Ahojte,
prubezne me v bezi Process Explorer (PE) a vcera kdyz jsem do nej juknul tak jsem tam videl proces ktery mel:
- nazev procesu: cinske znaky
- ikonka procesu: ala google chrome
- popis vyrobce nebo procesu byl zmatecny ala "ekern.exe >25% ... " kde ekern.exe je proces esetackeho nod32 kernelu..
Kdyz jsem se pokusil na proces blize juknout skrze pravy klik nad pocesem v PE -> "Properties" tak se PE zesypal - pak proces zmizel. Podobny problem popisuje typek na foru bleepingcomputer.com - zatim bez odpovedi - https://www.bleepingcomputer.com/forums ... -explorer/
Jsem vocas, ze jsem si nejdrive neudelal printscreen...
Pouzivam bezne ESET NOD32 + vcera jsem nainstaloval k tomu Malwarebytes Premium 3.0 v Trialu - oba tvrdi ze je vse OK ale nechce se me verit...
Nepotkali jste se s tim nekdo prosim? Rekl bych se se to asi ted bude schovavat ale presto - juknete prosim jestli je neco neobvykleho v logu?:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by sosak (administrator) on POČÍTAČ (28-12-2016 18:08:54)
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Program Files\Redis\redis-server.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files\Java\jdk1.8.0_31\bin\java.exe
(Aestan Software) C:\wamp\wampmanager.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
() C:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
() C:\Program Files\eclipse-sts-3.8.2\sts-3.8.2.RELEASE\STS.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files\MySQL\MySQL Workbench 6.3 CE\MySQLWorkbench.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\eclipse\eclipse.exe
() C:\Program Files (x86)\Git\bin\sh.exe
(Simon Tatham) C:\Users\sosak\Desktop\putty.exe
(Simon Tatham) C:\Users\sosak\Desktop\putty.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Simon Tatham) C:\Users\sosak\Desktop\putty.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Sysinternals - http://www.sysinternals.com) C:\Users\sosak\Desktop\procexp.exe
(Sysinternals - http://www.sysinternals.com) C:\Users\sosak\AppData\Local\Temp\procexp64.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-05] (IDT, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6730432 2015-05-12] (SoftPerfect Research)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2016-09-01] (Apache Software Foundation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.158.128.2 8.8.8.8
Tcpip\..\Interfaces\{344E2E81-3A84-4859-A3AF-829922FF2D23}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{B2162D39-0738-4335-AE87-F58B023F625B}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{B2C61C60-B21C-42EC-B996-7FDE79335CC9}: [DhcpNameServer] 192.168.100.252
Tcpip\..\Interfaces\{BE8D4DB0-30E5-4A67-A064-4763529831D1}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{C99D2F0D-2B89-43CD-B44A-0F15B08EF887}: [DhcpNameServer] 192.168.200.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{CEA06CBE-7666-49F2-97BA-4B90A403CE29}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{EDF85E1D-0950-4146-8798-15F694AB28F9}: [DhcpNameServer] 212.158.128.2 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-29] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 2u8sc2k0.default
FF ProfilePath: C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default [2016-12-08]
FF Extension: (ChatZilla) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-11-04]
FF Extension: (Adblock Plus) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-14]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentace Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
CHR Extension: (Dokumenty Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Session Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-02-08]
CHR Extension: (YouTube) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Adblock Plus) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (JSONView) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2015-09-10]
CHR Extension: (REST Console) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2015-02-08]
CHR Extension: (Vyhledávání Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Tabulky Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Postman) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-16]
CHR Extension: (Quick Javascript Switcher) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Bookmark Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-06]
CHR Extension: (Live HTTP Headers) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2016-11-02]
CHR Extension: (ModHeader) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-26]
CHR Extension: (Bird Brawl) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfmnamhddafiplkkobdinpjcnidlplk [2015-04-28]
CHR Extension: (Flashcontrol) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-26]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2016-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-20] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2012-06-18] (O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1552896 2016-01-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2016-09-01] (Apache Software Foundation)
R3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
R3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-06-08] (Copyright(c) Digitech Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-20] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [639408 2012-06-15] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-05-25] ()
R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-27] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-27] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-27] (Malwarebytes)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2012-06-18] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2012-06-18] (MCCI Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-04-30] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-06-18] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-06-18] (Novatel Wireless Inc.)
S3 percsas2; C:\Windows\system32\drivers\percsas2.sys [53584 2012-06-15] (LSI Corporation)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [8832 2012-05-10] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2012-05-10] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2012-07-04] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2012-07-04] (SUNIX Co., Ltd.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
S3 terahid; C:\Windows\system32\drivers\terahid.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terahidmapper; C:\Windows\system32\drivers\terahidmapper.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 teramouse; C:\Windows\system32\drivers\teramouse.sys [11264 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terapcoip; C:\Windows\system32\drivers\terapcoip.sys [37376 2012-06-14] (Windows (R) Win 7 DDK provider)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2012-06-18] (Ericsson AB)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 ptlser; \SystemRoot\system32\drivers\ptlser64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 18:08 - 2016-12-28 18:09 - 00025055 _____ C:\Users\sosak\Desktop\FRST.txt
2016-12-28 18:08 - 2016-12-28 18:08 - 00000000 ____D C:\FRST
2016-12-28 18:05 - 2016-12-28 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
2016-12-28 18:03 - 2016-12-28 18:03 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Downloads\Nepotvrzeno 887829.crdownload
2016-12-28 18:02 - 2016-12-28 18:07 - 00000000 ____D C:\Users\sosak\Desktop\PC CLEANUP TOOLS
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\VCELY
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\DOMACNOST
2016-12-28 17:46 - 2016-12-28 17:52 - 00000000 ____D C:\Users\sosak\Desktop\PRACE
2016-12-28 17:40 - 2016-12-28 17:41 - 02420736 _____ (Farbar) C:\Users\sosak\Desktop\FRST64.exe
2016-12-27 22:58 - 2016-12-27 22:58 - 00002011 _____ C:\Users\Public\Desktop\Datovka.lnk
2016-12-27 22:58 - 2016-12-27 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CZ.NIC
2016-12-27 22:37 - 2016-12-27 22:38 - 13126284 _____ (CZ.NIC, z. s. p. o.) C:\Users\sosak\Downloads\datovka-4.7.0-windows.exe
2016-12-27 19:24 - 2016-12-27 22:27 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-27 19:24 - 2016-12-27 19:25 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-27 19:24 - 2016-12-27 19:25 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-27 19:24 - 2016-12-27 19:25 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 19:24 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-27 19:20 - 2016-12-27 19:22 - 54199488 _____ (Malwarebytes ) C:\Users\sosak\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-27 17:10 - 2016-12-27 17:10 - 00000326 _____ C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job
2016-12-27 17:09 - 2016-12-27 17:10 - 02964472 _____ (Google) C:\Users\sosak\Downloads\chrome_cleanup_tool.exe
2016-12-21 09:54 - 2016-12-21 09:54 - 00031884 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016.pdf
2016-12-21 09:54 - 2016-12-21 09:54 - 00025463 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016_EUR.pdf
2016-12-16 21:42 - 2016-12-16 21:42 - 00000000 ____D C:\Users\sosak\Documents\Shared Toad
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Dell
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Local\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-16 20:41 - 2016-12-16 20:41 - 00002106 _____ C:\Users\Public\Desktop\Toad for MySQL 7.9 Freeware.lnk
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-16 20:36 - 2016-11-07 15:57 - 94583128 _____ C:\Users\sosak\Downloads\toadformysql_freeware_7.9.0.637.exe
2016-12-15 01:11 - 2016-12-15 01:11 - 00000000 ____D C:\Users\sosak\.android
2016-12-15 00:50 - 2016-12-15 00:52 - 00000000 ____D C:\Users\sosak\AppData\Roaming\JetBrains
2016-12-15 00:49 - 2016-12-15 00:49 - 00000000 ____D C:\Users\sosak\.IdeaIC2016.3
2016-12-15 00:48 - 2016-12-15 00:48 - 00001052 _____ C:\Users\Public\Desktop\IntelliJ.lnk
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\Program Files (x86)\JetBrains
2016-12-14 01:18 - 2016-12-14 01:48 - 507957726 _____ C:\Users\sosak\Downloads\3.Dějiny-světa-Slovo-a-mec.avi
2016-12-13 13:51 - 2016-12-13 13:52 - 41409947 _____ C:\Users\sosak\Downloads\jfrog-artifactory-oss-4.14.3.zip
2016-12-13 12:14 - 2016-12-13 12:14 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-13 12:14 - 2016-12-13 12:14 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-12 17:00 - 2016-12-12 17:00 - 00004669 _____ C:\Users\sosak\Downloads\airbank_1095127016_2016-12-12_17-00.csv
2016-12-08 12:26 - 2016-12-08 12:26 - 00813854 _____ C:\Users\sosak\Downloads\Nepotvrzeno 494884.crdownload
2016-12-08 11:38 - 2016-12-08 11:38 - 00001208 _____ C:\Users\sosak\Desktop\Eclipse STS.lnk
2016-12-07 21:48 - 2016-12-07 21:48 - 00000000 ____D C:\Users\sosak\workspace-rasto
2016-12-07 20:46 - 2016-12-07 20:46 - 00000071 _____ C:\Users\sosak\.gitconfig
2016-12-07 20:23 - 2016-12-07 20:51 - 00000987 ____H C:\Users\sosak\_viminfo
2016-12-07 20:17 - 2016-12-07 20:18 - 00000000 ____D C:\Users\sosak\workspace-sofiane
2016-12-07 19:29 - 2016-12-07 19:29 - 00018786 _____ C:\Users\sosak\restsec_dev.trace.db
2016-12-07 19:25 - 2016-12-07 19:34 - 00012288 _____ C:\Users\sosak\restsec_dev.mv.db
2016-12-07 19:24 - 2016-12-07 19:34 - 00102400 _____ C:\Users\sosak\test.mv.db
2016-12-07 19:24 - 2016-12-07 19:30 - 00001402 _____ C:\Users\sosak\.h2.server.properties
2016-12-07 17:55 - 2016-12-07 18:12 - 358621320 _____ C:\Users\sosak\Downloads\ideaIC-2016.3.exe
2016-12-07 17:12 - 2016-12-12 22:13 - 00000000 ____D C:\Users\sosak\AppData\Local\Spring Tool Suite
2016-12-07 17:12 - 2016-12-07 17:16 - 00000000 ____D C:\Users\sosak\hsperfdata_sosak
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\sosak\workspace-sts-3.8.2.RELEASE
2016-12-07 17:12 - 2016-12-07 17:12 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Spring Tool Suite
2016-12-07 17:00 - 2016-12-07 17:10 - 00000000 ____D C:\Program Files\eclipse-sts-3.8.2
2016-12-06 21:19 - 2016-12-06 21:19 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Eclipse
2016-11-30 18:47 - 2016-11-30 18:49 - 27369704 _____ C:\Users\sosak\Downloads\elasticsearch-2.4.0.zip
2016-11-30 18:41 - 2016-11-30 18:49 - 00000000 ____D C:\_elasatic-search
2016-11-30 18:38 - 2016-11-30 18:40 - 32978684 _____ C:\Users\sosak\Downloads\elasticsearch-5.0.2.zip
2016-11-30 16:58 - 2016-11-30 16:58 - 68078424 _____ C:\Users\sosak\Documents\20161130_Anj's-EntireX-service-finished_ANJUMPC (765 428 983)_2016-11-30 16.32.tvs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 18:01 - 2015-02-03 16:55 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Skype
2016-12-28 17:51 - 2016-07-14 11:06 - 00000000 ____D C:\Users\sosak\Desktop\TEPELNE CERPADLA
2016-12-28 17:48 - 2016-02-20 09:29 - 00000000 ____D C:\Users\sosak\Desktop\ZAHRADA
2016-12-28 17:48 - 2015-08-12 10:45 - 00000000 ____D C:\Users\sosak\Desktop\tebip-upload
2016-12-28 17:48 - 2015-05-20 14:52 - 00000000 ____D C:\Users\sosak\Desktop\E-BOOKS
2016-12-28 17:48 - 2015-02-15 12:39 - 00000000 ____D C:\Users\sosak\Desktop\!to-sort
2016-12-28 17:45 - 2015-02-03 19:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\vlc
2016-12-28 17:42 - 2015-05-20 14:51 - 00000000 ____D C:\Users\sosak\Desktop\CHALUPA
2016-12-28 17:18 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-28 17:18 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-28 17:17 - 2014-07-31 01:14 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-12-28 17:17 - 2014-07-31 01:14 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-12-28 17:17 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 17:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-28 16:18 - 2015-02-15 23:01 - 00000000 ____D C:\Users\sosak\AppData\Roaming\.dsgui
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-27 17:06 - 2015-02-03 17:39 - 00000600 _____ C:\Users\sosak\AppData\Local\PUTTY.RND
2016-12-23 00:06 - 2016-02-20 09:27 - 00000000 ____D C:\Users\sosak\Desktop\BWD21 datovka
2016-12-16 20:36 - 2015-02-03 15:44 - 00000000 ____D C:\Users\sosak\AppData\Roaming\GHISLER
2016-12-15 01:11 - 2015-02-03 15:27 - 00000000 ____D C:\Users\sosak
2016-12-14 21:18 - 2015-02-03 13:41 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:18 - 2015-02-03 13:41 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 13:55 - 2015-02-03 15:45 - 00064024 _____ C:\Users\sosak\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-13 13:55 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\AppData\Local\Eclipse
2016-12-13 12:14 - 2015-02-03 16:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-13 11:56 - 2016-01-20 19:02 - 00002238 ____H C:\Users\sosak\Documents\Default.rdp
2016-12-13 11:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-13 10:03 - 2009-07-14 06:08 - 00029198 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-13 10:02 - 2015-02-08 09:48 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
2016-12-13 10:02 - 2015-02-03 13:40 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-13 10:02 - 2015-02-03 13:40 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-12 23:26 - 2015-02-08 09:48 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
2016-12-12 22:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-12 22:16 - 2015-02-08 16:34 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1423409685
2016-12-12 22:16 - 2015-02-08 16:34 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-12 22:11 - 2015-02-03 16:55 - 00000000 ____D C:\ProgramData\Skype
2016-12-12 22:10 - 2016-11-18 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-12 22:10 - 2016-01-14 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-12 22:10 - 2016-01-04 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-12 22:10 - 2015-02-03 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-08 15:56 - 2015-02-08 14:38 - 00000000 ____D C:\!data
2016-12-07 17:47 - 2016-09-29 22:11 - 00000000 ____D C:\Users\sosak\workspace-jee
2016-12-07 17:11 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\.eclipse
==================== Files in the root of some directories =======
2016-12-16 20:43 - 2016-12-16 20:40 - 0000162 _____ () C:\Program Files (x86)\INSTALL.LOG
2015-02-08 14:55 - 2016-11-25 00:52 - 0000600 _____ () C:\Users\sosak\AppData\Roaming\winscp.rnd
2015-04-05 12:37 - 2016-09-10 08:30 - 0017920 _____ () C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 17:39 - 2016-12-27 17:06 - 0000600 _____ () C:\Users\sosak\AppData\Local\PUTTY.RND
Some files in TEMP:
====================
C:\Users\sosak\AppData\Local\Temp\ExPromo.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\procexp64.exe
C:\Users\sosak\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sosak\AppData\Local\Temp\SQLiteExpertPersSetup.exe
C:\Users\sosak\AppData\Local\Temp\vlc-2.2.4-win64.exe
C:\Users\sosak\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => c:\users\sosak\downloads\chrome_cleanup_tool.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\sosak\Desktop" je 18255 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Čínsky malware process - znate nekdo prosim?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Čínsky malware process - znate nekdo prosim?
- Přílohy
-
- farbar-addition_rsit-info-log.zip
- ZIP obsahuje:
- Addition.txt z FRST
- log + info z RSIT - (27.14 KiB) Staženo 71 x
Re: Čínsky malware process - znate nekdo prosim?
Pridavam vystup z AdwCleaneru:
# AdwCleaner v6.041 - Log vytvořen 28/12/2016 v 20:42:44
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : sosak - POČÍTAČ
# Spuštěno z : C:\Users\sosak\Desktop\PC CLEANUP TOOLS\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Složka nalezena: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc
***** [ Soubory ] *****
Soubor nalezen: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage
Soubor nalezen: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage-journal
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Naplánovaná úloha nalezena: Chrome Cleanup Tool logs upload retry
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - chklaanhfefbnpoihckbnefhakgolnmc
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [1818 Bajty] - [28/12/2016 20:42:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1891 Bajty] ##########
# AdwCleaner v6.041 - Log vytvořen 28/12/2016 v 20:45:28
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : sosak - POČÍTAČ
# Spuštěno z : C:\Users\sosak\Desktop\PC CLEANUP TOOLS\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage
[-] Soubor smazán: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage-journal
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Chrome Cleanup Tool logs upload retry
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
***** [ Prohlížeče ] *****
[-] [C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: chklaanhfefbnpoihckbnefhakgolnmc
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1643 Bajty] - [28/12/2016 20:45:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [1970 Bajty] - [28/12/2016 20:42:44]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1789 Bajty] ##########
# AdwCleaner v6.041 - Log vytvořen 28/12/2016 v 20:42:44
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : sosak - POČÍTAČ
# Spuštěno z : C:\Users\sosak\Desktop\PC CLEANUP TOOLS\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Složka nalezena: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc
***** [ Soubory ] *****
Soubor nalezen: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage
Soubor nalezen: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage-journal
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Naplánovaná úloha nalezena: Chrome Cleanup Tool logs upload retry
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - chklaanhfefbnpoihckbnefhakgolnmc
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [1818 Bajty] - [28/12/2016 20:42:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1891 Bajty] ##########
# AdwCleaner v6.041 - Log vytvořen 28/12/2016 v 20:45:28
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : sosak - POČÍTAČ
# Spuštěno z : C:\Users\sosak\Desktop\PC CLEANUP TOOLS\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage
[-] Soubor smazán: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage-journal
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Chrome Cleanup Tool logs upload retry
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
***** [ Prohlížeče ] *****
[-] [C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: chklaanhfefbnpoihckbnefhakgolnmc
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1643 Bajty] - [28/12/2016 20:45:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [1970 Bajty] - [28/12/2016 20:42:44]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1789 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Čínsky malware process - znate nekdo prosim?
Zdravím!
Dejte nový log FRST (po mazání ADW).
Dejte nový log FRST (po mazání ADW).
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Čínsky malware process - znate nekdo prosim?
Novy FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by sosak (administrator) on POČÍTAČ (28-12-2016 21:31:43)
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Program Files\Redis\redis-server.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\eclipse-jee-neon-r\eclipse.exe
() C:\Program Files\eclipse\eclipse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Sysinternals - www.sysinternals.com) C:\Users\sosak\Desktop\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\sosak\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-05] (IDT, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6730432 2015-05-12] (SoftPerfect Research)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2016-09-01] (Apache Software Foundation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.158.128.2 8.8.8.8
Tcpip\..\Interfaces\{344E2E81-3A84-4859-A3AF-829922FF2D23}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{B2162D39-0738-4335-AE87-F58B023F625B}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{B2C61C60-B21C-42EC-B996-7FDE79335CC9}: [DhcpNameServer] 192.168.100.252
Tcpip\..\Interfaces\{BE8D4DB0-30E5-4A67-A064-4763529831D1}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{C99D2F0D-2B89-43CD-B44A-0F15B08EF887}: [DhcpNameServer] 192.168.200.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{CEA06CBE-7666-49F2-97BA-4B90A403CE29}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{EDF85E1D-0950-4146-8798-15F694AB28F9}: [DhcpNameServer] 212.158.128.2 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-29] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 2u8sc2k0.default
FF ProfilePath: C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default [2016-12-08]
FF Extension: (ChatZilla) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-11-04]
FF Extension: (Adblock Plus) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-14]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentace Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
CHR Extension: (Dokumenty Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Session Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-02-08]
CHR Extension: (YouTube) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Adblock Plus) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (REST Console) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2015-02-08]
CHR Extension: (Vyhledávání Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Tabulky Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Postman) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-16]
CHR Extension: (Quick Javascript Switcher) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Bookmark Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-06]
CHR Extension: (ModHeader) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-26]
CHR Extension: (Bird Brawl) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfmnamhddafiplkkobdinpjcnidlplk [2015-04-28]
CHR Extension: (Flashcontrol) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-26]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2016-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-20] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2012-06-18] (O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1552896 2016-01-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2016-09-01] (Apache Software Foundation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-06-08] (Copyright(c) Digitech Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-20] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [639408 2012-06-15] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-05-25] ()
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-28] (Malwarebytes)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2012-06-18] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2012-06-18] (MCCI Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-04-30] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-06-18] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-06-18] (Novatel Wireless Inc.)
