hláška "...Policie ČR..." - kontrola logu po HJT

slunce · Příspěvekod **slunce** » 22 led 2016 07:35

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by jan.havrda (2016-01-22 07:22:41)
Running from C:\Users\jan.havrda\Desktop
Windows 8.1 Pro (X64) (2014-03-19 12:48:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2805209827-2019061850-3711218927-500 - Administrator - Disabled)
Guest (S-1-5-21-2805209827-2019061850-3711218927-501 - Limited - Disabled)
havrda (S-1-5-21-2805209827-2019061850-3711218927-1001 - Administrator - Enabled) => C:\Users\havrda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Altova MissionKit 2015 rel. 4 sp1 (x64) Enterprise Edition (HKLM\...\{A9A5CA3D-64C6-4824-9805-049BB38583D7}) (Version: 2015.04.01 - Altova)
Altova StyleVision® 2014 sp1 (x64) Enterprise Edition (HKLM\...\{051EEC0B-EF25-4A2F-ACB9-BD201DE33D2E}) (Version: 2014.00.01 - Altova)
Altova XMLSpy® 2014 (x64) Enterprise Edition (HKLM\...\{4F09FAC9-B17A-4F37-9816-04A92E032B42}) (Version: 2014.00.00 - Altova)
Bontia Studio 4.7 (HKLM-x32\...\{398DAF68-B28B-41BE-B1CF-715CACCE0697}) (Version: 4.7.4257.0 - Bontia, a.s.)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.210 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
eSupport UndeletePlus 3.0.5.313 (HKLM-x32\...\eSupport UndeletePlus_is1) (Version: - Copyright © 2013 eSupport.com • All Rights Reserved)
GEDYS IntraWare Workflow View 2.5.7 (HKLM-x32\...\{38C3A1FD-95E1-42AF-A5D7-DD37C226387C}_is1) (Version: 2.55 - GEDYS IntraWare GmbH)
GI PDF Creator (HKLM-x32\...\{A3F1E050-7755-457D-92F5-6D4AB9E09C39}) (Version: 1.00.0000 - GEDYS IntraWare)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{E1BB50BA-7CCB-47CD-9FE3-03AAE6EEF862}) (Version: 12.0.30.81 - Hewlett-Packard Company)
IBM Connections Desktop Plug-ins for Microsoft Windows (HKLM-x32\...\{F5150A92-A89D-4A2D-B8F9-B55B5883C86D}) (Version: 14.06.3163.1758 - IBM)
IBM Connections Plug-ins for IBM Notes (HKLM-x32\...\{D4A1B137-39E9-4FC0-B75A-CE5521D949DF}) (Version: 4.5.0.20140625-0703 - IBM)
IBM Notes 9.0.1 Social Edition (HKLM-x32\...\{0BAFD1B9-473A-4EA6-8D77-B54460B2C199}) (Version: 9.01.13294 - IBM)
IntelliPRINT Analytics 4.2 (HKLM-x32\...\{0937B9E2-7959-4308-816B-51E34E27FE0E}) (Version: 4.2 - GBS Inc)
IntelliPRINT Dashboard Reporting 6.1 (HKLM-x32\...\{35FC323D-0AAC-4A17-AE4F-35365F89B252}) (Version: 6.1 - GBS Inc)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Juniper Networks Host Checker (HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Neoteris_Host_Checker) (Version: 8.0.6.32195 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.48695 - Juniper Networks, Inc.)
