Poprosil by o Preventivku

Zpráva

ponte · #1 Příspěvek od **ponte** » 02 zář 2016 16:04

Logfile of random's system information tool 1.10 (written by random/random)
Run by Drobček at 2016-09-02 16:53:42
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 43 GB (67%) free of 64 GB
Total RAM: 1787 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:54:01, on 2. 9. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
C:\Program Files\trend micro\Drobček.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {03993315-5CE9-4F00-8790-D14A94F1D91A} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus 16.0.1 (AVP16.0.1) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: klvssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

--
End of file - 5229 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 1790016
\??\C:\Windows\system32\conhost.exe "901369240218545859-7961508891388101191-1750419128-1712576859386029859-120823657
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe" -r
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe" -hidden
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=53.0.2785.89 --handshake-handle=0x90
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1860.0.970830437\1526971228" --mojo-application-channel-token=3557A9CC75B32977A191BFDCA8E24005 --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-liberal/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_12/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,13,14,15,17,30,55 --gpu-vendor-id=0x1002 --gpu-device-id=0x9712 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.970.100.1100 --gpu-driver-date=4-29-2013 --mojo-platform-channel-handle=944 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-liberal/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_12/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/ --primordial-pipe-token=D43221E4E088F1E70E23E7D9E78E6A13 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --mojo-channel-token=92D03B246DE4CB69FB0FDEF8F3BAC2B8 --mojo-application-channel-token=D43221E4E088F1E70E23E7D9E78E6A13 --channel="1860.2.652999662\1899508064" --mojo-platform-channel-handle=1624 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-liberal/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_12/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/ --primordial-pipe-token=9B1B83630110AF5D487C8C2DBBC3D0E4 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --mojo-channel-token=DB1487C5337A8AB6AE97D6F836D554B8 --mojo-application-channel-token=9B1B83630110AF5D487C8C2DBBC3D0E4 --channel="1860.9.1199225929\1436501686" --mojo-platform-channel-handle=2916 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-liberal/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_12/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/ --primordial-pipe-token=A22D1294B9A192147D046D82BB391086 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --mojo-channel-token=624F3A73191F629473FCD641F6566146 --mojo-application-channel-token=A22D1294B9A192147D046D82BB391086 --channel="1860.12.842747164\393043660" --mojo-platform-channel-handle=4308 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-liberal/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_12/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/ --primordial-pipe-token=755F8EE8E86C1ECDAFB4F14619B06484 --lang=sk --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --mojo-channel-token=D4C92512F652682C1D66E98DBDEEDCDD --mojo-application-channel-token=755F8EE8E86C1ECDAFB4F14619B06484 --channel="1860.14.1755037607\1916805501" --mojo-platform-channel-handle=1732 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-liberal/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_12/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/ --primordial-pipe-token=4F6B4E2D77CA3BE1CB6C0D37027305FD --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --mojo-channel-token=C490085FAB2224A99EF5B9F6E6FEC42B --mojo-application-channel-token=4F6B4E2D77CA3BE1CB6C0D37027305FD --channel="1860.15.114956697\609810142" --mojo-platform-channel-handle=3128 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-liberal/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_12/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/ --primordial-pipe-token=0444B63F88E9607164AFA67DE2289053 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --mojo-channel-token=D994B4F669E84E88D8DE78CE0F470363 --mojo-application-channel-token=0444B63F88E9607164AFA67DE2289053 --channel="1860.19.1224053557\1076016902" --mojo-platform-channel-handle=3288 /prefetch:1
"C:\Users\Drobček\Desktop\RSITx64.exe"
taskeng.exe {EDB575B8-068F-42AF-B222-1E85DBD2CD53}
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03993315-5CE9-4F00-8790-D14A94F1D91A}]
Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22 969696]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03993315-5CE9-4F00-8790-D14A94F1D91A}]
Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22 749024]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - Kaspersky Protection Toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22 969696]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - Kaspersky Protection Toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22 749024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-08-05 8894680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-29 98304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-09-02 16:53:43 ----D---- C:\Program Files\trend micro
2016-09-02 16:53:42 ----D---- C:\rsit
2016-09-01 12:46:16 ----D---- C:\Users\Drobček\AppData\Roaming\WinRAR
2016-09-01 12:45:45 ----D---- C:\Program Files\WinRAR
2016-08-23 14:23:56 ----D---- C:\ProgramData\Auslogics
2016-08-23 14:14:19 ----D---- C:\Users\Drobček\AppData\Roaming\qBittorrent
2016-08-23 14:13:32 ----D---- C:\Program Files (x86)\qBittorrent
2016-08-23 13:57:20 ----D---- C:\Program Files (x86)\FastShare
2016-08-23 13:47:34 ----D---- C:\Program Files (x86)\FileHippo.com
2016-08-23 13:32:11 ----D---- C:\ProgramData\ATI
2016-08-23 13:28:48 ----DC---- C:\Windows\system32\DRVSTORE
2016-08-23 13:28:48 ----A---- C:\Windows\system32\drivers\usbfilter.sys
2016-08-23 13:28:30 ----D---- C:\Program Files\ATI Technologies
2016-08-23 13:27:31 ----D---- C:\Program Files (x86)\ATI Technologies
2016-08-23 13:17:50 ----D---- C:\Program Files\Speccy
2016-08-23 13:07:53 ----A---- C:\Windows\system32\klfphc.dll
2016-08-23 13:07:25 ----D---- C:\Windows\ELAMBKUP
2016-08-23 13:07:13 ----D---- C:\ProgramData\Kaspersky Lab
2016-08-23 13:07:13 ----D---- C:\Program Files (x86)\Kaspersky Lab
2016-08-23 13:07:09 ----A---- C:\ProgramData\ntuser.dat
2016-08-23 13:06:55 ----A---- C:\Windows\system32\drivers\klif.sys
2016-08-23 13:06:55 ----A---- C:\Windows\system32\drivers\klflt.sys
2016-08-23 13:02:34 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-08-17 19:59:27 ----D---- C:\Users\Drobček\AppData\Roaming\ATI
2016-08-17 19:57:45 ----D---- C:\Program Files (x86)\AMD AVT
2016-08-17 19:57:40 ----D---- C:\Program Files (x86)\AMD APP
2016-08-17 19:57:32 ----D---- C:\Program Files\Common Files\ATI Technologies
2016-08-17 19:56:24 ----D---- C:\ProgramData\AMD
2016-08-17 19:56:22 ----A---- C:\Windows\system32\drivers\amdiox64.sys
2016-08-17 19:55:25 ----D---- C:\Program Files\ATI
2016-08-17 19:53:16 ----D---- C:\AMD
2016-08-17 19:30:09 ----D---- C:\Users\Drobček\AppData\Roaming\vlc
2016-08-17 19:29:20 ----D---- C:\Program Files\VideoLAN
2016-08-17 19:27:42 ----D---- C:\Users\Drobček\AppData\Roaming\AIMP
2016-08-17 19:27:36 ----D---- C:\Program Files (x86)\AIMP
2016-08-17 17:47:20 ----D---- C:\Program Files (x86)\Adobe
2016-08-17 17:45:57 ----D---- C:\ProgramData\Adobe
2016-08-17 17:40:44 ----D---- C:\Program Files (x86)\Google
2016-08-17 17:16:29 ----A---- C:\Windows\system32\bcmwlrc.dll
2016-08-17 17:16:28 ----A---- C:\Windows\system32\bcmwlcoi.dll
2016-08-17 17:16:28 ----A---- C:\Windows\system32\bcmihvui64.dll
2016-08-17 17:16:27 ----A---- C:\Windows\system32\bcmihvsrv64.dll
2016-08-17 17:16:26 ----A---- C:\Windows\system32\drivers\BCMWL664.SYS
2016-08-17 17:16:25 ----D---- C:\Program Files\Broadcom
2016-08-17 17:15:30 ----D---- C:\SWSetup
2016-08-17 16:39:52 ----D---- C:\Program Files (x86)\Auslogics
2016-08-17 15:52:34 ----D---- C:\Windows\Panther
2016-08-17 15:31:24 ----D---- C:\Program Files\CCleaner
2016-08-17 15:30:25 ----D---- C:\Program Files\Defraggler
2016-08-17 15:09:53 ----D---- C:\Users\Drobček\AppData\Roaming\Adobe
2016-08-17 15:09:19 ----D---- C:\Users\Drobček\AppData\Roaming\Identities
2016-08-17 15:08:37 ----SHD---- C:\Windows\Installer
2016-08-17 15:08:19 ----D---- C:\Windows\SoftwareDistribution
2016-08-17 15:08:01 ----SD---- C:\Users\Drobček\AppData\Roaming\Microsoft
2016-08-17 15:08:01 ----D---- C:\Users\Drobček\AppData\Roaming\Media Center Programs
2016-08-17 15:07:53 ----SHD---- C:\Recovery
2016-08-17 14:53:16 ----D---- C:\Windows\Prefetch
2016-08-17 14:53:09 ----SHD---- C:\System Volume Information
2016-08-17 14:53:09 ----ASH---- C:\pagefile.sys
2016-08-17 14:53:09 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2016-09-02 16:53:43 ----RD---- C:\Program Files
2016-09-02 16:46:25 ----D---- C:\Windows\Temp
2016-09-02 16:21:59 ----D---- C:\Windows\inf
2016-09-02 16:21:59 ----D---- C:\Windows
2016-09-02 13:15:02 ----D---- C:\Windows\system32\drivers
2016-09-02 13:14:59 ----D---- C:\Windows\System32
2016-09-02 13:14:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-09-02 13:14:03 ----D---- C:\Windows\system32\drivers\UMDF
2016-08-31 11:21:29 ----D---- C:\Windows\system32\config
2016-08-23 16:04:31 ----D---- C:\Windows\Microsoft.NET
2016-08-23 16:04:30 ----RSD---- C:\Windows\assembly
2016-08-23 15:58:10 ----D---- C:\Windows\system32\DriverStore
2016-08-23 15:58:07 ----D---- C:\Windows\system32\catroot
2016-08-23 15:19:05 ----D---- C:\Windows\SysWOW64
2016-08-23 14:23:56 ----HD---- C:\ProgramData
2016-08-23 14:13:32 ----RD---- C:\Program Files (x86)
2016-08-23 13:38:34 ----D---- C:\Windows\debug
2016-08-23 13:26:42 ----SHD---- C:\$Recycle.Bin
2016-08-23 13:02:43 ----D---- C:\Windows\SYSWOW64\en-US
2016-08-23 13:02:43 ----D---- C:\Windows\system32\en-US
2016-08-23 13:01:55 ----D---- C:\Windows\winsxs
2016-08-23 13:01:54 ----D---- C:\Windows\system32\catroot2
2016-08-18 20:54:21 ----D---- C:\Windows\rescache
2016-08-17 19:57:32 ----D---- C:\Program Files\Common Files
2016-08-17 19:57:32 ----D---- C:\Program Files (x86)\Common Files
2016-08-17 19:55:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-08-17 18:51:34 ----D---- C:\Windows\system32\wdi
2016-08-17 17:48:36 ----D---- C:\Windows\Tasks
2016-08-17 17:40:50 ----D---- C:\Windows\system32\Tasks
2016-08-17 17:36:59 ----SD---- C:\ProgramData\Microsoft
2016-08-17 17:27:03 ----D---- C:\Program Files (x86)\Windows Sidebar
2016-08-17 17:27:03 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2016-08-17 17:27:03 ----D---- C:\Program Files (x86)\Windows Media Player
2016-08-17 17:27:03 ----D---- C:\Program Files (x86)\Windows Mail
2016-08-17 17:26:59 ----D---- C:\Program Files\Windows Sidebar
2016-08-17 17:26:59 ----D---- C:\Program Files (x86)\Windows Defender
2016-08-17 17:26:58 ----D---- C:\Program Files\Windows Photo Viewer
2016-08-17 17:26:58 ----D---- C:\Program Files\Windows Media Player
2016-08-17 17:26:58 ----D---- C:\Program Files\Windows Mail
2016-08-17 17:26:58 ----D---- C:\Program Files\Windows Journal
2016-08-17 17:26:58 ----D---- C:\Program Files\DVD Maker
2016-08-17 17:26:58 ----D---- C:\Program Files\Common Files\System
2016-08-17 17:26:57 ----D---- C:\Windows\servicing
2016-08-17 17:26:57 ----D---- C:\Program Files\Windows Defender
2016-08-17 17:26:56 ----D---- C:\Windows\SYSWOW64\migwiz
2016-08-17 17:26:56 ----D---- C:\Windows\SYSWOW64\migration
2016-08-17 17:26:56 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-08-17 17:26:56 ----D---- C:\Windows\ehome
2016-08-17 17:26:40 ----D---- C:\Windows\SYSWOW64\drivers
2016-08-17 17:26:40 ----D---- C:\Windows\SYSWOW64\Dism
2016-08-17 17:26:39 ----D---- C:\Windows\SYSWOW64\com
2016-08-17 17:26:39 ----D---- C:\Windows\IME
2016-08-17 17:26:38 ----D---- C:\Windows\system32\oobe
2016-08-17 17:26:38 ----D---- C:\Windows\system32\migwiz
2016-08-17 17:26:37 ----D---- C:\Windows\system32\sysprep
2016-08-17 17:26:37 ----D---- C:\Windows\system32\migration
2016-08-17 17:26:37 ----D---- C:\Windows\system32\cs-CZ
2016-08-17 17:26:37 ----D---- C:\Windows\system32\Boot
2016-08-17 17:26:22 ----D---- C:\Windows\system32\Dism
2016-08-17 17:26:18 ----D---- C:\Windows\system32\com
2016-08-17 17:26:17 ----D---- C:\Windows\AppPatch
2016-08-17 17:16:48 ----D---- C:\Windows\system32\zh-HK
2016-08-17 17:16:47 ----D---- C:\Windows\system32\zh-TW
2016-08-17 17:16:46 ----D---- C:\Windows\system32\zh-CN
2016-08-17 17:16:46 ----D---- C:\Windows\system32\tr-TR
2016-08-17 17:16:46 ----D---- C:\Windows\system32\th-TH
2016-08-17 17:16:45 ----D---- C:\Windows\system32\sv-SE
2016-08-17 17:16:44 ----D---- C:\Windows\system32\sl-SI
2016-08-17 17:16:44 ----D---- C:\Windows\system32\sk-SK
2016-08-17 17:16:43 ----D---- C:\Windows\system32\ru-RU
2016-08-17 17:16:43 ----D---- C:\Windows\system32\ro-RO
2016-08-17 17:16:42 ----D---- C:\Windows\system32\pt-PT
2016-08-17 17:16:42 ----D---- C:\Windows\system32\pt-BR
2016-08-17 17:16:42 ----D---- C:\Windows\system32\pl-PL
2016-08-17 17:16:41 ----D---- C:\Windows\system32\nl-NL
2016-08-17 17:16:41 ----D---- C:\Windows\system32\nb-NO
2016-08-17 17:16:40 ----D---- C:\Windows\system32\lv-LV
2016-08-17 17:16:39 ----D---- C:\Windows\system32\lt-LT
2016-08-17 17:16:39 ----D---- C:\Windows\system32\ko-KR
2016-08-17 17:16:38 ----D---- C:\Windows\system32\ja-JP
2016-08-17 17:16:38 ----D---- C:\Windows\system32\it-IT
2016-08-17 17:16:37 ----D---- C:\Windows\system32\hu-HU
2016-08-17 17:16:37 ----D---- C:\Windows\system32\hr-HR
2016-08-17 17:16:36 ----D---- C:\Windows\system32\he-IL
2016-08-17 17:16:36 ----D---- C:\Windows\system32\fr-FR
2016-08-17 17:16:35 ----D---- C:\Windows\system32\fi-FI
2016-08-17 17:16:34 ----D---- C:\Windows\system32\et-EE
2016-08-17 17:16:33 ----D---- C:\Windows\system32\es-ES
2016-08-17 17:16:32 ----D---- C:\Windows\system32\el-GR
2016-08-17 17:16:32 ----D---- C:\Windows\system32\de-DE
2016-08-17 17:16:32 ----D---- C:\Windows\system32\da-DK
2016-08-17 17:16:31 ----D---- C:\Windows\system32\bg-BG
2016-08-17 17:16:30 ----D---- C:\Windows\system32\ar-SA
2016-08-17 17:05:01 ----D---- C:\Windows\Logs
2016-08-17 15:12:44 ----D---- C:\Windows\system32\CodeIntegrity
2016-08-17 15:08:38 ----D---- C:\Windows\system32\restore
2016-08-17 15:08:01 ----RD---- C:\Users
2016-08-17 15:07:53 ----D---- C:\Windows\system32\Recovery

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2010-06-17 16440]
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak); C:\Windows\system32\DRIVERS\cm_km.sys [2015-07-06 389816]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-09-11 478392]
R0 klbackupdisk;Kaspersky Lab klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 53432]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2015-09-15 213848]
R1 klbackupflt;Kaspersky Lab klbackupflt; C:\Windows\system32\DRIVERS\klbackupflt.sys [2015-12-01 79240]
R1 klhk;Kaspersky Lab service driver; C:\Windows\system32\DRIVERS\klhk.sys [2016-08-23 236888]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2016-08-23 1001304]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2016-05-05 50776]
R1 klpd;Kaspersky Lab format recognizer driver; C:\Windows\system32\DRIVERS\klpd.sys [2015-12-07 45960]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-06-11 65208]
R1 Klwtp;KLwtp - WFP callout traffic inspector; C:\Windows\system32\DRIVERS\klwtp.sys [2016-08-23 110424]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-12-03 194440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2015-09-15 60416]
R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2015-12-02 78200]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-04-30 359936]
R3 BCM43XX;Broadcom 802.11 - ovládač sieťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl664.sys [2016-08-17 3060800]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-12-11 182152]
R3 klids;klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [2016-09-02 182360]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-11-11 52608]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-06-07 41648]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
S3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-09-15 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2015-09-15 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2015-09-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2015-09-15 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 klkbdflt2;Kaspersky Lab KlKbdFlt2; C:\Windows\system32\DRIVERS\klkbdflt2.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-04-30 238080]
R2 AVP16.0.1;Služba Kaspersky Anti-Virus 16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [2015-12-22 236928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17 154440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-15 114688]
S3 klvssbrigde64;klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [2015-12-22 152488]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 03 zář 2016 02:59

Zdravim

Jde ciste jen o prevenci, nebo je i nejaky problem?

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

ponte · #3 Příspěvek od **ponte** » 03 zář 2016 09:54

Zdravím,ide čisto len o preventivku to len pre istotu kdyby náhodou človek nikdy nevie.

ponte · #4 Příspěvek od **ponte** » 03 zář 2016 10:09

# AdwCleaner v6.010 - *Logfile created 03/09/2016 *at 11:01:24
# *Updated on 12/08/2016 by ToolsLib
# *Database : 2016-09-03.1 [*Server]
# *Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# *Username : Drobček - DROBCEK
# *Running from : C:\Users\Drobček\Desktop\adwcleaner_6.010.exe
# *Mode: Clean
# *Support : https://toolslib.net/forum

***** [ *Services ] *****

***** [ *Folders ] *****

***** [ *Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ *Shortcuts ] *****

***** [ *Scheduled Tasks ] *****

***** [ *Registry ] *****

***** [ *Browsers ] *****

[-] [hijackthis.en.softonic.com] [Search Provider] *Deleted: hijackthis.en.softonic.com
[-] [wireless-network-watcher.en.softonic.com] [Search Provider] *Deleted: wireless-network-watcher.en.softonic.com

*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [983 *Bytes] - [03/09/2016 11:01:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [1400 *Bytes] - [03/09/2016 11:00:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1130 *Bytes] ##########

#5 Příspěvek od **Márty84** » 03 zář 2016 13:30

OK, v logu vidim jen par zbytecnosti, ale protoze zdaleka neukaze vsechno, preventivne....

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

ponte · #6 Příspěvek od **ponte** » 03 zář 2016 14:08

Napr aké zbytočnosti?

#7 Příspěvek od **Márty84** » 03 zář 2016 16:08

Nejake zaznamy v registru, sluzby adobe a googlu, proste jen drobnosti.

ponte · #8 Příspěvek od **ponte** » 03 zář 2016 19:43

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/09/03 18:05:51 +0200</date>
<logfile>mbam-log-2016-09-03 (18-05-31).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.09.03.05</malware-database>
<rootkit-database>v2016.08.15.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>DROBCEK</hostname>
<ip>192.168.1.103</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Drobček</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>custom</type>
<result>completed</result>
<objects>368593</objects>
<time>5075</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>

#9 Příspěvek od **Márty84** » 03 zář 2016 20:31

Ten log vypada divne, ale predpokladam, ze nic nenasel, je to tak?

Dame si jeste jeden sken a budem mazat...

