\Users\Jana\Desktop\Školní 2016
2016-08-18 11:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-11 08:42 - 2009-07-14 06:45 - 00306536 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-11 01:16 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-08-11 01:08 - 2012-04-03 20:31 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 20:01 - 2016-06-21 19:24 - 00000000 ____D C:\Users\Jana\Desktop\Erbenova - náměty

==================== Files in the root of some directories =======

2015-02-20 01:17 - 2015-02-20 01:18 - 0003072 _____ () C:\Users\Jana\AppData\Local\file__0.localstorage
2015-09-06 23:23 - 2015-09-06 23:23 - 0032038 _____ () C:\Users\Jana\AppData\Local\SquareClock.Production_Home_Siko_WebIcon.ico
2016-02-07 12:45 - 2016-02-07 12:45 - 0000000 _____ () C:\Users\Jana\AppData\Local\{7D8FAFCB-BA39-4421-BF23-A10C978EB026}

Some files in TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jana\Desktop" je 35 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Preventivka

Napsal: 05 zář 2016 17:05
od Rudy
Log je v pořádku. :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz