VIRY.CZ

Ahojte,

prubezne me v bezi Process Explorer (PE) a vcera kdyz jsem do nej juknul tak jsem tam videl proces ktery mel:
- nazev procesu: cinske znaky
- ikonka procesu: ala google chrome
- popis vyrobce nebo procesu byl zmatecny ala "ekern.exe >25% ... " kde ekern.exe je proces esetackeho nod32 kernelu..

Kdyz jsem se pokusil na proces blize juknout skrze pravy klik nad pocesem v PE -> "Properties" tak se PE zesypal - pak proces zmizel. Podobny problem popisuje typek na foru bleepingcomputer.com - zatim bez odpovedi - https://www.bleepingcomputer.com/forums ... -explorer/

Jsem vocas, ze jsem si nejdrive neudelal printscreen...

Pouzivam bezne ESET NOD32 + vcera jsem nainstaloval k tomu Malwarebytes Premium 3.0 v Trialu - oba tvrdi ze je vse OK ale nechce se me verit...

Nepotkali jste se s tim nekdo prosim? Rekl bych se se to asi ted bude schovavat ale presto - juknete prosim jestli je neco neobvykleho v logu?:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by sosak (administrator) on POČÍTAČ (28-12-2016 18:08:54)
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Program Files\Redis\redis-server.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files\Java\jdk1.8.0_31\bin\java.exe
(Aestan Software) C:\wamp\wampmanager.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
() C:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
() C:\Program Files\eclipse-sts-3.8.2\sts-3.8.2.RELEASE\STS.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files\MySQL\MySQL Workbench 6.3 CE\MySQLWorkbench.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\eclipse\eclipse.exe
() C:\Program Files (x86)\Git\bin\sh.exe
(Simon Tatham) C:\Users\sosak\Desktop\putty.exe
(Simon Tatham) C:\Users\sosak\Desktop\putty.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Simon Tatham) C:\Users\sosak\Desktop\putty.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Sysinternals - http://www.sysinternals.com) C:\Users\sosak\Desktop\procexp.exe
(Sysinternals - http://www.sysinternals.com) C:\Users\sosak\AppData\Local\Temp\procexp64.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-05] (IDT, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6730432 2015-05-12] (SoftPerfect Research)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2016-09-01] (Apache Software Foundation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.158.128.2 8.8.8.8
Tcpip\..\Interfaces\{344E2E81-3A84-4859-A3AF-829922FF2D23}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{B2162D39-0738-4335-AE87-F58B023F625B}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{B2C61C60-B21C-42EC-B996-7FDE79335CC9}: [DhcpNameServer] 192.168.100.252
Tcpip\..\Interfaces\{BE8D4DB0-30E5-4A67-A064-4763529831D1}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{C99D2F0D-2B89-43CD-B44A-0F15B08EF887}: [DhcpNameServer] 192.168.200.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{CEA06CBE-7666-49F2-97BA-4B90A403CE29}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{EDF85E1D-0950-4146-8798-15F694AB28F9}: [DhcpNameServer] 212.158.128.2 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-29] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 2u8sc2k0.default
FF ProfilePath: C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default [2016-12-08]
FF Extension: (ChatZilla) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-11-04]
FF Extension: (Adblock Plus) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-14]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentace Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
CHR Extension: (Dokumenty Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Session Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-02-08]
CHR Extension: (YouTube) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Adblock Plus) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (JSONView) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2015-09-10]
CHR Extension: (REST Console) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2015-02-08]
CHR Extension: (Vyhledávání Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Tabulky Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Postman) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-16]
CHR Extension: (Quick Javascript Switcher) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Bookmark Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-06]
CHR Extension: (Live HTTP Headers) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2016-11-02]
CHR Extension: (ModHeader) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-26]
CHR Extension: (Bird Brawl) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfmnamhddafiplkkobdinpjcnidlplk [2015-04-28]
CHR Extension: (Flashcontrol) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-26]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2016-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-20] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2012-06-18] (O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1552896 2016-01-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2016-09-01] (Apache Software Foundation)
R3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
R3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-06-08] (Copyright(c) Digitech Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-20] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [639408 2012-06-15] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-05-25] ()
R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-27] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-27] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-27] (Malwarebytes)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2012-06-18] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2012-06-18] (MCCI Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-04-30] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-06-18] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-06-18] (Novatel Wireless Inc.)
S3 percsas2; C:\Windows\system32\drivers\percsas2.sys [53584 2012-06-15] (LSI Corporation)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [8832 2012-05-10] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2012-05-10] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2012-07-04] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2012-07-04] (SUNIX Co., Ltd.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
S3 terahid; C:\Windows\system32\drivers\terahid.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terahidmapper; C:\Windows\system32\drivers\terahidmapper.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 teramouse; C:\Windows\system32\drivers\teramouse.sys [11264 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terapcoip; C:\Windows\system32\drivers\terapcoip.sys [37376 2012-06-14] (Windows (R) Win 7 DDK provider)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2012-06-18] (Ericsson AB)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 ptlser; \SystemRoot\system32\drivers\ptlser64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-28 18:08 - 2016-12-28 18:09 - 00025055 _____ C:\Users\sosak\Desktop\FRST.txt
2016-12-28 18:08 - 2016-12-28 18:08 - 00000000 ____D C:\FRST
2016-12-28 18:05 - 2016-12-28 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
2016-12-28 18:03 - 2016-12-28 18:03 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Downloads\Nepotvrzeno 887829.crdownload
2016-12-28 18:02 - 2016-12-28 18:07 - 00000000 ____D C:\Users\sosak\Desktop\PC CLEANUP TOOLS
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\VCELY
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\DOMACNOST
2016-12-28 17:46 - 2016-12-28 17:52 - 00000000 ____D C:\Users\sosak\Desktop\PRACE
2016-12-28 17:40 - 2016-12-28 17:41 - 02420736 _____ (Farbar) C:\Users\sosak\Desktop\FRST64.exe
2016-12-27 22:58 - 2016-12-27 22:58 - 00002011 _____ C:\Users\Public\Desktop\Datovka.lnk
2016-12-27 22:58 - 2016-12-27 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CZ.NIC