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

ponte · #10 Příspěvek od **ponte** » 03 zář 2016 20:46

Nie nič nenašiel všetko čiste ukázalo,ale ten launcher nemôžem stiahnuť blokuje stránku a to mam antivyrus vypnuty

ponte · #11 Příspěvek od **ponte** » 03 zář 2016 21:10

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Drobček (administrator) on DROBCEK (03-09-2016 22:01:11)
Running from C:\Users\Drobček\Desktop
Loaded Profiles: Drobček (Available Profiles: Drobček)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1727647986-1093494910-3178094403-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{688F73BB-AF7C-4C68-A5A9-DAE21E87E724}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-23]

Chrome:
=======
CHR Profile: C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-17]
CHR Extension: (Dokumenty Google) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-17]
CHR Extension: (Disk Google) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-17]
CHR Extension: (YouTube) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-17]
CHR Extension: (Adblock Plus) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-02]
CHR Extension: (Tabuľky Google) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-17]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-08-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-17]
CHR Extension: (Gmail) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-17]
CHR Extension: (Chrome Media Router) - C:\Users\Drobček\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-03]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-09-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-23] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-09-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-05-05] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-23] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 22:01 - 2016-09-03 22:01 - 00009786 _____ C:\Users\Drobček\Desktop\FRST.txt
2016-09-03 22:00 - 2016-09-03 22:01 - 00000000 ____D C:\FRST
2016-09-03 21:59 - 2016-09-03 21:59 - 02397696 _____ (Farbar) C:\Users\Drobček\Desktop\FRST64.exe
2016-09-03 19:30 - 2016-09-03 19:30 - 00002608 _____ C:\Users\Drobček\Desktop\mbam-log-2016-09-03 (18-05-31).xml
2016-09-03 17:26 - 2016-09-03 18:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-03 17:26 - 2016-09-03 17:26 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-03 17:26 - 2016-09-03 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-03 17:26 - 2016-09-03 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-03 17:26 - 2016-09-03 17:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-03 17:26 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-03 17:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-03 17:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-02 20:43 - 2016-09-03 20:36 - 00033498 _____ C:\Windows\system32\perfh01B.dat
2016-09-02 20:43 - 2016-09-03 20:36 - 00011280 _____ C:\Windows\system32\perfc01B.dat
2016-09-02 20:25 - 2016-09-02 20:25 - 00007608 _____ C:\Users\Drobček\AppData\Local\Resmon.ResmonCfg
2016-09-02 16:53 - 2016-09-02 20:06 - 00000000 ____D C:\Program Files\trend micro
2016-09-02 13:15 - 2016-09-02 13:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-09-01 12:46 - 2016-09-01 12:46 - 00000000 ____D C:\Users\Drobček\AppData\Roaming\WinRAR
2016-09-01 12:45 - 2016-09-02 18:04 - 00000000 ____D C:\Program Files\WinRAR
2016-08-23 14:23 - 2016-08-23 14:23 - 00000000 ____D C:\ProgramData\Auslogics
2016-08-23 14:14 - 2016-08-23 14:16 - 00000000 ____D C:\Users\Drobček\AppData\Roaming\qBittorrent
2016-08-23 14:14 - 2016-08-23 14:14 - 00001494 _____ C:\Users\Drobček\Desktop\qbittorrent.lnk
2016-08-23 14:14 - 2016-08-23 14:14 - 00000000 ____D C:\Users\Drobček\AppData\Local\qBittorrent
2016-08-23 14:13 - 2016-08-23 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-08-23 14:13 - 2016-08-23 14:13 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-08-23 13:57 - 2016-09-01 13:27 - 00000000 ____D C:\Program Files (x86)\FastShare
2016-08-23 13:57 - 2016-08-23 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastShare
2016-08-23 13:49 - 2016-09-02 13:17 - 00000000 ____D C:\Users\Drobček\Documents\My Filehippo Downloads
2016-08-23 13:47 - 2016-08-23 13:47 - 00002052 _____ C:\Users\Drobček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2016-08-23 13:47 - 2016-08-23 13:47 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2016-08-23 13:32 - 2016-08-23 13:32 - 00000000 ____D C:\ProgramData\ATI
2016-08-23 13:28 - 2016-08-23 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2016-08-23 13:28 - 2016-08-23 13:28 - 00000000 ____D C:\Program Files\ATI Technologies
2016-08-23 13:28 - 2010-04-29 05:43 - 00038528 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2016-08-23 13:27 - 2016-08-23 13:27 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-08-23 13:17 - 2016-08-23 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-08-23 13:17 - 2016-08-23 13:17 - 00000000 ____D C:\Program Files\Speccy
2016-08-23 13:08 - 2016-08-23 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-08-23 13:07 - 2016-09-03 21:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-23 13:07 - 2016-08-23 13:07 - 00000000 ____D C:\Windows\ELAMBKUP
2016-08-23 13:07 - 2016-08-23 13:07 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-23 13:07 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-08-23 13:06 - 2016-08-23 15:56 - 01001304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-23 13:06 - 2015-12-11 17:28 - 00182152 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-08-17 19:59 - 2016-08-17 19:59 - 00000000 ____D C:\Users\Drobček\AppData\Roaming\ATI
2016-08-17 19:59 - 2016-08-17 19:59 - 00000000 ____D C:\Users\Drobček\AppData\Local\ATI
2016-08-17 19:59 - 2016-08-17 19:59 - 00000000 ____D C:\Users\Drobček\AppData\Local\AMD
2016-08-17 19:58 - 2016-08-17 19:58 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-08-17 19:57 - 2016-08-17 19:57 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-08-17 19:57 - 2016-08-17 19:57 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2016-08-17 19:57 - 2016-08-17 19:57 - 00000000 ____D C:\Program Files (x86)\AMD APP
2016-08-17 19:56 - 2016-08-23 13:26 - 00000000 ____D C:\ProgramData\AMD
2016-08-17 19:56 - 2010-02-18 09:18 - 00046136 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox64.sys
2016-08-17 19:55 - 2016-08-17 19:55 - 00000000 ____D C:\Program Files\ATI
2016-08-17 19:53 - 2016-08-17 19:53 - 00000000 ____D C:\AMD
2016-08-17 19:30 - 2016-09-03 19:55 - 00000000 ____D C:\Users\Drobček\AppData\Roaming\vlc