S3 percsas2; C:\Windows\system32\drivers\percsas2.sys [53584 2012-06-15] (LSI Corporation)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [8832 2012-05-10] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2012-05-10] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2012-07-04] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2012-07-04] (SUNIX Co., Ltd.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
S3 terahid; C:\Windows\system32\drivers\terahid.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terahidmapper; C:\Windows\system32\drivers\terahidmapper.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 teramouse; C:\Windows\system32\drivers\teramouse.sys [11264 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terapcoip; C:\Windows\system32\drivers\terapcoip.sys [37376 2012-06-14] (Windows (R) Win 7 DDK provider)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2012-06-18] (Ericsson AB)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 ptlser; \SystemRoot\system32\drivers\ptlser64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 21:31 - 2016-12-28 21:31 - 00022684 _____ C:\Users\sosak\Desktop\FRST.txt
2016-12-28 21:11 - 2016-12-28 21:11 - 03977168 _____ C:\Users\sosak\Downloads\AdwCleaner.exe
2016-12-28 21:09 - 2016-12-28 21:09 - 00003660 _____ C:\Users\sosak\Desktop\JRT.txt
2016-12-28 20:40 - 2016-12-28 20:45 - 00000000 ____D C:\AdwCleaner
2016-12-28 18:53 - 2016-12-28 18:53 - 00016840 _____ C:\Users\sosak\Downloads\Nepotvrzeno 202175.crdownload
2016-12-28 18:16 - 2016-12-28 18:16 - 00000000 ____D C:\Program Files\trend micro
2016-12-28 18:15 - 2016-12-28 18:15 - 01222144 _____ C:\Users\sosak\Desktop\RSITx64.exe
2016-12-28 18:08 - 2016-12-28 21:31 - 00000000 ____D C:\FRST
2016-12-28 18:05 - 2016-12-28 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
2016-12-28 18:02 - 2016-12-28 21:05 - 00000000 ____D C:\Users\sosak\Desktop\PC CLEANUP TOOLS
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\VCELY
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\DOMACNOST
2016-12-28 17:46 - 2016-12-28 17:52 - 00000000 ____D C:\Users\sosak\Desktop\PRACE
2016-12-28 17:40 - 2016-12-28 17:41 - 02420736 _____ (Farbar) C:\Users\sosak\Desktop\FRST64.exe
2016-12-27 22:58 - 2016-12-27 22:58 - 00002011 _____ C:\Users\Public\Desktop\Datovka.lnk
2016-12-27 22:58 - 2016-12-27 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CZ.NIC
2016-12-27 22:37 - 2016-12-27 22:38 - 13126284 _____ (CZ.NIC, z. s. p. o.) C:\Users\sosak\Downloads\datovka-4.7.0-windows.exe
2016-12-27 19:24 - 2016-12-28 21:18 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-27 19:24 - 2016-12-28 21:16 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-27 19:24 - 2016-12-28 21:15 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 19:24 - 2016-12-28 21:15 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-27 19:24 - 2016-12-28 21:15 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 19:24 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-27 19:20 - 2016-12-27 19:22 - 54199488 _____ (Malwarebytes ) C:\Users\sosak\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-27 17:09 - 2016-12-27 17:10 - 02964472 _____ (Google) C:\Users\sosak\Downloads\chrome_cleanup_tool.exe
2016-12-21 09:54 - 2016-12-21 09:54 - 00031884 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016.pdf
2016-12-21 09:54 - 2016-12-21 09:54 - 00025463 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016_EUR.pdf
2016-12-16 21:42 - 2016-12-16 21:42 - 00000000 ____D C:\Users\sosak\Documents\Shared Toad
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Dell
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Local\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-16 20:41 - 2016-12-16 20:41 - 00002106 _____ C:\Users\Public\Desktop\Toad for MySQL 7.9 Freeware.lnk
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-16 20:36 - 2016-11-07 15:57 - 94583128 _____ C:\Users\sosak\Downloads\toadformysql_freeware_7.9.0.637.exe
2016-12-15 01:11 - 2016-12-15 01:11 - 00000000 ____D C:\Users\sosak\.android
2016-12-15 00:50 - 2016-12-15 00:52 - 00000000 ____D C:\Users\sosak\AppData\Roaming\JetBrains
2016-12-15 00:49 - 2016-12-15 00:49 - 00000000 ____D C:\Users\sosak\.IdeaIC2016.3
2016-12-15 00:48 - 2016-12-15 00:48 - 00001052 _____ C:\Users\Public\Desktop\IntelliJ.lnk
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\Program Files (x86)\JetBrains
2016-12-14 01:18 - 2016-12-14 01:48 - 507957726 _____ C:\Users\sosak\Downloads\3.Dějiny-světa-Slovo-a-mec.avi
2016-12-13 13:51 - 2016-12-13 13:52 - 41409947 _____ C:\Users\sosak\Downloads\jfrog-artifactory-oss-4.14.3.zip
2016-12-13 12:14 - 2016-12-13 12:14 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-13 12:14 - 2016-12-13 12:14 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-12 17:00 - 2016-12-12 17:00 - 00004669 _____ C:\Users\sosak\Downloads\airbank_1095127016_2016-12-12_17-00.csv
2016-12-08 12:26 - 2016-12-08 12:26 - 00813854 _____ C:\Users\sosak\Downloads\Nepotvrzeno 494884.crdownload
2016-12-08 11:38 - 2016-12-08 11:38 - 00001208 _____ C:\Users\sosak\Desktop\Eclipse STS.lnk
2016-12-07 21:48 - 2016-12-07 21:48 - 00000000 ____D C:\Users\sosak\workspace-rasto
2016-12-07 20:46 - 2016-12-07 20:46 - 00000071 _____ C:\Users\sosak\.gitconfig
2016-12-07 20:23 - 2016-12-07 20:51 - 00000987 ____H C:\Users\sosak\_viminfo
2016-12-07 20:17 - 2016-12-07 20:18 - 00000000 ____D C:\Users\sosak\workspace-sofiane
2016-12-07 19:29 - 2016-12-07 19:29 - 00018786 _____ C:\Users\sosak\restsec_dev.trace.db
2016-12-07 19:25 - 2016-12-07 19:34 - 00012288 _____ C:\Users\sosak\restsec_dev.mv.db
2016-12-07 19:24 - 2016-12-07 19:34 - 00102400 _____ C:\Users\sosak\test.mv.db
2016-12-07 19:24 - 2016-12-07 19:30 - 00001402 _____ C:\Users\sosak\.h2.server.properties
2016-12-07 17:55 - 2016-12-07 18:12 - 358621320 _____ C:\Users\sosak\Downloads\ideaIC-2016.3.exe
2016-12-07 17:12 - 2016-12-12 22:13 - 00000000 ____D C:\Users\sosak\AppData\Local\Spring Tool Suite
2016-12-07 17:12 - 2016-12-07 17:16 - 00000000 ____D C:\Users\sosak\hsperfdata_sosak
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\sosak\workspace-sts-3.8.2.RELEASE
2016-12-07 17:12 - 2016-12-07 17:12 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Spring Tool Suite
2016-12-07 17:00 - 2016-12-07 17:10 - 00000000 ____D C:\Program Files\eclipse-sts-3.8.2
2016-12-06 21:19 - 2016-12-06 21:19 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Eclipse
2016-11-30 18:47 - 2016-11-30 18:49 - 27369704 _____ C:\Users\sosak\Downloads\elasticsearch-2.4.0.zip
2016-11-30 18:41 - 2016-11-30 18:49 - 00000000 ____D C:\_elasatic-search
2016-11-30 18:38 - 2016-11-30 18:40 - 32978684 _____ C:\Users\sosak\Downloads\elasticsearch-5.0.2.zip
2016-11-30 16:58 - 2016-11-30 16:58 - 68078424 _____ C:\Users\sosak\Documents\20161130_Anj's-EntireX-service-finished_ANJUMPC (765 428 983)_2016-11-30 16.32.tvs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 21:31 - 2015-02-03 16:55 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Skype
2016-12-28 21:26 - 2015-02-08 09:48 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
2016-12-28 21:23 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\AppData\Local\Eclipse
2016-12-28 21:22 - 2014-07-31 01:14 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-12-28 21:22 - 2014-07-31 01:14 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-12-28 21:22 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 21:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-28 21:20 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-28 21:20 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-28 21:15 - 2015-02-08 09:48 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
2016-12-28 21:15 - 2015-02-03 13:40 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-28 21:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-28 20:55 - 2015-02-08 16:34 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1423409685
2016-12-28 20:55 - 2015-02-08 16:34 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-28 20:53 - 2015-02-03 13:40 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-28 20:46 - 2009-07-14 05:45 - 00294936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-28 20:44 - 2015-02-03 19:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\vlc
2016-12-28 17:51 - 2016-07-14 11:06 - 00000000 ____D C:\Users\sosak\Desktop\TEPELNE CERPADLA
2016-12-28 17:48 - 2016-02-20 09:29 - 00000000 ____D C:\Users\sosak\Desktop\ZAHRADA
2016-12-28 17:48 - 2015-08-12 10:45 - 00000000 ____D C:\Users\sosak\Desktop\tebip-upload
2016-12-28 17:48 - 2015-05-20 14:52 - 00000000 ____D C:\Users\sosak\Desktop\E-BOOKS
2016-12-28 17:48 - 2015-02-15 12:39 - 00000000 ____D C:\Users\sosak\Desktop\!to-sort
2016-12-28 17:42 - 2015-05-20 14:51 - 00000000 ____D C:\Users\sosak\Desktop\CHALUPA
2016-12-28 16:18 - 2015-02-15 23:01 - 00000000 ____D C:\Users\sosak\AppData\Roaming\.dsgui
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 17:06 - 2015-02-03 17:39 - 00000600 _____ C:\Users\sosak\AppData\Local\PUTTY.RND
2016-12-23 00:06 - 2016-02-20 09:27 - 00000000 ____D C:\Users\sosak\Desktop\BWD21 datovka
2016-12-16 20:36 - 2015-02-03 15:44 - 00000000 ____D C:\Users\sosak\AppData\Roaming\GHISLER
2016-12-15 01:11 - 2015-02-03 15:27 - 00000000 ____D C:\Users\sosak
2016-12-14 21:18 - 2015-02-03 13:41 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:18 - 2015-02-03 13:41 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 13:55 - 2015-02-03 15:45 - 00064024 _____ C:\Users\sosak\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-13 12:14 - 2015-02-03 16:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-13 11:56 - 2016-01-20 19:02 - 00002238 ____H C:\Users\sosak\Documents\Default.rdp
2016-12-13 11:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-13 10:03 - 2009-07-14 06:08 - 00029662 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-12 22:11 - 2015-02-03 16:55 - 00000000 ____D C:\ProgramData\Skype