2016-12-27 22:37 - 2016-12-27 22:38 - 13126284 _____ (CZ.NIC, z. s. p. o.) C:\Users\sosak\Downloads\datovka-4.7.0-windows.exe
2016-12-27 19:24 - 2016-12-27 22:27 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-27 19:24 - 2016-12-27 19:25 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-27 19:24 - 2016-12-27 19:25 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-27 19:24 - 2016-12-27 19:25 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 19:24 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-27 19:20 - 2016-12-27 19:22 - 54199488 _____ (Malwarebytes ) C:\Users\sosak\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-27 17:10 - 2016-12-27 17:10 - 00000326 _____ C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job
2016-12-27 17:09 - 2016-12-27 17:10 - 02964472 _____ (Google) C:\Users\sosak\Downloads\chrome_cleanup_tool.exe
2016-12-21 09:54 - 2016-12-21 09:54 - 00031884 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016.pdf
2016-12-21 09:54 - 2016-12-21 09:54 - 00025463 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016_EUR.pdf
2016-12-16 21:42 - 2016-12-16 21:42 - 00000000 ____D C:\Users\sosak\Documents\Shared Toad
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Dell
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Local\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-16 20:41 - 2016-12-16 20:41 - 00002106 _____ C:\Users\Public\Desktop\Toad for MySQL 7.9 Freeware.lnk
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-16 20:36 - 2016-11-07 15:57 - 94583128 _____ C:\Users\sosak\Downloads\toadformysql_freeware_7.9.0.637.exe
2016-12-15 01:11 - 2016-12-15 01:11 - 00000000 ____D C:\Users\sosak\.android
2016-12-15 00:50 - 2016-12-15 00:52 - 00000000 ____D C:\Users\sosak\AppData\Roaming\JetBrains
2016-12-15 00:49 - 2016-12-15 00:49 - 00000000 ____D C:\Users\sosak\.IdeaIC2016.3
2016-12-15 00:48 - 2016-12-15 00:48 - 00001052 _____ C:\Users\Public\Desktop\IntelliJ.lnk
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\Program Files (x86)\JetBrains
2016-12-14 01:18 - 2016-12-14 01:48 - 507957726 _____ C:\Users\sosak\Downloads\3.Dějiny-světa-Slovo-a-mec.avi
2016-12-13 13:51 - 2016-12-13 13:52 - 41409947 _____ C:\Users\sosak\Downloads\jfrog-artifactory-oss-4.14.3.zip
2016-12-13 12:14 - 2016-12-13 12:14 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-13 12:14 - 2016-12-13 12:14 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-12 17:00 - 2016-12-12 17:00 - 00004669 _____ C:\Users\sosak\Downloads\airbank_1095127016_2016-12-12_17-00.csv
2016-12-08 12:26 - 2016-12-08 12:26 - 00813854 _____ C:\Users\sosak\Downloads\Nepotvrzeno 494884.crdownload
2016-12-08 11:38 - 2016-12-08 11:38 - 00001208 _____ C:\Users\sosak\Desktop\Eclipse STS.lnk
2016-12-07 21:48 - 2016-12-07 21:48 - 00000000 ____D C:\Users\sosak\workspace-rasto
2016-12-07 20:46 - 2016-12-07 20:46 - 00000071 _____ C:\Users\sosak\.gitconfig
2016-12-07 20:23 - 2016-12-07 20:51 - 00000987 ____H C:\Users\sosak\_viminfo
2016-12-07 20:17 - 2016-12-07 20:18 - 00000000 ____D C:\Users\sosak\workspace-sofiane
2016-12-07 19:29 - 2016-12-07 19:29 - 00018786 _____ C:\Users\sosak\restsec_dev.trace.db
2016-12-07 19:25 - 2016-12-07 19:34 - 00012288 _____ C:\Users\sosak\restsec_dev.mv.db
2016-12-07 19:24 - 2016-12-07 19:34 - 00102400 _____ C:\Users\sosak\test.mv.db
2016-12-07 19:24 - 2016-12-07 19:30 - 00001402 _____ C:\Users\sosak\.h2.server.properties
2016-12-07 17:55 - 2016-12-07 18:12 - 358621320 _____ C:\Users\sosak\Downloads\ideaIC-2016.3.exe
2016-12-07 17:12 - 2016-12-12 22:13 - 00000000 ____D C:\Users\sosak\AppData\Local\Spring Tool Suite
2016-12-07 17:12 - 2016-12-07 17:16 - 00000000 ____D C:\Users\sosak\hsperfdata_sosak
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\sosak\workspace-sts-3.8.2.RELEASE
2016-12-07 17:12 - 2016-12-07 17:12 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Spring Tool Suite
2016-12-07 17:00 - 2016-12-07 17:10 - 00000000 ____D C:\Program Files\eclipse-sts-3.8.2
2016-12-06 21:19 - 2016-12-06 21:19 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Eclipse
2016-11-30 18:47 - 2016-11-30 18:49 - 27369704 _____ C:\Users\sosak\Downloads\elasticsearch-2.4.0.zip
2016-11-30 18:41 - 2016-11-30 18:49 - 00000000 ____D C:\_elasatic-search
2016-11-30 18:38 - 2016-11-30 18:40 - 32978684 _____ C:\Users\sosak\Downloads\elasticsearch-5.0.2.zip
2016-11-30 16:58 - 2016-11-30 16:58 - 68078424 _____ C:\Users\sosak\Documents\20161130_Anj's-EntireX-service-finished_ANJUMPC (765 428 983)_2016-11-30 16.32.tvs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-28 18:01 - 2015-02-03 16:55 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Skype
2016-12-28 17:51 - 2016-07-14 11:06 - 00000000 ____D C:\Users\sosak\Desktop\TEPELNE CERPADLA
2016-12-28 17:48 - 2016-02-20 09:29 - 00000000 ____D C:\Users\sosak\Desktop\ZAHRADA
2016-12-28 17:48 - 2015-08-12 10:45 - 00000000 ____D C:\Users\sosak\Desktop\tebip-upload
2016-12-28 17:48 - 2015-05-20 14:52 - 00000000 ____D C:\Users\sosak\Desktop\E-BOOKS
2016-12-28 17:48 - 2015-02-15 12:39 - 00000000 ____D C:\Users\sosak\Desktop\!to-sort
2016-12-28 17:45 - 2015-02-03 19:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\vlc
2016-12-28 17:42 - 2015-05-20 14:51 - 00000000 ____D C:\Users\sosak\Desktop\CHALUPA
2016-12-28 17:18 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-28 17:18 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-28 17:17 - 2014-07-31 01:14 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-12-28 17:17 - 2014-07-31 01:14 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-12-28 17:17 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 17:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-28 16:18 - 2015-02-15 23:01 - 00000000 ____D C:\Users\sosak\AppData\Roaming\.dsgui
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-27 17:06 - 2015-02-03 17:39 - 00000600 _____ C:\Users\sosak\AppData\Local\PUTTY.RND
2016-12-23 00:06 - 2016-02-20 09:27 - 00000000 ____D C:\Users\sosak\Desktop\BWD21 datovka
2016-12-16 20:36 - 2015-02-03 15:44 - 00000000 ____D C:\Users\sosak\AppData\Roaming\GHISLER
2016-12-15 01:11 - 2015-02-03 15:27 - 00000000 ____D C:\Users\sosak
2016-12-14 21:18 - 2015-02-03 13:41 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:18 - 2015-02-03 13:41 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 13:55 - 2015-02-03 15:45 - 00064024 _____ C:\Users\sosak\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-13 13:55 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\AppData\Local\Eclipse
2016-12-13 12:14 - 2015-02-03 16:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-13 11:56 - 2016-01-20 19:02 - 00002238 ____H C:\Users\sosak\Documents\Default.rdp
2016-12-13 11:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-13 10:03 - 2009-07-14 06:08 - 00029198 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-13 10:02 - 2015-02-08 09:48 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
2016-12-13 10:02 - 2015-02-03 13:40 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-13 10:02 - 2015-02-03 13:40 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-12 23:26 - 2015-02-08 09:48 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
2016-12-12 22:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-12 22:16 - 2015-02-08 16:34 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1423409685
2016-12-12 22:16 - 2015-02-08 16:34 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-12 22:11 - 2015-02-03 16:55 - 00000000 ____D C:\ProgramData\Skype
2016-12-12 22:10 - 2016-11-18 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-12 22:10 - 2016-01-14 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-12 22:10 - 2016-01-04 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-12 22:10 - 2015-02-03 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-08 15:56 - 2015-02-08 14:38 - 00000000 ____D C:\!data
2016-12-07 17:47 - 2016-09-29 22:11 - 00000000 ____D C:\Users\sosak\workspace-jee
2016-12-07 17:11 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\.eclipse