Junos Pulse Core Components (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Drivers Add-On (Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Host Checker Plugin Add-On (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Tunnel Manager Add-On (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse UAC/NC Components (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Ochrana koncového bodu Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.104 - Trusteer)
OpenVPN 2.3.2-I003 (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - )
PC Suite for Sony Ericsson (HKLM-x32\...\{E1252473-6306-4d5d-904D-B06AA7F38161}) (Version: 1.6.0 - )
PC Suite for Sony Ericsson (x32 Version: 1.6.0 - Sony Ericsson) Hidden
PC Suite for Sony Ericsson x64 (Version: 1.6.0 - Sony Ericsson) Hidden
PicPick (HKLM-x32\...\PicPick) (Version: 4.0.7 - NGWIN)
Rajče průvodce verze 1.59.54.269 (HKLM-x32\...\rajce.net_is1) (Version: - rajce.net)
Rapport (x32 Version: 3.5.1507.104 - Trusteer) Hidden
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.87 (8.9.2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.01.12.00 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Sony Ericsson Symbian 9 Drivers (HKLM\...\Sony Ericsson) (Version: - )
SourceTree (HKLM-x32\...\SourceTree 1.6.18) (Version: 1.6.18 - Atlassian)
SourceTree (x32 Version: 1.6.18 - Atlassian) Hidden
Symantec Endpoint Protection (HKLM\...\{8A02B375-AA8C-422D-A230-D3E6BABFABB5}) (Version: 12.1.6318.6100 - Symantec Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Název společnosti:)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Undelete Plus 2.93 (HKLM-x32\...\Undelete Plus_is1) (Version: - FDRLab, Inc)
VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.4.30409 - VMware, Inc)
VMware Workstation (x32 Version: 8.0.4.30409 - VMware, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {061845A9-CB91-429E-8572-627B3E195194} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {107CEB52-5417-48D4-8DC0-77E146A88C0E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {17E1A600-6A6B-4D1E-9DFD-C04B714C51AF} - System32\Tasks\{58B90652-281F-4D0B-81AF-E2F796715968} => Firefox.exe hxxp://ui.skype.com/ui/0/7.7.80.103/cs/ ... Error=1618
Task: {1D367165-7D69-42DF-87DE-E4A9C27F5290} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {2D340C4A-6B6F-4261-9EFD-37FBB3C74E05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2D46C61F-F4B6-405E-B179-E0B571D35540} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4055201498-3228124647-2368045543-1112UA => C:\Users\jan.havrda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {3102C6FC-AFC7-4775-90C1-62589B947CAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {40162C35-3902-4340-90A4-DEC13079A5E2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4055201498-3228124647-2368045543-1112Core => C:\Users\jan.havrda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {5BF0CAA2-E4F8-4C6C-A265-CBBD28E05164} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {7329D722-887C-4F93-8246-01B097A82408} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {817C6A6F-4B4E-48EA-8D2F-6AA0D6225CEB} - System32\Tasks\{13472393-1DA4-4A36-8695-6796D8B8C2D7} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_287_Plugin.exe -c -maintain plugin
Task: {9D53CCA2-D905-483A-BEF6-E3AD6638AE6F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {B48FC41C-B9B1-4B7B-9C75-90666F7DABC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {D53DD7A3-AC5F-405E-98BA-BF2776905C48} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4055201498-3228124647-2368045543-1112Core.job => C:\Users\jan.havrda\AppData\Local\Dropbox\Update\DropboxUpdate.exe/cACTIS\jan.hav
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4055201498-3228124647-2368045543-1112UA.job => C:\Users\jan.havrda\AppData\Local\Dropbox\Update\DropboxUpdate.exe/ua /installsource schedulerACTIS\jan.hav
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\jan.havrda\Desktop\flush_dns.lnk -> G:\Install\flush_dns.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-05-14 11:01 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2015-03-19 12:51 - 2005-03-12 01:07 - 00087552 _____ () C:\Windows\System32\redmonnt.dll
2015-07-15 14:25 - 2015-07-15 14:25 - 00022528 _____ () C:\Windows\System32\ssa6mlm.dll
2014-03-26 16:29 - 2009-10-06 01:41 - 00022016 _____ () C:\Windows\System32\suge1l6.dll
2012-06-09 01:39 - 2012-06-09 01:39 - 11839488 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-01 18:28 - 2015-06-01 18:28 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2015-08-07 09:30 - 2015-08-07 09:30 - 00566840 ____C () C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\AvPluginImpl.dll
2012-06-09 01:21 - 2012-06-09 01:21 - 01222656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-12-11 12:19 - 2015-10-31 01:59 - 00034768 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00022848 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00023352 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00042296 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 12:19 - 2015-10-31 01:59 - 00116688 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 12:19 - 2015-10-31 01:59 - 00093640 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 12:19 - 2015-10-31 01:59 - 00018376 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00019760 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00105928 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 12:19 - 2015-10-31 01:59 - 00392144 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 12:19 - 2015-12-08 22:36 - 00381752 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 12:19 - 2015-10-31 01:59 - 00692688 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00020816 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00109520 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 01737032 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00020808 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00020800 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00021840 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00038696 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00024528 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00020936 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00114640 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00021320 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00124880 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00030160 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00043472 