2016-12-12 22:10 - 2016-11-18 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-12 22:10 - 2016-01-14 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-12 22:10 - 2016-01-04 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-12 22:10 - 2015-02-03 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-08 15:56 - 2015-02-08 14:38 - 00000000 ____D C:\!data
2016-12-07 17:47 - 2016-09-29 22:11 - 00000000 ____D C:\Users\sosak\workspace-jee
2016-12-07 17:11 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\.eclipse
==================== Files in the root of some directories =======
2016-12-16 20:43 - 2016-12-16 20:40 - 0000162 _____ () C:\Program Files (x86)\INSTALL.LOG
2015-02-08 14:55 - 2016-11-25 00:52 - 0000600 _____ () C:\Users\sosak\AppData\Roaming\winscp.rnd
2015-04-05 12:37 - 2016-09-10 08:30 - 0017920 _____ () C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 17:39 - 2016-12-27 17:06 - 0000600 _____ () C:\Users\sosak\AppData\Local\PUTTY.RND
Some files in TEMP:
====================
C:\Users\sosak\AppData\Local\Temp\ExPromo.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\libeay32.dll
C:\Users\sosak\AppData\Local\Temp\msvcr120.dll
C:\Users\sosak\AppData\Local\Temp\procexp64.exe
C:\Users\sosak\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sosak\AppData\Local\Temp\sqlite3.dll
C:\Users\sosak\AppData\Local\Temp\SQLiteExpertPersSetup.exe
C:\Users\sosak\AppData\Local\Temp\vlc-2.2.4-win64.exe
C:\Users\sosak\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-15 23:27
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows) (Fixed) (Total:232.69 GB) (Free:35.72 GB) NTFS
Available physical RAM: 2499 MB
Total physical RAM: 8072.9 MB
Percentage of memory in use: 69%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F9FC87EB)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\sosak\Desktop" je 18267 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by sosak (administrator) on POČÍTAČ (28-12-2016 21:31:43)
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Program Files\Redis\redis-server.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\eclipse-jee-neon-r\eclipse.exe
() C:\Program Files\eclipse\eclipse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Sysinternals - www.sysinternals.com) C:\Users\sosak\Desktop\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\sosak\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-05] (IDT, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6730432 2015-05-12] (SoftPerfect Research)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2016-09-01] (Apache Software Foundation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.158.128.2 8.8.8.8
Tcpip\..\Interfaces\{344E2E81-3A84-4859-A3AF-829922FF2D23}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{B2162D39-0738-4335-AE87-F58B023F625B}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{B2C61C60-B21C-42EC-B996-7FDE79335CC9}: [DhcpNameServer] 192.168.100.252
Tcpip\..\Interfaces\{BE8D4DB0-30E5-4A67-A064-4763529831D1}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{C99D2F0D-2B89-43CD-B44A-0F15B08EF887}: [DhcpNameServer] 192.168.200.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{CEA06CBE-7666-49F2-97BA-4B90A403CE29}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{EDF85E1D-0950-4146-8798-15F694AB28F9}: [DhcpNameServer] 212.158.128.2 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-29] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 2u8sc2k0.default
FF ProfilePath: C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default [2016-12-08]
FF Extension: (ChatZilla) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-11-04]
FF Extension: (Adblock Plus) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-14]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentace Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
CHR Extension: (Dokumenty Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Session Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-02-08]
CHR Extension: (YouTube) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Adblock Plus) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (REST Console) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2015-02-08]
CHR Extension: (Vyhledávání Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Tabulky Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Postman) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-16]
CHR Extension: (Quick Javascript Switcher) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Bookmark Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-06]
CHR Extension: (ModHeader) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-26]
CHR Extension: (Bird Brawl) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfmnamhddafiplkkobdinpjcnidlplk [2015-04-28]
CHR Extension: (Flashcontrol) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-26]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2016-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-20] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2012-06-18] (O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1552896 2016-01-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2016-09-01] (Apache Software Foundation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-06-08] (Copyright(c) Digitech Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-20] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [639408 2012-06-15] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-05-25] ()
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-28] (Malwarebytes)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2012-06-18] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2012-06-18] (MCCI Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-04-30] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-06-18] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-06-18] (Novatel Wireless Inc.)
S3 percsas2; C:\Windows\system32\drivers\percsas2.sys [53584 2012-06-15] (LSI Corporation)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [8832 2012-05-10] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2012-05-10] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2012-07-04] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2012-07-04] (SUNIX Co., Ltd.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
S3 terahid; C:\Windows\system32\drivers\terahid.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terahidmapper; C:\Windows\system32\drivers\terahidmapper.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 teramouse; C:\Windows\system32\drivers\teramouse.sys [11264 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terapcoip; C:\Windows\system32\drivers\terapcoip.sys [37376 2012-06-14] (Windows (R) Win 7 DDK provider)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2012-06-18] (Ericsson AB)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 ptlser; \SystemRoot\system32\drivers\ptlser64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 21:31 - 2016-12-28 21:31 - 00022684 _____ C:\Users\sosak\Desktop\FRST.txt
2016-12-28 21:11 - 2016-12-28 21:11 - 03977168 _____ C:\Users\sosak\Downloads\AdwCleaner.exe
2016-12-28 21:09 - 2016-12-28 21:09 - 00003660 _____ C:\Users\sosak\Desktop\JRT.txt
2016-12-28 20:40 - 2016-12-28 20:45 - 00000000 ____D C:\AdwCleaner
2016-12-28 18:53 - 2016-12-28 18:53 - 00016840 _____ C:\Users\sosak\Downloads\Nepotvrzeno 202175.crdownload
2016-12-28 18:16 - 2016-12-28 18:16 - 00000000 ____D C:\Program Files\trend micro
2016-12-28 18:15 - 2016-12-28 18:15 - 01222144 _____ C:\Users\sosak\Desktop\RSITx64.exe
2016-12-28 18:08 - 2016-12-28 21:31 - 00000000 ____D C:\FRST
2016-12-28 18:05 - 2016-12-28 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
2016-12-28 18:02 - 2016-12-28 21:05 - 00000000 ____D C:\Users\sosak\Desktop\PC CLEANUP TOOLS
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\VCELY
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\DOMACNOST
2016-12-28 17:46 - 2016-12-28 17:52 - 00000000 ____D C:\Users\sosak\Desktop\PRACE
2016-12-28 17:40 - 2016-12-28 17:41 - 02420736 _____ (Farbar) C:\Users\sosak\Desktop\FRST64.exe
2016-12-27 22:58 - 2016-12-27 22:58 - 00002011 _____ C:\Users\Public\Desktop\Datovka.lnk
2016-12-27 22:58 - 2016-12-27 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CZ.NIC
2016-12-27 22:37 - 2016-12-27 22:38 - 13126284 _____ (CZ.NIC, z. s. p. o.) C:\Users\sosak\Downloads\datovka-4.7.0-windows.exe
2016-12-27 19:24 - 2016-12-28 21:18 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-27 19:24 - 2016-12-28 21:16 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-27 19:24 - 2016-12-28 21:15 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 19:24 - 2016-12-28 21:15 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-27 19:24 - 2016-12-28 21:15 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 19:24 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-27 19:20 - 2016-12-27 19:22 - 54199488 _____ (Malwarebytes ) C:\Users\sosak\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-27 17:09 - 2016-12-27 17:10 - 02964472 _____ (Google) C:\Users\sosak\Downloads\chrome_cleanup_tool.exe
2016-12-21 09:54 - 2016-12-21 09:54 - 00031884 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016.pdf
2016-12-21 09:54 - 2016-12-21 09:54 - 00025463 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016_EUR.pdf
2016-12-16 21:42 - 2016-12-16 21:42 - 00000000 ____D C:\Users\sosak\Documents\Shared Toad
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Dell
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Local\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-16 20:41 - 2016-12-16 20:41 - 00002106 _____ C:\Users\Public\Desktop\Toad for MySQL 7.9 Freeware.lnk
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-16 20:36 - 2016-11-07 15:57 - 94583128 _____ C:\Users\sosak\Downloads\toadformysql_freeware_7.9.0.637.exe
2016-12-15 01:11 - 2016-12-15 01:11 - 00000000 ____D C:\Users\sosak\.android
2016-12-15 00:50 - 2016-12-15 00:52 - 00000000 ____D C:\Users\sosak\AppData\Roaming\JetBrains
2016-12-15 00:49 - 2016-12-15 00:49 - 00000000 ____D C:\Users\sosak\.IdeaIC2016.3