==================== Files in the root of some directories =======

2016-12-16 20:43 - 2016-12-16 20:40 - 0000162 _____ () C:\Program Files (x86)\INSTALL.LOG
2015-02-08 14:55 - 2016-11-25 00:52 - 0000600 _____ () C:\Users\sosak\AppData\Roaming\winscp.rnd
2015-04-05 12:37 - 2016-09-10 08:30 - 0017920 _____ () C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 17:39 - 2016-12-27 17:06 - 0000600 _____ () C:\Users\sosak\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\sosak\AppData\Local\Temp\ExPromo.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\procexp64.exe
C:\Users\sosak\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sosak\AppData\Local\Temp\SQLiteExpertPersSetup.exe
C:\Users\sosak\AppData\Local\Temp\vlc-2.2.4-win64.exe
C:\Users\sosak\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => c:\users\sosak\downloads\chrome_cleanup_tool.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\sosak\Desktop" je 18255 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Pridavam vystup z AdwCleaneru:

# AdwCleaner v6.041 - Log vytvořen 28/12/2016 v 20:42:44
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : sosak - POČÍTAČ
# Spuštěno z : C:\Users\sosak\Desktop\PC CLEANUP TOOLS\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Složky ] *****

Složka nalezena: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc


***** [ Soubory ] *****

Soubor nalezen: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage
Soubor nalezen: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage-journal


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Naplánovaná úloha nalezena: Chrome Cleanup Tool logs upload retry


***** [ Registry ] *****

Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - chklaanhfefbnpoihckbnefhakgolnmc

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1818 Bajty] - [28/12/2016 20:42:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1891 Bajty] ##########



# AdwCleaner v6.041 - Log vytvořen 28/12/2016 v 20:45:28
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : sosak - POČÍTAČ
# Spuštěno z : C:\Users\sosak\Desktop\PC CLEANUP TOOLS\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage
[-] Soubor smazán: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chklaanhfefbnpoihckbnefhakgolnmc_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Chrome Cleanup Tool logs upload retry


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}


***** [ Prohlížeče ] *****

[-] [C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: chklaanhfefbnpoihckbnefhakgolnmc


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1643 Bajty] - [28/12/2016 20:45:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [1970 Bajty] - [28/12/2016 20:42:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1789 Bajty] ##########

Zdravím!
Dejte nový log FRST (po mazání ADW).