2016-08-17 19:29 - 2016-08-17 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-17 19:29 - 2016-08-17 19:29 - 00000000 ____D C:\Program Files\VideoLAN
2016-08-17 19:27 - 2016-09-02 18:27 - 00000000 ____D C:\Users\Drobček\AppData\Roaming\AIMP
2016-08-17 19:27 - 2016-08-17 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2016-08-17 19:27 - 2016-08-17 19:27 - 00000000 ____D C:\Program Files (x86)\AIMP
2016-08-17 18:56 - 2016-08-17 18:56 - 00000000 ____D C:\Users\Drobček\Desktop\GodMode.{ED7BA470‐8E54‐465E‐825C‐99712043E01C}
2016-08-17 17:59 - 2016-08-17 17:59 - 00000000 ____D C:\Users\Drobček\AppData\LocalLow\Adobe
2016-08-17 17:59 - 2016-08-17 17:59 - 00000000 ____D C:\Users\Drobček\AppData\Local\Adobe
2016-08-17 17:47 - 2016-08-17 17:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-08-17 17:47 - 2016-08-17 17:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-17 17:45 - 2016-08-17 18:01 - 00000000 ____D C:\ProgramData\Adobe
2016-08-17 17:42 - 2016-09-02 16:26 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-17 17:40 - 2016-09-03 21:53 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-17 17:40 - 2016-09-03 17:57 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-17 17:40 - 2016-08-18 21:39 - 00000000 ____D C:\Users\Drobček\AppData\Local\Google
2016-08-17 17:40 - 2016-08-17 17:48 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-17 17:40 - 2016-08-17 17:48 - 00003680 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-17 17:40 - 2016-08-17 17:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-17 17:39 - 2016-08-17 17:40 - 00000000 ____D C:\Users\Drobček\AppData\Local\Deployment
2016-08-17 17:39 - 2016-08-17 17:39 - 00000000 ____D C:\Users\Drobček\AppData\Local\Apps\2.0
2016-08-17 17:16 - 2016-08-17 17:16 - 00000000 ____D C:\Program Files\Broadcom
2016-08-17 17:16 - 2016-08-17 17:15 - 03891200 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2016-08-17 17:16 - 2016-08-17 17:15 - 03555840 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2016-08-17 17:16 - 2016-08-17 17:15 - 03060800 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS
2016-08-17 17:16 - 2016-08-17 17:15 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2016-08-17 17:16 - 2016-08-17 17:15 - 00006656 _____ C:\Windows\system32\bcmwlrc.dll
2016-08-17 17:15 - 2016-08-23 13:25 - 00000000 ____D C:\SWSetup
2016-08-17 16:39 - 2016-08-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-08-17 16:39 - 2016-08-17 16:39 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-08-17 15:52 - 2016-09-02 20:43 - 00000000 ____D C:\Windows\Panther
2016-08-17 15:31 - 2016-08-17 15:31 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-17 15:31 - 2016-08-17 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-17 15:31 - 2016-08-17 15:31 - 00000000 ____D C:\Program Files\CCleaner
2016-08-17 15:30 - 2016-08-17 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-08-17 15:30 - 2016-08-17 15:30 - 00000000 ____D C:\Program Files\Defraggler
2016-08-17 15:28 - 2016-08-17 15:28 - 00000460 _____ C:\Users\Drobček\Desktop\Zuzana (D).lnk
2016-08-17 15:09 - 2016-08-17 17:59 - 00000000 ____D C:\Users\Drobček\AppData\Roaming\Adobe
2016-08-17 15:09 - 2016-08-17 15:09 - 00000000 ____D C:\Users\Drobček\AppData\Local\VirtualStore
2016-08-17 15:08 - 2016-09-02 18:34 - 00000000 ____D C:\Users\Drobček
2016-08-17 15:08 - 2016-08-17 15:08 - 00058016 _____ C:\Users\Drobček\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-17 15:08 - 2016-08-17 15:08 - 00000020 ___SH C:\Users\Drobček\ntuser.ini
2016-08-17 15:08 - 2010-11-21 11:38 - 00000000 ____D C:\Users\Drobček\AppData\Roaming\Media Center Programs
2016-08-17 14:57 - 2016-08-17 14:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 20:36 - 2009-07-14 07:13 - 00755024 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-03 20:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-03 18:04 - 2009-07-14 06:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-03 18:04 - 2009-07-14 06:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-03 17:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-03 11:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-09-02 20:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-09-02 20:41 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-02 20:41 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-09-02 20:41 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-08-23 15:56 - 2016-05-05 03:43 - 00236888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-23 15:56 - 2015-12-03 11:10 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-17 19:55 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-08-17 17:37 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-17 17:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-08-17 17:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-17 17:26 - 2010-11-21 11:38 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-17 17:26 - 2010-11-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-08-17 17:26 - 2010-11-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-08-17 17:26 - 2010-11-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-08-17 17:26 - 2010-11-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-08-17 17:26 - 2010-11-21 11:27 - 00000000 ____D C:\Windows\system32\winrm
2016-08-17 17:26 - 2010-11-21 11:27 - 00000000 ____D C:\Windows\system32\WCN
2016-08-17 17:26 - 2010-11-21 11:27 - 00000000 ____D C:\Windows\system32\slmgr
2016-08-17 17:26 - 2010-11-21 11:27 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-08-17 17:26 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-08-17 17:26 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-17 17:26 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-17 17:26 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2016-08-17 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-17 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-08-17 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-08-17 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-08-17 15:52 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-08-17 14:59 - 2015-09-15 22:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
2016-08-17 14:53 - 2009-07-14 06:45 - 00267368 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2016-09-02 20:25 - 2016-09-02 20:25 - 0007608 _____ () C:\Users\Drobček\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Drobček\AppData\Local\Temp\libeay32.dll
C:\Users\Drobček\AppData\Local\Temp\msvcr120.dll
C:\Users\Drobček\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-31 11:02