2016-12-15 00:48 - 2016-12-15 00:48 - 00001052 _____ C:\Users\Public\Desktop\IntelliJ.lnk
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\Program Files (x86)\JetBrains
2016-12-14 01:18 - 2016-12-14 01:48 - 507957726 _____ C:\Users\sosak\Downloads\3.Dějiny-světa-Slovo-a-mec.avi
2016-12-13 13:51 - 2016-12-13 13:52 - 41409947 _____ C:\Users\sosak\Downloads\jfrog-artifactory-oss-4.14.3.zip
2016-12-13 12:14 - 2016-12-13 12:14 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-13 12:14 - 2016-12-13 12:14 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-12 17:00 - 2016-12-12 17:00 - 00004669 _____ C:\Users\sosak\Downloads\airbank_1095127016_2016-12-12_17-00.csv
2016-12-08 12:26 - 2016-12-08 12:26 - 00813854 _____ C:\Users\sosak\Downloads\Nepotvrzeno 494884.crdownload
2016-12-08 11:38 - 2016-12-08 11:38 - 00001208 _____ C:\Users\sosak\Desktop\Eclipse STS.lnk
2016-12-07 21:48 - 2016-12-07 21:48 - 00000000 ____D C:\Users\sosak\workspace-rasto
2016-12-07 20:46 - 2016-12-07 20:46 - 00000071 _____ C:\Users\sosak\.gitconfig
2016-12-07 20:23 - 2016-12-07 20:51 - 00000987 ____H C:\Users\sosak\_viminfo
2016-12-07 20:17 - 2016-12-07 20:18 - 00000000 ____D C:\Users\sosak\workspace-sofiane
2016-12-07 19:29 - 2016-12-07 19:29 - 00018786 _____ C:\Users\sosak\restsec_dev.trace.db
2016-12-07 19:25 - 2016-12-07 19:34 - 00012288 _____ C:\Users\sosak\restsec_dev.mv.db
2016-12-07 19:24 - 2016-12-07 19:34 - 00102400 _____ C:\Users\sosak\test.mv.db
2016-12-07 19:24 - 2016-12-07 19:30 - 00001402 _____ C:\Users\sosak\.h2.server.properties
2016-12-07 17:55 - 2016-12-07 18:12 - 358621320 _____ C:\Users\sosak\Downloads\ideaIC-2016.3.exe
2016-12-07 17:12 - 2016-12-12 22:13 - 00000000 ____D C:\Users\sosak\AppData\Local\Spring Tool Suite
2016-12-07 17:12 - 2016-12-07 17:16 - 00000000 ____D C:\Users\sosak\hsperfdata_sosak
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\sosak\workspace-sts-3.8.2.RELEASE
2016-12-07 17:12 - 2016-12-07 17:12 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Spring Tool Suite
2016-12-07 17:00 - 2016-12-07 17:10 - 00000000 ____D C:\Program Files\eclipse-sts-3.8.2
2016-12-06 21:19 - 2016-12-06 21:19 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Eclipse
2016-11-30 18:47 - 2016-11-30 18:49 - 27369704 _____ C:\Users\sosak\Downloads\elasticsearch-2.4.0.zip
2016-11-30 18:41 - 2016-11-30 18:49 - 00000000 ____D C:\_elasatic-search
2016-11-30 18:38 - 2016-11-30 18:40 - 32978684 _____ C:\Users\sosak\Downloads\elasticsearch-5.0.2.zip
2016-11-30 16:58 - 2016-11-30 16:58 - 68078424 _____ C:\Users\sosak\Documents\20161130_Anj's-EntireX-service-finished_ANJUMPC (765 428 983)_2016-11-30 16.32.tvs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 21:31 - 2015-02-03 16:55 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Skype
2016-12-28 21:26 - 2015-02-08 09:48 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
2016-12-28 21:23 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\AppData\Local\Eclipse
2016-12-28 21:22 - 2014-07-31 01:14 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-12-28 21:22 - 2014-07-31 01:14 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-12-28 21:22 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 21:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-28 21:20 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-28 21:20 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-28 21:15 - 2015-02-08 09:48 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
2016-12-28 21:15 - 2015-02-03 13:40 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-28 21:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-28 20:55 - 2015-02-08 16:34 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1423409685
2016-12-28 20:55 - 2015-02-08 16:34 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-28 20:53 - 2015-02-03 13:40 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-28 20:46 - 2009-07-14 05:45 - 00294936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-28 20:44 - 2015-02-03 19:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\vlc
2016-12-28 17:51 - 2016-07-14 11:06 - 00000000 ____D C:\Users\sosak\Desktop\TEPELNE CERPADLA
2016-12-28 17:48 - 2016-02-20 09:29 - 00000000 ____D C:\Users\sosak\Desktop\ZAHRADA
2016-12-28 17:48 - 2015-08-12 10:45 - 00000000 ____D C:\Users\sosak\Desktop\tebip-upload
2016-12-28 17:48 - 2015-05-20 14:52 - 00000000 ____D C:\Users\sosak\Desktop\E-BOOKS
2016-12-28 17:48 - 2015-02-15 12:39 - 00000000 ____D C:\Users\sosak\Desktop\!to-sort
2016-12-28 17:42 - 2015-05-20 14:51 - 00000000 ____D C:\Users\sosak\Desktop\CHALUPA
2016-12-28 16:18 - 2015-02-15 23:01 - 00000000 ____D C:\Users\sosak\AppData\Roaming\.dsgui
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 17:06 - 2015-02-03 17:39 - 00000600 _____ C:\Users\sosak\AppData\Local\PUTTY.RND
2016-12-23 00:06 - 2016-02-20 09:27 - 00000000 ____D C:\Users\sosak\Desktop\BWD21 datovka
2016-12-16 20:36 - 2015-02-03 15:44 - 00000000 ____D C:\Users\sosak\AppData\Roaming\GHISLER
2016-12-15 01:11 - 2015-02-03 15:27 - 00000000 ____D C:\Users\sosak
2016-12-14 21:18 - 2015-02-03 13:41 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:18 - 2015-02-03 13:41 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 13:55 - 2015-02-03 15:45 - 00064024 _____ C:\Users\sosak\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-13 12:14 - 2015-02-03 16:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-13 11:56 - 2016-01-20 19:02 - 00002238 ____H C:\Users\sosak\Documents\Default.rdp
2016-12-13 11:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-13 10:03 - 2009-07-14 06:08 - 00029662 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-12 22:11 - 2015-02-03 16:55 - 00000000 ____D C:\ProgramData\Skype
2016-12-12 22:10 - 2016-11-18 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-12 22:10 - 2016-01-14 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-12 22:10 - 2016-01-04 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-12 22:10 - 2015-02-03 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-08 15:56 - 2015-02-08 14:38 - 00000000 ____D C:\!data
2016-12-07 17:47 - 2016-09-29 22:11 - 00000000 ____D C:\Users\sosak\workspace-jee
2016-12-07 17:11 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\.eclipse
==================== Files in the root of some directories =======
2016-12-16 20:43 - 2016-12-16 20:40 - 0000162 _____ () C:\Program Files (x86)\INSTALL.LOG
2015-02-08 14:55 - 2016-11-25 00:52 - 0000600 _____ () C:\Users\sosak\AppData\Roaming\winscp.rnd
2015-04-05 12:37 - 2016-09-10 08:30 - 0017920 _____ () C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 17:39 - 2016-12-27 17:06 - 0000600 _____ () C:\Users\sosak\AppData\Local\PUTTY.RND
Some files in TEMP:
====================
C:\Users\sosak\AppData\Local\Temp\ExPromo.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\libeay32.dll
C:\Users\sosak\AppData\Local\Temp\msvcr120.dll
C:\Users\sosak\AppData\Local\Temp\procexp64.exe
C:\Users\sosak\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sosak\AppData\Local\Temp\sqlite3.dll
C:\Users\sosak\AppData\Local\Temp\SQLiteExpertPersSetup.exe
C:\Users\sosak\AppData\Local\Temp\vlc-2.2.4-win64.exe
C:\Users\sosak\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-15 23:27
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows) (Fixed) (Total:232.69 GB) (Free:35.72 GB) NTFS
Available physical RAM: 2499 MB
Total physical RAM: 8072.9 MB
Percentage of memory in use: 69%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F9FC87EB)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\sosak\Desktop" je 18267 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Re: Čínsky malware process - znate nekdo prosim?
A jeste Junkware Removal Tool log probehly asi pred pul hodkou:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by sosak (Administrator) on st 28.12.2016 at 21:07:33,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 17
Failed to delete: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VI7W51AO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK6E7UB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO5X311X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6PZ72R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK6E7UB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO5X311X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6PZ72R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VI7W51AO (Temporary Internet Files Folder)
Registry: 3
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5E9BA19F-E032-4A60-9A60-64552215D6C9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 28.12.2016 at 21:09:02,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by sosak (Administrator) on st 28.12.2016 at 21:07:33,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 17
Failed to delete: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VI7W51AO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK6E7UB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO5X311X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6PZ72R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK6E7UB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO5X311X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6PZ72R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VI7W51AO (Temporary Internet Files Folder)
Registry: 3
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5E9BA19F-E032-4A60-9A60-64552215D6C9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 28.12.2016 at 21:09:02,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Čínsky malware process - znate nekdo prosim?
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\sosak\AppData\Local\Temp
EmptyTemp:
End
Z logu:
To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\sosak novou složku, do které přesuňte věechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.Velikost slozky "C:\Users\sosak\Desktop" je 18267 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Čínsky malware process - znate nekdo prosim?