Novy FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by sosak (administrator) on POČÍTAČ (28-12-2016 21:31:43)
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Program Files\Redis\redis-server.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\eclipse-jee-neon-r\eclipse.exe
() C:\Program Files\eclipse\eclipse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Sysinternals - www.sysinternals.com) C:\Users\sosak\Desktop\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\sosak\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-05] (IDT, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6730432 2015-05-12] (SoftPerfect Research)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2016-09-01] (Apache Software Foundation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.158.128.2 8.8.8.8
Tcpip\..\Interfaces\{344E2E81-3A84-4859-A3AF-829922FF2D23}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{B2162D39-0738-4335-AE87-F58B023F625B}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{B2C61C60-B21C-42EC-B996-7FDE79335CC9}: [DhcpNameServer] 192.168.100.252
Tcpip\..\Interfaces\{BE8D4DB0-30E5-4A67-A064-4763529831D1}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{C99D2F0D-2B89-43CD-B44A-0F15B08EF887}: [DhcpNameServer] 192.168.200.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{CEA06CBE-7666-49F2-97BA-4B90A403CE29}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{EDF85E1D-0950-4146-8798-15F694AB28F9}: [DhcpNameServer] 212.158.128.2 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-29] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 2u8sc2k0.default
FF ProfilePath: C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default [2016-12-08]
FF Extension: (ChatZilla) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-11-04]
FF Extension: (Adblock Plus) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-14]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentace Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
CHR Extension: (Dokumenty Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Session Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-02-08]
CHR Extension: (YouTube) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Adblock Plus) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (REST Console) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2015-02-08]
CHR Extension: (Vyhledávání Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Tabulky Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Postman) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-16]
CHR Extension: (Quick Javascript Switcher) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Bookmark Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-06]
CHR Extension: (ModHeader) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-26]
CHR Extension: (Bird Brawl) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfmnamhddafiplkkobdinpjcnidlplk [2015-04-28]
CHR Extension: (Flashcontrol) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-26]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2016-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-20] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2012-06-18] (O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1552896 2016-01-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2016-09-01] (Apache Software Foundation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-06-08] (Copyright(c) Digitech Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-20] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [639408 2012-06-15] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-05-25] ()
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-28] (Malwarebytes)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2012-06-18] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2012-06-18] (MCCI Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-04-30] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-06-18] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-06-18] (Novatel Wireless Inc.)
S3 percsas2; C:\Windows\system32\drivers\percsas2.sys [53584 2012-06-15] (LSI Corporation)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [8832 2012-05-10] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2012-05-10] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2012-07-04] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2012-07-04] (SUNIX Co., Ltd.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
S3 terahid; C:\Windows\system32\drivers\terahid.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terahidmapper; C:\Windows\system32\drivers\terahidmapper.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 teramouse; C:\Windows\system32\drivers\teramouse.sys [11264 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terapcoip; C:\Windows\system32\drivers\terapcoip.sys [37376 2012-06-14] (Windows (R) Win 7 DDK provider)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2012-06-18] (Ericsson AB)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 ptlser; \SystemRoot\system32\drivers\ptlser64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-28 21:31 - 2016-12-28 21:31 - 00022684 _____ C:\Users\sosak\Desktop\FRST.txt
2016-12-28 21:11 - 2016-12-28 21:11 - 03977168 _____ C:\Users\sosak\Downloads\AdwCleaner.exe
2016-12-28 21:09 - 2016-12-28 21:09 - 00003660 _____ C:\Users\sosak\Desktop\JRT.txt
2016-12-28 20:40 - 2016-12-28 20:45 - 00000000 ____D C:\AdwCleaner
2016-12-28 18:53 - 2016-12-28 18:53 - 00016840 _____ C:\Users\sosak\Downloads\Nepotvrzeno 202175.crdownload
2016-12-28 18:16 - 2016-12-28 18:16 - 00000000 ____D C:\Program Files\trend micro
2016-12-28 18:15 - 2016-12-28 18:15 - 01222144 _____ C:\Users\sosak\Desktop\RSITx64.exe
2016-12-28 18:08 - 2016-12-28 21:31 - 00000000 ____D C:\FRST
2016-12-28 18:05 - 2016-12-28 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
2016-12-28 18:02 - 2016-12-28 21:05 - 00000000 ____D C:\Users\sosak\Desktop\PC CLEANUP TOOLS
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\VCELY
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\DOMACNOST
2016-12-28 17:46 - 2016-12-28 17:52 - 00000000 ____D C:\Users\sosak\Desktop\PRACE
2016-12-28 17:40 - 2016-12-28 17:41 - 02420736 _____ (Farbar) C:\Users\sosak\Desktop\FRST64.exe
2016-12-27 22:58 - 2016-12-27 22:58 - 00002011 _____ C:\Users\Public\Desktop\Datovka.lnk
2016-12-27 22:58 - 2016-12-27 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CZ.NIC
2016-12-27 22:37 - 2016-12-27 22:38 - 13126284 _____ (CZ.NIC, z. s. p. o.) C:\Users\sosak\Downloads\datovka-4.7.0-windows.exe
2016-12-27 19:24 - 2016-12-28 21:18 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-27 19:24 - 2016-12-28 21:16 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-27 19:24 - 2016-12-28 21:15 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 19:24 - 2016-12-28 21:15 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-27 19:24 - 2016-12-28 21:15 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 19:24 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-27 19:20 - 2016-12-27 19:22 - 54199488 _____ (Malwarebytes ) C:\Users\sosak\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-27 17:09 - 2016-12-27 17:10 - 02964472 _____ (Google) C:\Users\sosak\Downloads\chrome_cleanup_tool.exe