==================== End of FRST.txt ============================

#12 Příspěvek od **Márty84** » 04 zář 2016 08:31

Napiste mi velikost adresare plochy (C:\Users\Drobček\Plocha)

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17 154440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17 154440]

2016-08-17 17:40 - 2016-09-03 21:53 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-17 17:40 - 2016-09-03 17:57 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

ponte · #13 Příspěvek od **ponte** » 04 zář 2016 10:27

Velkosť je 2,32 MB

ponte · #14 Příspěvek od **ponte** » 04 zář 2016 10:34

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Drobček (04-09-2016 11:24:40) Run:1
Running from C:\Users\Drobček\Desktop
Loaded Profiles: Drobček (Available Profiles: Drobček)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17 154440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17 154440]

2016-08-17 17:40 - 2016-09-03 21:53 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-17 17:40 - 2016-09-03 17:57 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT => key removed successfully
AdobeARMservice => service removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16882894 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2954710 B
Edge => 0 B
Chrome => 354616953 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 0 B
Drobček => 11328137 B

RecycleBin => 0 B
EmptyTemp: => 368 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:25:23 ====

#15 Příspěvek od **Márty84** » 04 zář 2016 13:36

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak to s pc vypada. Pokud vse pojede jak ma, mame hotovo.

VIRY.CZ

Poprosil by o Preventivku

Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku

Re: Poprosil by o Preventivku