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by sosak (28-12-2016 23:09:59) Run:1
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\sosak\AppData\Local\Temp
EmptyTemp:
End
*****************
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2210224b-10dc-11e5-821c-028037ec0200}" => key removed successfully
HKCR\CLSID\{2210224b-10dc-11e5-821c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36dd8af2-f973-11e4-823c-028037ec0200}" => key removed successfully
HKCR\CLSID\{36dd8af2-f973-11e4-823c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af6593f-ae16-11e4-822c-028037ec0200}" => key removed successfully
HKCR\CLSID\{6af6593f-ae16-11e4-822c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af65d10-ae16-11e4-822c-028037ec0200}" => key removed successfully
HKCR\CLSID\{6af65d10-ae16-11e4-822c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af65d41-ae16-11e4-822c-028037ec0200}" => key removed successfully
HKCR\CLSID\{6af65d41-ae16-11e4-822c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d83b764c-b50b-11e4-950f-60d819b5ee5b}" => key removed successfully
HKCR\CLSID\{d83b764c-b50b-11e4-950f-60d819b5ee5b} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1e8c754-9c72-11e5-b3e6-028037ec0200}" => key removed successfully
HKCR\CLSID\{e1e8c754-9c72-11e5-b3e6-028037ec0200} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\sosak\AppData\Local\Temp" folder move:
Could not move "C:\Users\sosak\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22570309 B
Java, Flash, Steam htmlcache => 300 B
Windows/system/drivers => 16969632264 B
Edge => 0 B
Chrome => 1044342257 B
Firefox => 376964396 B
Opera => 407803397 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66088 B
LocalService => 647216 B
NetworkService => 875616 B
sosak => 682546034 B
RecycleBin => 712479912 B
EmptyTemp: => 18.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-12-2016 23:12:20)
C:\Users\sosak\AppData\Local\Temp => moved successfully
==== End of Fixlog 23:12:21 ====
Ran by sosak (28-12-2016 23:09:59) Run:1
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\sosak\AppData\Local\Temp
EmptyTemp:
End
*****************
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2210224b-10dc-11e5-821c-028037ec0200}" => key removed successfully
HKCR\CLSID\{2210224b-10dc-11e5-821c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36dd8af2-f973-11e4-823c-028037ec0200}" => key removed successfully
HKCR\CLSID\{36dd8af2-f973-11e4-823c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af6593f-ae16-11e4-822c-028037ec0200}" => key removed successfully
HKCR\CLSID\{6af6593f-ae16-11e4-822c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af65d10-ae16-11e4-822c-028037ec0200}" => key removed successfully
HKCR\CLSID\{6af65d10-ae16-11e4-822c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af65d41-ae16-11e4-822c-028037ec0200}" => key removed successfully
HKCR\CLSID\{6af65d41-ae16-11e4-822c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d83b764c-b50b-11e4-950f-60d819b5ee5b}" => key removed successfully
HKCR\CLSID\{d83b764c-b50b-11e4-950f-60d819b5ee5b} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1e8c754-9c72-11e5-b3e6-028037ec0200}" => key removed successfully
HKCR\CLSID\{e1e8c754-9c72-11e5-b3e6-028037ec0200} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\sosak\AppData\Local\Temp" folder move:
Could not move "C:\Users\sosak\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22570309 B
Java, Flash, Steam htmlcache => 300 B
Windows/system/drivers => 16969632264 B
Edge => 0 B
Chrome => 1044342257 B
Firefox => 376964396 B
Opera => 407803397 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66088 B
LocalService => 647216 B
NetworkService => 875616 B
sosak => 682546034 B
RecycleBin => 712479912 B
EmptyTemp: => 18.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-12-2016 23:12:20)
C:\Users\sosak\AppData\Local\Temp => moved successfully
==== End of Fixlog 23:12:21 ====
Re: Čínsky malware process - znate nekdo prosim?
FRST scan log po provedeni fixu:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by sosak (administrator) on POČÍTAČ (28-12-2016 23:26:27)
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Program Files\Redis\redis-server.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-05] (IDT, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6730432 2015-05-12] (SoftPerfect Research)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2016-09-01] (Apache Software Foundation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.158.128.2 8.8.8.8
Tcpip\..\Interfaces\{344E2E81-3A84-4859-A3AF-829922FF2D23}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{B2162D39-0738-4335-AE87-F58B023F625B}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{B2C61C60-B21C-42EC-B996-7FDE79335CC9}: [DhcpNameServer] 192.168.100.252
Tcpip\..\Interfaces\{BE8D4DB0-30E5-4A67-A064-4763529831D1}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{C99D2F0D-2B89-43CD-B44A-0F15B08EF887}: [DhcpNameServer] 192.168.200.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{CEA06CBE-7666-49F2-97BA-4B90A403CE29}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{EDF85E1D-0950-4146-8798-15F694AB28F9}: [DhcpNameServer] 212.158.128.2 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-29] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 2u8sc2k0.default
FF ProfilePath: C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default [2016-12-28]
FF Extension: (ChatZilla) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-11-04]
FF Extension: (Adblock Plus) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-14]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentace Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2016-12-28]
CHR Extension: (Dokumenty Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Session Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-02-08]
CHR Extension: (YouTube) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Adblock Plus) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (REST Console) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2015-02-08]
CHR Extension: (Vyhledávání Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Tabulky Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Postman) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-16]
CHR Extension: (Quick Javascript Switcher) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Bookmark Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-06]
CHR Extension: (ModHeader) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-26]
CHR Extension: (Bird Brawl) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfmnamhddafiplkkobdinpjcnidlplk [2015-04-28]
CHR Extension: (Flashcontrol) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-26]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2016-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-20] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2012-06-18] (O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1552896 2016-01-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2016-09-01] (Apache Software Foundation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-06-08] (Copyright(c) Digitech Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-20] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [639408 2012-06-15] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-05-25] ()
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-28] (Malwarebytes)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2012-06-18] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2012-06-18] (MCCI Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-04-30] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-06-18] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-06-18] (Novatel Wireless Inc.)
S3 percsas2; C:\Windows\system32\drivers\percsas2.sys [53584 2012-06-15] (LSI Corporation)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [8832 2012-05-10] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2012-05-10] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2012-07-04] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2012-07-04] (SUNIX Co., Ltd.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
S3 terahid; C:\Windows\system32\drivers\terahid.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terahidmapper; C:\Windows\system32\drivers\terahidmapper.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 teramouse; C:\Windows\system32\drivers\teramouse.sys [11264 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terapcoip; C:\Windows\system32\drivers\terapcoip.sys [37376 2012-06-14] (Windows (R) Win 7 DDK provider)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2012-06-18] (Ericsson AB)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 ptlser; \SystemRoot\system32\drivers\ptlser64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 23:26 - 2016-12-28 23:26 - 00019100 _____ C:\Users\sosak\Desktop\FRST.txt
2016-12-28 21:11 - 2016-12-28 21:11 - 03977168 _____ C:\Users\sosak\Downloads\AdwCleaner.exe
2016-12-28 20:40 - 2016-12-28 20:45 - 00000000 ____D C:\AdwCleaner
2016-12-28 18:53 - 2016-12-28 18:53 - 00016840 _____ C:\Users\sosak\Downloads\Nepotvrzeno 202175.crdownload
2016-12-28 18:16 - 2016-12-28 18:16 - 00000000 ____D C:\Program Files\trend micro
2016-12-28 18:08 - 2016-12-28 23:23 - 00000000 ____D C:\FRST
2016-12-28 18:05 - 2016-12-28 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
2016-12-28 18:02 - 2016-12-28 23:09 - 00000000 ____D C:\Users\sosak\Desktop\PC CLEANUP TOOLS
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\VCELY
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\DOMACNOST
2016-12-28 17:46 - 2016-12-28 17:52 - 00000000 ____D C:\Users\sosak\Desktop\PRACE
2016-12-28 17:40 - 2016-12-28 17:41 - 02420736 _____ (Farbar) C:\Users\sosak\Desktop\FRST64.exe
2016-12-27 22:58 - 2016-12-27 22:58 - 00002011 _____ C:\Users\Public\Desktop\Datovka.lnk
2016-12-27 22:58 - 2016-12-27 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CZ.NIC
2016-12-27 22:37 - 2016-12-27 22:38 - 13126284 _____ (CZ.NIC, z. s. p. o.) C:\Users\sosak\Downloads\datovka-4.7.0-windows.exe
2016-12-27 19:24 - 2016-12-28 23:20 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 19:24 - 2016-12-28 23:20 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-27 19:24 - 2016-12-28 23:20 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-27 19:24 - 2016-12-28 23:20 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-27 19:24 - 2016-12-28 21:16 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 19:24 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-27 19:20 - 2016-12-27 19:22 - 54199488 _____ (Malwarebytes ) C:\Users\sosak\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-27 17:09 - 2016-12-27 17:10 - 02964472 _____ (Google) C:\Users\sosak\Downloads\chrome_cleanup_tool.exe
2016-12-21 09:54 - 2016-12-21 09:54 - 00031884 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016.pdf