2016-12-21 09:54 - 2016-12-21 09:54 - 00031884 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016.pdf
2016-12-21 09:54 - 2016-12-21 09:54 - 00025463 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016_EUR.pdf
2016-12-16 21:42 - 2016-12-16 21:42 - 00000000 ____D C:\Users\sosak\Documents\Shared Toad
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Dell
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Local\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-16 20:41 - 2016-12-16 20:41 - 00002106 _____ C:\Users\Public\Desktop\Toad for MySQL 7.9 Freeware.lnk
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-16 20:36 - 2016-11-07 15:57 - 94583128 _____ C:\Users\sosak\Downloads\toadformysql_freeware_7.9.0.637.exe
2016-12-15 01:11 - 2016-12-15 01:11 - 00000000 ____D C:\Users\sosak\.android
2016-12-15 00:50 - 2016-12-15 00:52 - 00000000 ____D C:\Users\sosak\AppData\Roaming\JetBrains
2016-12-15 00:49 - 2016-12-15 00:49 - 00000000 ____D C:\Users\sosak\.IdeaIC2016.3
2016-12-15 00:48 - 2016-12-15 00:48 - 00001052 _____ C:\Users\Public\Desktop\IntelliJ.lnk
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\Program Files (x86)\JetBrains
2016-12-14 01:18 - 2016-12-14 01:48 - 507957726 _____ C:\Users\sosak\Downloads\3.Dějiny-světa-Slovo-a-mec.avi
2016-12-13 13:51 - 2016-12-13 13:52 - 41409947 _____ C:\Users\sosak\Downloads\jfrog-artifactory-oss-4.14.3.zip
2016-12-13 12:14 - 2016-12-13 12:14 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-13 12:14 - 2016-12-13 12:14 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-12 17:00 - 2016-12-12 17:00 - 00004669 _____ C:\Users\sosak\Downloads\airbank_1095127016_2016-12-12_17-00.csv
2016-12-08 12:26 - 2016-12-08 12:26 - 00813854 _____ C:\Users\sosak\Downloads\Nepotvrzeno 494884.crdownload
2016-12-08 11:38 - 2016-12-08 11:38 - 00001208 _____ C:\Users\sosak\Desktop\Eclipse STS.lnk
2016-12-07 21:48 - 2016-12-07 21:48 - 00000000 ____D C:\Users\sosak\workspace-rasto
2016-12-07 20:46 - 2016-12-07 20:46 - 00000071 _____ C:\Users\sosak\.gitconfig
2016-12-07 20:23 - 2016-12-07 20:51 - 00000987 ____H C:\Users\sosak\_viminfo
2016-12-07 20:17 - 2016-12-07 20:18 - 00000000 ____D C:\Users\sosak\workspace-sofiane
2016-12-07 19:29 - 2016-12-07 19:29 - 00018786 _____ C:\Users\sosak\restsec_dev.trace.db
2016-12-07 19:25 - 2016-12-07 19:34 - 00012288 _____ C:\Users\sosak\restsec_dev.mv.db
2016-12-07 19:24 - 2016-12-07 19:34 - 00102400 _____ C:\Users\sosak\test.mv.db
2016-12-07 19:24 - 2016-12-07 19:30 - 00001402 _____ C:\Users\sosak\.h2.server.properties
2016-12-07 17:55 - 2016-12-07 18:12 - 358621320 _____ C:\Users\sosak\Downloads\ideaIC-2016.3.exe
2016-12-07 17:12 - 2016-12-12 22:13 - 00000000 ____D C:\Users\sosak\AppData\Local\Spring Tool Suite
2016-12-07 17:12 - 2016-12-07 17:16 - 00000000 ____D C:\Users\sosak\hsperfdata_sosak
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\sosak\workspace-sts-3.8.2.RELEASE
2016-12-07 17:12 - 2016-12-07 17:12 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Spring Tool Suite
2016-12-07 17:00 - 2016-12-07 17:10 - 00000000 ____D C:\Program Files\eclipse-sts-3.8.2
2016-12-06 21:19 - 2016-12-06 21:19 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Eclipse
2016-11-30 18:47 - 2016-11-30 18:49 - 27369704 _____ C:\Users\sosak\Downloads\elasticsearch-2.4.0.zip
2016-11-30 18:41 - 2016-11-30 18:49 - 00000000 ____D C:\_elasatic-search
2016-11-30 18:38 - 2016-11-30 18:40 - 32978684 _____ C:\Users\sosak\Downloads\elasticsearch-5.0.2.zip
2016-11-30 16:58 - 2016-11-30 16:58 - 68078424 _____ C:\Users\sosak\Documents\20161130_Anj's-EntireX-service-finished_ANJUMPC (765 428 983)_2016-11-30 16.32.tvs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-28 21:31 - 2015-02-03 16:55 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Skype
2016-12-28 21:26 - 2015-02-08 09:48 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
2016-12-28 21:23 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\AppData\Local\Eclipse
2016-12-28 21:22 - 2014-07-31 01:14 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-12-28 21:22 - 2014-07-31 01:14 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-12-28 21:22 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 21:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-28 21:20 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-28 21:20 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-28 21:15 - 2015-02-08 09:48 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
2016-12-28 21:15 - 2015-02-03 13:40 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-28 21:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-28 20:55 - 2015-02-08 16:34 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1423409685
2016-12-28 20:55 - 2015-02-08 16:34 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-28 20:53 - 2015-02-03 13:40 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-28 20:46 - 2009-07-14 05:45 - 00294936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-28 20:44 - 2015-02-03 19:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\vlc
2016-12-28 17:51 - 2016-07-14 11:06 - 00000000 ____D C:\Users\sosak\Desktop\TEPELNE CERPADLA
2016-12-28 17:48 - 2016-02-20 09:29 - 00000000 ____D C:\Users\sosak\Desktop\ZAHRADA
2016-12-28 17:48 - 2015-08-12 10:45 - 00000000 ____D C:\Users\sosak\Desktop\tebip-upload
2016-12-28 17:48 - 2015-05-20 14:52 - 00000000 ____D C:\Users\sosak\Desktop\E-BOOKS
2016-12-28 17:48 - 2015-02-15 12:39 - 00000000 ____D C:\Users\sosak\Desktop\!to-sort
2016-12-28 17:42 - 2015-05-20 14:51 - 00000000 ____D C:\Users\sosak\Desktop\CHALUPA
2016-12-28 16:18 - 2015-02-15 23:01 - 00000000 ____D C:\Users\sosak\AppData\Roaming\.dsgui
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 17:06 - 2015-02-03 17:39 - 00000600 _____ C:\Users\sosak\AppData\Local\PUTTY.RND
2016-12-23 00:06 - 2016-02-20 09:27 - 00000000 ____D C:\Users\sosak\Desktop\BWD21 datovka
2016-12-16 20:36 - 2015-02-03 15:44 - 00000000 ____D C:\Users\sosak\AppData\Roaming\GHISLER
2016-12-15 01:11 - 2015-02-03 15:27 - 00000000 ____D C:\Users\sosak
2016-12-14 21:18 - 2015-02-03 13:41 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:18 - 2015-02-03 13:41 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 13:55 - 2015-02-03 15:45 - 00064024 _____ C:\Users\sosak\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-13 12:14 - 2015-02-03 16:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-13 11:56 - 2016-01-20 19:02 - 00002238 ____H C:\Users\sosak\Documents\Default.rdp
2016-12-13 11:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-13 10:03 - 2009-07-14 06:08 - 00029662 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-12 22:11 - 2015-02-03 16:55 - 00000000 ____D C:\ProgramData\Skype
2016-12-12 22:10 - 2016-11-18 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-12 22:10 - 2016-01-14 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-12 22:10 - 2016-01-04 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-12 22:10 - 2015-02-03 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-08 15:56 - 2015-02-08 14:38 - 00000000 ____D C:\!data
2016-12-07 17:47 - 2016-09-29 22:11 - 00000000 ____D C:\Users\sosak\workspace-jee
2016-12-07 17:11 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\.eclipse

==================== Files in the root of some directories =======

2016-12-16 20:43 - 2016-12-16 20:40 - 0000162 _____ () C:\Program Files (x86)\INSTALL.LOG
2015-02-08 14:55 - 2016-11-25 00:52 - 0000600 _____ () C:\Users\sosak\AppData\Roaming\winscp.rnd
2015-04-05 12:37 - 2016-09-10 08:30 - 0017920 _____ () C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 17:39 - 2016-12-27 17:06 - 0000600 _____ () C:\Users\sosak\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\sosak\AppData\Local\Temp\ExPromo.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\sosak\AppData\Local\Temp\libeay32.dll
C:\Users\sosak\AppData\Local\Temp\msvcr120.dll
C:\Users\sosak\AppData\Local\Temp\procexp64.exe
C:\Users\sosak\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sosak\AppData\Local\Temp\sqlite3.dll
C:\Users\sosak\AppData\Local\Temp\SQLiteExpertPersSetup.exe
C:\Users\sosak\AppData\Local\Temp\vlc-2.2.4-win64.exe
C:\Users\sosak\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-15 23:27

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows) (Fixed) (Total:232.69 GB) (Free:35.72 GB) NTFS

Available physical RAM: 2499 MB
Total physical RAM: 8072.9 MB
Percentage of memory in use: 69%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F9FC87EB)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\sosak\Desktop" je 18267 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

A jeste Junkware Removal Tool log probehly asi pred pul hodkou:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by sosak (Administrator) on st 28.12.2016 at 21:07:33,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 17

Failed to delete: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VI7W51AO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK6E7UB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO5X311X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sosak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6PZ72R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK6E7UB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO5X311X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6PZ72R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VI7W51AO (Temporary Internet Files Folder)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5E9BA19F-E032-4A60-9A60-64552215D6C9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 28.12.2016 at 21:09:02,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\sosak\AppData\Local\Temp


EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\sosak\Desktop" je 18267 MB.

To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\sosak novou složku, do které přesuňte věechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by sosak (28-12-2016 23:09:59) Run:1
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {2210224b-10dc-11e5-821c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {36dd8af2-f973-11e4-823c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af6593f-ae16-11e4-822c-028037ec0200} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d10-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {6af65d41-ae16-11e4-822c-028037ec0200} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {d83b764c-b50b-11e4-950f-60d819b5ee5b} - E:\Autorun.exe
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\MountPoints2: {e1e8c754-9c72-11e5-b3e6-028037ec0200} - G:\Lenovo_Suite.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3737788165-2518302368-498499969-1004 -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\sosak\AppData\Local\Temp


EmptyTemp:
End
*****************

"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2210224b-10dc-11e5-821c-028037ec0200}" => key removed successfully
HKCR\CLSID\{2210224b-10dc-11e5-821c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36dd8af2-f973-11e4-823c-028037ec0200}" => key removed successfully
HKCR\CLSID\{36dd8af2-f973-11e4-823c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af6593f-ae16-11e4-822c-028037ec0200}" => key removed successfully
HKCR\CLSID\{6af6593f-ae16-11e4-822c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af65d10-ae16-11e4-822c-028037ec0200}" => key removed successfully
HKCR\CLSID\{6af65d10-ae16-11e4-822c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af65d41-ae16-11e4-822c-028037ec0200}" => key removed successfully
HKCR\CLSID\{6af65d41-ae16-11e4-822c-028037ec0200} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d83b764c-b50b-11e4-950f-60d819b5ee5b}" => key removed successfully
HKCR\CLSID\{d83b764c-b50b-11e4-950f-60d819b5ee5b} => key not found.
"HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1e8c754-9c72-11e5-b3e6-028037ec0200}" => key removed successfully
HKCR\CLSID\{e1e8c754-9c72-11e5-b3e6-028037ec0200} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0437bfec13721.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0437bfeac9d64.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Users\sosak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\sosak\AppData\Local\Temp" folder move:

Could not move "C:\Users\sosak\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22570309 B
Java, Flash, Steam htmlcache => 300 B
Windows/system/drivers => 16969632264 B
Edge => 0 B
Chrome => 1044342257 B
Firefox => 376964396 B
Opera => 407803397 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66088 B
LocalService => 647216 B
NetworkService => 875616 B
sosak => 682546034 B

RecycleBin => 712479912 B
EmptyTemp: => 18.8 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-12-2016 23:12:20)