2016-12-21 09:54 - 2016-12-21 09:54 - 00025463 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016_EUR.pdf
2016-12-16 21:42 - 2016-12-16 21:42 - 00000000 ____D C:\Users\sosak\Documents\Shared Toad
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Dell
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Local\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-16 20:41 - 2016-12-16 20:41 - 00002106 _____ C:\Users\Public\Desktop\Toad for MySQL 7.9 Freeware.lnk
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-16 20:36 - 2016-11-07 15:57 - 94583128 _____ C:\Users\sosak\Downloads\toadformysql_freeware_7.9.0.637.exe
2016-12-15 01:11 - 2016-12-15 01:11 - 00000000 ____D C:\Users\sosak\.android
2016-12-15 00:50 - 2016-12-15 00:52 - 00000000 ____D C:\Users\sosak\AppData\Roaming\JetBrains
2016-12-15 00:49 - 2016-12-15 00:49 - 00000000 ____D C:\Users\sosak\.IdeaIC2016.3
2016-12-15 00:48 - 2016-12-15 00:48 - 00001052 _____ C:\Users\Public\Desktop\IntelliJ.lnk
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\Program Files (x86)\JetBrains
2016-12-14 01:18 - 2016-12-14 01:48 - 507957726 _____ C:\Users\sosak\Downloads\3.Dějiny-světa-Slovo-a-mec.avi
2016-12-13 13:51 - 2016-12-13 13:52 - 41409947 _____ C:\Users\sosak\Downloads\jfrog-artifactory-oss-4.14.3.zip
2016-12-13 12:14 - 2016-12-13 12:14 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-13 12:14 - 2016-12-13 12:14 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-12 17:00 - 2016-12-12 17:00 - 00004669 _____ C:\Users\sosak\Downloads\airbank_1095127016_2016-12-12_17-00.csv
2016-12-08 12:26 - 2016-12-08 12:26 - 00813854 _____ C:\Users\sosak\Downloads\Nepotvrzeno 494884.crdownload
2016-12-08 11:38 - 2016-12-08 11:38 - 00001208 _____ C:\Users\sosak\Desktop\Eclipse STS.lnk
2016-12-07 21:48 - 2016-12-07 21:48 - 00000000 ____D C:\Users\sosak\workspace-rasto
2016-12-07 20:46 - 2016-12-07 20:46 - 00000071 _____ C:\Users\sosak\.gitconfig
2016-12-07 20:23 - 2016-12-07 20:51 - 00000987 ____H C:\Users\sosak\_viminfo
2016-12-07 20:17 - 2016-12-07 20:18 - 00000000 ____D C:\Users\sosak\workspace-sofiane
2016-12-07 19:29 - 2016-12-07 19:29 - 00018786 _____ C:\Users\sosak\restsec_dev.trace.db
2016-12-07 19:25 - 2016-12-07 19:34 - 00012288 _____ C:\Users\sosak\restsec_dev.mv.db
2016-12-07 19:24 - 2016-12-07 19:34 - 00102400 _____ C:\Users\sosak\test.mv.db
2016-12-07 19:24 - 2016-12-07 19:30 - 00001402 _____ C:\Users\sosak\.h2.server.properties
2016-12-07 17:55 - 2016-12-07 18:12 - 358621320 _____ C:\Users\sosak\Downloads\ideaIC-2016.3.exe
2016-12-07 17:12 - 2016-12-12 22:13 - 00000000 ____D C:\Users\sosak\AppData\Local\Spring Tool Suite
2016-12-07 17:12 - 2016-12-07 17:16 - 00000000 ____D C:\Users\sosak\hsperfdata_sosak
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\sosak\workspace-sts-3.8.2.RELEASE
2016-12-07 17:12 - 2016-12-07 17:12 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Spring Tool Suite
2016-12-07 17:00 - 2016-12-07 17:10 - 00000000 ____D C:\Program Files\eclipse-sts-3.8.2
2016-12-06 21:19 - 2016-12-06 21:19 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Eclipse
2016-11-30 18:47 - 2016-11-30 18:49 - 27369704 _____ C:\Users\sosak\Downloads\elasticsearch-2.4.0.zip
2016-11-30 18:41 - 2016-11-30 18:49 - 00000000 ____D C:\_elasatic-search
2016-11-30 18:38 - 2016-11-30 18:40 - 32978684 _____ C:\Users\sosak\Downloads\elasticsearch-5.0.2.zip
2016-11-30 16:58 - 2016-11-30 16:58 - 68078424 _____ C:\Users\sosak\Documents\20161130_Anj's-EntireX-service-finished_ANJUMPC (765 428 983)_2016-11-30 16.32.tvs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 23:26 - 2014-07-31 01:14 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-12-28 23:26 - 2014-07-31 01:14 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-12-28 23:26 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 23:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-28 23:24 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-28 23:24 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-28 23:20 - 2015-02-03 16:55 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Skype
2016-12-28 23:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-28 21:23 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\AppData\Local\Eclipse
2016-12-28 20:55 - 2015-02-08 16:34 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1423409685
2016-12-28 20:55 - 2015-02-08 16:34 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-28 20:46 - 2009-07-14 05:45 - 00294936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-28 20:44 - 2015-02-03 19:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\vlc
2016-12-28 17:51 - 2016-07-14 11:06 - 00000000 ____D C:\Users\sosak\Desktop\TEPELNE CERPADLA
2016-12-28 17:48 - 2016-02-20 09:29 - 00000000 ____D C:\Users\sosak\Desktop\ZAHRADA
2016-12-28 17:48 - 2015-08-12 10:45 - 00000000 ____D C:\Users\sosak\Desktop\tebip-upload
2016-12-28 17:48 - 2015-05-20 14:52 - 00000000 ____D C:\Users\sosak\Desktop\E-BOOKS
2016-12-28 17:48 - 2015-02-15 12:39 - 00000000 ____D C:\Users\sosak\Documents\!to-sort
2016-12-28 17:42 - 2015-05-20 14:51 - 00000000 ____D C:\Users\sosak\Desktop\CHALUPA
2016-12-28 16:18 - 2015-02-15 23:01 - 00000000 ____D C:\Users\sosak\AppData\Roaming\.dsgui
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 17:06 - 2015-02-03 17:39 - 00000600 _____ C:\Users\sosak\AppData\Local\PUTTY.RND
2016-12-23 00:06 - 2016-02-20 09:27 - 00000000 ____D C:\Users\sosak\Desktop\BWD21 datovka
2016-12-16 20:36 - 2015-02-03 15:44 - 00000000 ____D C:\Users\sosak\AppData\Roaming\GHISLER
2016-12-15 01:11 - 2015-02-03 15:27 - 00000000 ____D C:\Users\sosak
2016-12-14 21:18 - 2015-02-03 13:41 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:18 - 2015-02-03 13:41 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 13:55 - 2015-02-03 15:45 - 00064024 _____ C:\Users\sosak\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-13 12:14 - 2015-02-03 16:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-13 11:56 - 2016-01-20 19:02 - 00002238 ____H C:\Users\sosak\Documents\Default.rdp
2016-12-13 11:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-13 10:03 - 2009-07-14 06:08 - 00030126 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-12 22:11 - 2015-02-03 16:55 - 00000000 ____D C:\ProgramData\Skype
2016-12-12 22:10 - 2016-11-18 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-12 22:10 - 2016-01-14 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-12 22:10 - 2016-01-04 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-12 22:10 - 2015-02-03 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-08 15:56 - 2015-02-08 14:38 - 00000000 ____D C:\!data
2016-12-07 17:47 - 2016-09-29 22:11 - 00000000 ____D C:\Users\sosak\workspace-jee
2016-12-07 17:11 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\.eclipse
==================== Files in the root of some directories =======
2016-12-16 20:43 - 2016-12-16 20:40 - 0000162 _____ () C:\Program Files (x86)\INSTALL.LOG
2015-02-08 14:55 - 2016-11-25 00:52 - 0000600 _____ () C:\Users\sosak\AppData\Roaming\winscp.rnd
2015-02-03 17:39 - 2016-12-27 17:06 - 0000600 _____ () C:\Users\sosak\AppData\Local\PUTTY.RND
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\sosak\Desktop" je 241 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by sosak (administrator) on POČÍTAČ (28-12-2016 23:26:27)
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Program Files\Redis\redis-server.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-05] (IDT, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6730432 2015-05-12] (SoftPerfect Research)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2016-09-01] (Apache Software Foundation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.158.128.2 8.8.8.8
Tcpip\..\Interfaces\{344E2E81-3A84-4859-A3AF-829922FF2D23}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{B2162D39-0738-4335-AE87-F58B023F625B}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{B2C61C60-B21C-42EC-B996-7FDE79335CC9}: [DhcpNameServer] 192.168.100.252
Tcpip\..\Interfaces\{BE8D4DB0-30E5-4A67-A064-4763529831D1}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{C99D2F0D-2B89-43CD-B44A-0F15B08EF887}: [DhcpNameServer] 192.168.200.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{CEA06CBE-7666-49F2-97BA-4B90A403CE29}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{EDF85E1D-0950-4146-8798-15F694AB28F9}: [DhcpNameServer] 212.158.128.2 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-29] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 2u8sc2k0.default
FF ProfilePath: C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default [2016-12-28]
FF Extension: (ChatZilla) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-11-04]
FF Extension: (Adblock Plus) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-14]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentace Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2016-12-28]
CHR Extension: (Dokumenty Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Session Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-02-08]
CHR Extension: (YouTube) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Adblock Plus) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (REST Console) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2015-02-08]
CHR Extension: (Vyhledávání Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Tabulky Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Postman) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-16]
CHR Extension: (Quick Javascript Switcher) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Bookmark Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-06]
CHR Extension: (ModHeader) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-26]
CHR Extension: (Bird Brawl) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfmnamhddafiplkkobdinpjcnidlplk [2015-04-28]
CHR Extension: (Flashcontrol) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-26]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2016-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-20] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2012-06-18] (O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1552896 2016-01-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2016-09-01] (Apache Software Foundation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-06-08] (Copyright(c) Digitech Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-20] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [639408 2012-06-15] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-05-25] ()
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-28] (Malwarebytes)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2012-06-18] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2012-06-18] (MCCI Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-04-30] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-06-18] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-06-18] (Novatel Wireless Inc.)