C:\Users\sosak\AppData\Local\Temp => moved successfully

==== End of Fixlog 23:12:21 ====

FRST scan log po provedeni fixu:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by sosak (administrator) on POČÍTAČ (28-12-2016 23:26:27)
Running from C:\Users\sosak\Desktop
Loaded Profiles: sosak (Available Profiles: sosak)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Program Files\Redis\redis-server.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-06-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-07-05] (IDT, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6730432 2015-05-12] (SoftPerfect Research)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2016-09-01] (Apache Software Foundation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.158.128.2 8.8.8.8
Tcpip\..\Interfaces\{344E2E81-3A84-4859-A3AF-829922FF2D23}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{B2162D39-0738-4335-AE87-F58B023F625B}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{B2C61C60-B21C-42EC-B996-7FDE79335CC9}: [DhcpNameServer] 192.168.100.252
Tcpip\..\Interfaces\{BE8D4DB0-30E5-4A67-A064-4763529831D1}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{C99D2F0D-2B89-43CD-B44A-0F15B08EF887}: [DhcpNameServer] 192.168.200.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{CEA06CBE-7666-49F2-97BA-4B90A403CE29}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{EDF85E1D-0950-4146-8798-15F694AB28F9}: [DhcpNameServer] 212.158.128.2 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-3737788165-2518302368-498499969-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {5E9BA19F-E032-4A60-9A60-64552215D6C9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EB117507-5E4C-40E1-B8D9-2945353E4AEB} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-29] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 2u8sc2k0.default
FF ProfilePath: C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default [2016-12-28]
FF Extension: (ChatZilla) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-11-04]
FF Extension: (Adblock Plus) - C:\Users\sosak\AppData\Roaming\Mozilla\Firefox\Profiles\2u8sc2k0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-14]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-29] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentace Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (No Name) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2016-12-28]
CHR Extension: (Dokumenty Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Session Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-02-08]
CHR Extension: (YouTube) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Adblock Plus) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (REST Console) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2015-02-08]
CHR Extension: (Vyhledávání Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Tabulky Google) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Postman) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-16]
CHR Extension: (Quick Javascript Switcher) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Bookmark Manager) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-06]
CHR Extension: (ModHeader) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-26]
CHR Extension: (Bird Brawl) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfmnamhddafiplkkobdinpjcnidlplk [2015-04-28]
CHR Extension: (Flashcontrol) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-26]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2016-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\sosak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-20] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2012-06-18] (O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1552896 2016-01-15] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2016-09-01] (Apache Software Foundation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-06-08] (Copyright(c) Digitech Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-20] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [639408 2012-06-15] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-05-25] ()
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-28] (Malwarebytes)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2012-06-18] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2012-06-18] (MCCI Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-04-30] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-06-18] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-06-18] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-06-18] (Novatel Wireless Inc.)
S3 percsas2; C:\Windows\system32\drivers\percsas2.sys [53584 2012-06-15] (LSI Corporation)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [8832 2012-05-10] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2012-07-05] (QUALCOMM Incorporated)
S3 qcombusdl; C:\Windows\system32\drivers\qcombusdl.sys [137800 2012-07-05] (MCCI)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2012-05-10] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2012-07-05] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2012-07-04] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2012-07-04] (SUNIX Co., Ltd.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
S3 terahid; C:\Windows\system32\drivers\terahid.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terahidmapper; C:\Windows\system32\drivers\terahidmapper.sys [7680 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 teramouse; C:\Windows\system32\drivers\teramouse.sys [11264 2012-06-14] (Windows (R) Win 7 DDK provider)
S3 terapcoip; C:\Windows\system32\drivers\terapcoip.sys [37376 2012-06-14] (Windows (R) Win 7 DDK provider)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2012-06-18] (Ericsson AB)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 ptlser; \SystemRoot\system32\drivers\ptlser64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-28 23:26 - 2016-12-28 23:26 - 00019100 _____ C:\Users\sosak\Desktop\FRST.txt
2016-12-28 21:11 - 2016-12-28 21:11 - 03977168 _____ C:\Users\sosak\Downloads\AdwCleaner.exe
2016-12-28 20:40 - 2016-12-28 20:45 - 00000000 ____D C:\AdwCleaner
2016-12-28 18:53 - 2016-12-28 18:53 - 00016840 _____ C:\Users\sosak\Downloads\Nepotvrzeno 202175.crdownload
2016-12-28 18:16 - 2016-12-28 18:16 - 00000000 ____D C:\Program Files\trend micro
2016-12-28 18:08 - 2016-12-28 23:23 - 00000000 ____D C:\FRST
2016-12-28 18:05 - 2016-12-28 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\sosak\Desktop\FRSTLauncher.exe
2016-12-28 18:02 - 2016-12-28 23:09 - 00000000 ____D C:\Users\sosak\Desktop\PC CLEANUP TOOLS
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\VCELY
2016-12-28 17:47 - 2016-12-28 17:47 - 00000000 ____D C:\Users\sosak\Desktop\DOMACNOST
2016-12-28 17:46 - 2016-12-28 17:52 - 00000000 ____D C:\Users\sosak\Desktop\PRACE
2016-12-28 17:40 - 2016-12-28 17:41 - 02420736 _____ (Farbar) C:\Users\sosak\Desktop\FRST64.exe
2016-12-27 22:58 - 2016-12-27 22:58 - 00002011 _____ C:\Users\Public\Desktop\Datovka.lnk
2016-12-27 22:58 - 2016-12-27 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CZ.NIC
2016-12-27 22:37 - 2016-12-27 22:38 - 13126284 _____ (CZ.NIC, z. s. p. o.) C:\Users\sosak\Downloads\datovka-4.7.0-windows.exe
2016-12-27 19:24 - 2016-12-28 23:20 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 19:24 - 2016-12-28 23:20 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-27 19:24 - 2016-12-28 23:20 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-27 19:24 - 2016-12-28 23:20 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-27 19:24 - 2016-12-28 21:16 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-27 19:24 - 2016-12-27 19:24 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 19:24 - 2016-12-27 19:24 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 19:24 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-27 19:20 - 2016-12-27 19:22 - 54199488 _____ (Malwarebytes ) C:\Users\sosak\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-27 17:09 - 2016-12-27 17:10 - 02964472 _____ (Google) C:\Users\sosak\Downloads\chrome_cleanup_tool.exe
2016-12-21 09:54 - 2016-12-21 09:54 - 00031884 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016.pdf
2016-12-21 09:54 - 2016-12-21 09:54 - 00025463 _____ C:\Users\sosak\Downloads\RB_listopad-2016_21212125_01-11-2016_30-11-2016_EUR.pdf
2016-12-16 21:42 - 2016-12-16 21:42 - 00000000 ____D C:\Users\sosak\Documents\Shared Toad
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Dell
2016-12-16 20:43 - 2016-12-16 20:43 - 00000000 ____D C:\Users\sosak\AppData\Local\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Quest Software
2016-12-16 20:42 - 2016-12-16 20:42 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-16 20:41 - 2016-12-16 20:41 - 00002106 _____ C:\Users\Public\Desktop\Toad for MySQL 7.9 Freeware.lnk
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-16 20:41 - 2016-12-16 20:41 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-16 20:36 - 2016-11-07 15:57 - 94583128 _____ C:\Users\sosak\Downloads\toadformysql_freeware_7.9.0.637.exe
2016-12-15 01:11 - 2016-12-15 01:11 - 00000000 ____D C:\Users\sosak\.android
2016-12-15 00:50 - 2016-12-15 00:52 - 00000000 ____D C:\Users\sosak\AppData\Roaming\JetBrains
2016-12-15 00:49 - 2016-12-15 00:49 - 00000000 ____D C:\Users\sosak\.IdeaIC2016.3
2016-12-15 00:48 - 2016-12-15 00:48 - 00001052 _____ C:\Users\Public\Desktop\IntelliJ.lnk
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-15 00:48 - 2016-12-15 00:48 - 00000000 ____D C:\Program Files (x86)\JetBrains
2016-12-14 01:18 - 2016-12-14 01:48 - 507957726 _____ C:\Users\sosak\Downloads\3.Dějiny-světa-Slovo-a-mec.avi
2016-12-13 13:51 - 2016-12-13 13:52 - 41409947 _____ C:\Users\sosak\Downloads\jfrog-artifactory-oss-4.14.3.zip
2016-12-13 12:14 - 2016-12-13 12:14 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-13 12:14 - 2016-12-13 12:14 - 00000978 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-12 17:00 - 2016-12-12 17:00 - 00004669 _____ C:\Users\sosak\Downloads\airbank_1095127016_2016-12-12_17-00.csv
2016-12-08 12:26 - 2016-12-08 12:26 - 00813854 _____ C:\Users\sosak\Downloads\Nepotvrzeno 494884.crdownload
2016-12-08 11:38 - 2016-12-08 11:38 - 00001208 _____ C:\Users\sosak\Desktop\Eclipse STS.lnk
2016-12-07 21:48 - 2016-12-07 21:48 - 00000000 ____D C:\Users\sosak\workspace-rasto
2016-12-07 20:46 - 2016-12-07 20:46 - 00000071 _____ C:\Users\sosak\.gitconfig
2016-12-07 20:23 - 2016-12-07 20:51 - 00000987 ____H C:\Users\sosak\_viminfo
2016-12-07 20:17 - 2016-12-07 20:18 - 00000000 ____D C:\Users\sosak\workspace-sofiane
2016-12-07 19:29 - 2016-12-07 19:29 - 00018786 _____ C:\Users\sosak\restsec_dev.trace.db
2016-12-07 19:25 - 2016-12-07 19:34 - 00012288 _____ C:\Users\sosak\restsec_dev.mv.db
2016-12-07 19:24 - 2016-12-07 19:34 - 00102400 _____ C:\Users\sosak\test.mv.db
2016-12-07 19:24 - 2016-12-07 19:30 - 00001402 _____ C:\Users\sosak\.h2.server.properties
2016-12-07 17:55 - 2016-12-07 18:12 - 358621320 _____ C:\Users\sosak\Downloads\ideaIC-2016.3.exe
2016-12-07 17:12 - 2016-12-12 22:13 - 00000000 ____D C:\Users\sosak\AppData\Local\Spring Tool Suite
2016-12-07 17:12 - 2016-12-07 17:16 - 00000000 ____D C:\Users\sosak\hsperfdata_sosak
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\sosak\workspace-sts-3.8.2.RELEASE
2016-12-07 17:12 - 2016-12-07 17:12 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Spring Tool Suite
2016-12-07 17:00 - 2016-12-07 17:10 - 00000000 ____D C:\Program Files\eclipse-sts-3.8.2
2016-12-06 21:19 - 2016-12-06 21:19 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Eclipse
2016-11-30 18:47 - 2016-11-30 18:49 - 27369704 _____ C:\Users\sosak\Downloads\elasticsearch-2.4.0.zip
2016-11-30 18:41 - 2016-11-30 18:49 - 00000000 ____D C:\_elasatic-search
2016-11-30 18:38 - 2016-11-30 18:40 - 32978684 _____ C:\Users\sosak\Downloads\elasticsearch-5.0.2.zip
2016-11-30 16:58 - 2016-11-30 16:58 - 68078424 _____ C:\Users\sosak\Documents\20161130_Anj's-EntireX-service-finished_ANJUMPC (765 428 983)_2016-11-30 16.32.tvs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-28 23:26 - 2014-07-31 01:14 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-12-28 23:26 - 2014-07-31 01:14 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-12-28 23:26 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 23:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-28 23:24 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-28 23:24 - 2009-07-14 05:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-28 23:20 - 2015-02-03 16:55 - 00000000 ____D C:\Users\sosak\AppData\Roaming\Skype
2016-12-28 23:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-28 21:23 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\AppData\Local\Eclipse
2016-12-28 20:55 - 2015-02-08 16:34 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1423409685
2016-12-28 20:55 - 2015-02-08 16:34 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-28 20:46 - 2009-07-14 05:45 - 00294936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-28 20:44 - 2015-02-03 19:42 - 00000000 ____D C:\Users\sosak\AppData\Roaming\vlc
2016-12-28 17:51 - 2016-07-14 11:06 - 00000000 ____D C:\Users\sosak\Desktop\TEPELNE CERPADLA
2016-12-28 17:48 - 2016-02-20 09:29 - 00000000 ____D C:\Users\sosak\Desktop\ZAHRADA
2016-12-28 17:48 - 2015-08-12 10:45 - 00000000 ____D C:\Users\sosak\Desktop\tebip-upload
2016-12-28 17:48 - 2015-05-20 14:52 - 00000000 ____D C:\Users\sosak\Desktop\E-BOOKS
2016-12-28 17:48 - 2015-02-15 12:39 - 00000000 ____D C:\Users\sosak\Documents\!to-sort
2016-12-28 17:42 - 2015-05-20 14:51 - 00000000 ____D C:\Users\sosak\Desktop\CHALUPA
2016-12-28 16:18 - 2015-02-15 23:01 - 00000000 ____D C:\Users\sosak\AppData\Roaming\.dsgui
2016-12-27 19:24 - 2016-04-11 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 17:06 - 2015-02-03 17:39 - 00000600 _____ C:\Users\sosak\AppData\Local\PUTTY.RND
2016-12-23 00:06 - 2016-02-20 09:27 - 00000000 ____D C:\Users\sosak\Desktop\BWD21 datovka
2016-12-16 20:36 - 2015-02-03 15:44 - 00000000 ____D C:\Users\sosak\AppData\Roaming\GHISLER
2016-12-15 01:11 - 2015-02-03 15:27 - 00000000 ____D C:\Users\sosak
2016-12-14 21:18 - 2015-02-03 13:41 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:18 - 2015-02-03 13:41 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 13:55 - 2015-02-03 15:45 - 00064024 _____ C:\Users\sosak\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-13 12:14 - 2015-02-03 16:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-13 11:56 - 2016-01-20 19:02 - 00002238 ____H C:\Users\sosak\Documents\Default.rdp
2016-12-13 11:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-13 10:03 - 2009-07-14 06:08 - 00030126 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-12 22:11 - 2015-02-03 16:55 - 00000000 ____D C:\ProgramData\Skype
2016-12-12 22:10 - 2016-11-18 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-12 22:10 - 2016-01-14 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-12 22:10 - 2016-01-04 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-12 22:10 - 2015-02-03 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-08 15:56 - 2015-02-08 14:38 - 00000000 ____D C:\!data
2016-12-07 17:47 - 2016-09-29 22:11 - 00000000 ____D C:\Users\sosak\workspace-jee
2016-12-07 17:11 - 2015-02-03 15:45 - 00000000 ____D C:\Users\sosak\.eclipse

==================== Files in the root of some directories =======

2016-12-16 20:43 - 2016-12-16 20:40 - 0000162 _____ () C:\Program Files (x86)\INSTALL.LOG
2015-02-08 14:55 - 2016-11-25 00:52 - 0000600 _____ () C:\Users\sosak\AppData\Roaming\winscp.rnd
2015-02-03 17:39 - 2016-12-27 17:06 - 0000600 _____ () C:\Users\sosak\AppData\Local\PUTTY.RND

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\sosak\Desktop" je 241 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Dekuju vam za veskerou pomoc a vas cas Rudy a dobry krok v novy rok 2017 vam preju.

Vše smazáno. Šťastný a veselý a nemáte zač!