S3 percsas2; C:\Windows\system32\drivers\percsas2.sys [53584 2012-06-15] (LSI Corporation)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [8832 2012-05-10] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2012-05-10] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2012-07-04] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2012-07-04] (SUNIX Co., Ltd.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
S3 terahid; C:\Windows\system32\drivers\terahid.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terahidmapper; C:\Windows\system32\drivers\terahidmapper.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 teramouse; C:\Windows\system32\drivers\teramouse.sys [11264 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terapcoip; C:\Windows\system32\drivers\terapcoip.sys [37376 2012-06-14] (Windows (R) Win 7 DDK provider)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2012-06-18] (Ericsson AB)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 ptlser; \SystemRoot\system32\drivers\ptlser64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 23:26 - 2016-12-28 23:26 - 00019100 _____ C:\Users\sosak\Desktop\FRST.txt
2016-12-28 21:11 - 2016-12-28 21:11 - 03977168 _____ C:\Users\sosak\Downloads\AdwCleaner.exe
2016-12-28 20:40 - 2016-12-28 20:45 - 00000000 ____D C:\AdwCleaner
2016-12-28 18:53 - 2016-12-28 18:53 - 00016840 _____ C:\Users\sosak\Downloads\Nepotvrzeno 202175.crdownload
2016-12-28 18:16 - 2016-12-28 18:16 - 00000000 ____D C:\Program Files\trend micro
2016-12-28 18:08 - 2016-12-28 23:23 - 00000000 ____D C:\FRST
2016-12-28 18:05 - 2016-12-28 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
2016-12-28 18:02 - 2016-12-28 23:09 - 00000000 ____D C:\Users\sosak\Desktop\PC CLEANUP TOOLS
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\VCELY
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\DOMACNOST
2016-12-28 17:46 - 2016-12-28 17:52 - 00000000 ____D C:\Users\sosak\Desktop\PRACE
2016-12-28 17:40 - 2016-12-28 17:41 - 02420736 _____ (Farbar) C:\Users\sosak\Desktop\FRST64.exe
2016-12-27 22:58 - 2016-12-27 22:58 - 00002011 _____ C:\Users\Public\Desktop\Datovka.lnk
2016-12-27 22:58 - 2016-12-27 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CZ.NIC
2016-12-27 22:37 - 2016-12-27 22:38 - 13126284 _____ (CZ.NIC, z. s. p. o.) C:\Users\sosak\Downloads\datovka-4.7.0-windows.exe
2016-12-27 19:24 - 2016-12-28 23:20 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 19:24 - 2016-12-28 23:20 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-27 19:24 - 2016-12-28 23:20 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-27 19:24 - 2016-12-28 23:20 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-27 19:24 - 2016-12-28 21:16 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 19:24 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-27 19:20 - 2016-12-27 19:22 - 54199488 _____ (Malwarebytes ) C:\Users\sosak\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-27 17:09 - 2016-12-27 17:10 - 02964472 _____ (Google) C:\Users\sosak\Downloads\chrome_cleanup_tool.exe
2016-12-21 09:54 - 2016-12-21 09:54 - 00031884 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016.pdf
2016-12-21 09:54 - 2016-12-21 09:54 - 00025463 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016_EUR.pdf
2016-12-16 21:42 - 2016-12-16 21:42 - 00000000 ____D C:\Users\sosak\Documents\Shared Toad
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Dell
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Local\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-16 20:41 - 2016-12-16 20:41 - 00002106 _____ C:\Users\Public\Desktop\Toad for MySQL 7.9 Freeware.lnk
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-16 20:36 - 2016-11-07 15:57 - 94583128 _____ C:\Users\sosak\Downloads\toadformysql_freeware_7.9.0.637.exe
2016-12-15 01:11 - 2016-12-15 01:11 - 00000000 ____D C:\Users\sosak\.android
2016-12-15 00:50 - 2016-12-15 00:52 - 00000000 ____D C:\Users\sosak\AppData\Roaming\JetBrains
2016-12-15 00:49 - 2016-12-15 00:49 - 00000000 ____D C:\Users\sosak\.IdeaIC2016.3
2016-12-15 00:48 - 2016-12-15 00:48 - 00001052 _____ C:\Users\Public\Desktop\IntelliJ.lnk
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\Program Files (x86)\JetBrains
2016-12-14 01:18 - 2016-12-14 01:48 - 507957726 _____ C:\Users\sosak\Downloads\3.Dějiny-světa-Slovo-a-mec.avi
2016-12-13 13:51 - 2016-12-13 13:52 - 41409947 _____ C:\Users\sosak\Downloads\jfrog-artifactory-oss-4.14.3.zip
2016-12-13 12:14 - 2016-12-13 12:14 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-13 12:14 - 2016-12-13 12:14 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-12 17:00 - 2016-12-12 17:00 - 00004669 _____ C:\Users\sosak\Downloads\airbank_1095127016_2016-12-12_17-00.csv
2016-12-08 12:26 - 2016-12-08 12:26 - 00813854 _____ C:\Users\sosak\Downloads\Nepotvrzeno 494884.crdownload
2016-12-08 11:38 - 2016-12-08 11:38 - 00001208 _____ C:\Users\sosak\Desktop\Eclipse STS.lnk
2016-12-07 21:48 - 2016-12-07 21:48 - 00000000 ____D C:\Users\sosak\workspace-rasto
2016-12-07 20:46 - 2016-12-07 20:46 - 00000071 _____ C:\Users\sosak\.gitconfig
2016-12-07 20:23 - 2016-12-07 20:51 - 00000987 ____H C:\Users\sosak\_viminfo
2016-12-07 20:17 - 2016-12-07 20:18 - 00000000 ____D C:\Users\sosak\workspace-sofiane
2016-12-07 19:29 - 2016-12-07 19:29 - 00018786 _____ C:\Users\sosak\restsec_dev.trace.db
2016-12-07 19:25 - 2016-12-07 19:34 - 00012288 _____ C:\Users\sosak\restsec_dev.mv.db
2016-12-07 19:24 - 2016-12-07 19:34 - 00102400 _____ C:\Users\sosak\test.mv.db
2016-12-07 19:24 - 2016-12-07 19:30 - 00001402 _____ C:\Users\sosak\.h2.server.properties
2016-12-07 17:55 - 2016-12-07 18:12 - 358621320 _____ C:\Users\sosak\Downloads\ideaIC-2016.3.exe
2016-12-07 17:12 - 2016-12-12 22:13 - 00000000 ____D C:\Users\sosak\AppData\Local\Spring Tool Suite
2016-12-07 17:12 - 2016-12-07 17:16 - 00000000 ____D C:\Users\sosak\hsperfdata_sosak
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\sosak\workspace-sts-3.8.2.RELEASE
2016-12-07 17:12 - 2016-12-07 17:12 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Spring Tool Suite
2016-12-07 17:00 - 2016-12-07 17:10 - 00000000 ____D C:\Program Files\eclipse-sts-3.8.2
2016-12-06 21:19 - 2016-12-06 21:19 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Eclipse
2016-11-30 18:47 - 2016-11-30 18:49 - 27369704 _____ C:\Users\sosak\Downloads\elasticsearch-2.4.0.zip
2016-11-30 18:41 - 2016-11-30 18:49 - 00000000 ____D C:\_elasatic-search
2016-11-30 18:38 - 2016-11-30 18:40 - 32978684 _____ C:\Users\sosak\Downloads\elasticsearch-5.0.2.zip
2016-11-30 16:58 - 2016-11-30 16:58 - 68078424 _____ C:\Users\sosak\Documents\20161130_Anj's-EntireX-service-finished_ANJUMPC (765 428 983)_2016-11-30 16.32.tvs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-28 23:26 - 2014-07-31 01:14 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-12-28 23:26 - 2014-07-31 01:14 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-12-28 23:26 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 23:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-28 23:24 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-28 23:24 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-28 23:20 - 2015-02-03 16:55 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Skype
2016-12-28 23:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-28 21:23 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\AppData\Local\Eclipse
2016-12-28 20:55 - 2015-02-08 16:34 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1423409685
2016-12-28 20:55 - 2015-02-08 16:34 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-28 20:46 - 2009-07-14 05:45 - 00294936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-28 20:44 - 2015-02-03 19:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\vlc
2016-12-28 17:51 - 2016-07-14 11:06 - 00000000 ____D C:\Users\sosak\Desktop\TEPELNE CERPADLA
2016-12-28 17:48 - 2016-02-20 09:29 - 00000000 ____D C:\Users\sosak\Desktop\ZAHRADA
2016-12-28 17:48 - 2015-08-12 10:45 - 00000000 ____D C:\Users\sosak\Desktop\tebip-upload
2016-12-28 17:48 - 2015-05-20 14:52 - 00000000 ____D C:\Users\sosak\Desktop\E-BOOKS
2016-12-28 17:48 - 2015-02-15 12:39 - 00000000 ____D C:\Users\sosak\Documents\!to-sort
2016-12-28 17:42 - 2015-05-20 14:51 - 00000000 ____D C:\Users\sosak\Desktop\CHALUPA
2016-12-28 16:18 - 2015-02-15 23:01 - 00000000 ____D C:\Users\sosak\AppData\Roaming\.dsgui
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 17:06 - 2015-02-03 17:39 - 00000600 _____ C:\Users\sosak\AppData\Local\PUTTY.RND
2016-12-23 00:06 - 2016-02-20 09:27 - 00000000 ____D C:\Users\sosak\Desktop\BWD21 datovka
2016-12-16 20:36 - 2015-02-03 15:44 - 00000000 ____D C:\Users\sosak\AppData\Roaming\GHISLER
2016-12-15 01:11 - 2015-02-03 15:27 - 00000000 ____D C:\Users\sosak
2016-12-14 21:18 - 2015-02-03 13:41 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:18 - 2015-02-03 13:41 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 13:55 - 2015-02-03 15:45 - 00064024 _____ C:\Users\sosak\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-13 12:14 - 2015-02-03 16:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-13 11:56 - 2016-01-20 19:02 - 00002238 ____H C:\Users\sosak\Documents\Default.rdp
2016-12-13 11:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-13 10:03 - 2009-07-14 06:08 - 00030126 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-12 22:11 - 2015-02-03 16:55 - 00000000 ____D C:\ProgramData\Skype
2016-12-12 22:10 - 2016-11-18 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-12 22:10 - 2016-01-14 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-12 22:10 - 2016-01-04 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-12 22:10 - 2015-02-03 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-08 15:56 - 2015-02-08 14:38 - 00000000 ____D C:\!data
2016-12-07 17:47 - 2016-09-29 22:11 - 00000000 ____D C:\Users\sosak\workspace-jee
2016-12-07 17:11 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\.eclipse
==================== Files in the root of some directories =======
2016-12-16 20:43 - 2016-12-16 20:40 - 0000162 _____ () C:\Program Files (x86)\INSTALL.LOG
2015-02-08 14:55 - 2016-11-25 00:52 - 0000600 _____ () C:\Users\sosak\AppData\Roaming\winscp.rnd
2015-02-03 17:39 - 2016-12-27 17:06 - 0000600 _____ () C:\Users\sosak\AppData\Local\PUTTY.RND
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\sosak\Desktop" je 241 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Re: Čínsky malware process - znate nekdo prosim?
Dekuju vam za veskerou pomoc a vas cas Rudy a dobry krok v novy rok 2017 vam preju. 
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Čínsky malware process - znate nekdo prosim?
Vše smazáno. Šťastný a veselý a nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?