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00175560 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00028616 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00048592 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00024392 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00036296 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 12:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00117056 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00023376 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 12:19 - 2015-10-31 01:59 - 00134608 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 12:19 - 2015-10-31 01:59 - 00134088 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00240584 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00020280 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00052024 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00021304 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00350152 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00084792 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 12:19 - 2015-12-08 22:36 - 01826608 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 12:19 - 2015-10-31 02:00 - 00083912 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 03891504 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 01950000 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00519984 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00133936 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00225080 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00207672 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00024904 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00486704 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 12:19 - 2015-12-08 22:36 - 00357680 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-10-26 10:47 - 2015-10-31 02:01 - 00019920 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-10-26 10:47 - 2015-10-31 02:00 - 00786904 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-26 10:47 - 2015-10-31 02:00 - 00063448 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-10-26 10:47 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{074772AE-B3BA-4F23-8E12-773353CB6A63}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{26A1FF90-A550-432D-BF6B-C071B3286FEA}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{C478A420-A500-4274-A52E-70EC7481342F}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-01-22 00:42 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\Control Panel\Desktop\\Wallpaper -> C:\Users\jan.havrda\AppData\Local\Microsoft\Windows\Themes\Frydstejn\DesktopBackground\p1060001.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6E32D032-3B9F-44A6-84F5-849DAD19B268}] => (Allow) LPort=2799
FirewallRules: [{32DDD483-3FA1-4E0F-BD06-E4FD4B35DF96}] => (Allow) LPort=2799
FirewallRules: [{4D5E8385-8DB3-4116-9FC5-ABCE4D8D9846}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{951CF94E-1203-4C27-9E10-253BBD6F4B44}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{BC7A7677-78DD-4204-A49E-887B63ABE1A9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{8EA4F8BA-6802-4622-91E5-E6CE244DAAC9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{C7BEA993-4AEF-4418-AEA9-CF4587EB726C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{14B51B00-6C76-4BB8-BE7E-CD98C41E7433}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F0B36628-F53B-456E-8C41-339852AF6D05}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CEA8BD69-3997-440A-94AA-6FC775793622}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5279FB02-7F9D-48B8-8BE7-66E4C4471747}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe
FirewallRules: [UDP Query User{30C49DD7-D17C-4C12-B129-DC0BB13BCFD3}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe
FirewallRules: [TCP Query User{1E08AE03-17B8-4E13-AA67-C10E96DF0463}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe] => (Allow) C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe
FirewallRules: [UDP Query User{CA2FF93B-5EA5-4471-9654-CF31E54E2F9C}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe] => (Allow) C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe
FirewallRules: [{0C05954A-CDC9-430D-9F6F-2A9783AFDB11}] => (Block) C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe
FirewallRules: [{376790CB-C2BD-49BD-8EE5-C98757A14C5A}] => (Block) C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe
FirewallRules: [{0F5F3B81-CD33-4636-BCC6-18712A4872B5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{954C747C-0D16-4DD8-A05B-31A9BCF0353B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{BE50E21A-7378-4150-A509-42E0055FDEAB}] => (Allow) C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5625002F-A281-4135-8D03-E615EA1700D4}] => (Allow) C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A7378929-B0A9-400D-A094-403362CE00B8}] => (Allow) C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{83EADE8D-99E1-4DEB-937B-B125984D9E17}] => (Allow) C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9DFDDAE-E797-42C8-898A-79BB4323581F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{74A7F24A-B005-45AC-9CC8-C5C70AAA75DB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{C21A57E6-998A-45A9-A9F3-CB1CA3C062E8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{05DE706C-8431-4169-97E3-65E9CC333639}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{53EB8F92-A033-4FE8-8853-D4F1C25A36BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{95388644-ACA0-427A-BDDF-C39D6AEA6D82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6AB5A5D4-D876-4614-B7E5-F0BCC39433E9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\Smc.exe
FirewallRules: [{4F33578D-201E-490C-B751-70A689875243}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\Smc.exe
FirewallRules: [{71BEB855-3902-4C7A-85F8-7A806108FAE2}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe
FirewallRules: [{914A1732-E835-4E0D-BBBF-8B4AF8D7EE2A}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe
FirewallRules: [{1E64360D-43CF-441C-8767-D9837F2A90D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DDD9CA47-4AB2-4CB8-A4F5-EC42830823B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99FE7F4B-5566-44DA-B08F-C53B21366269}] => (Allow) LPort=8317
FirewallRules: [{B1E9CA63-8225-4474-BD27-7701C684E879}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-01-2016 00:25:40 zoek.exe restore point

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH w/swipe sensor
Description: Broadcom USH w/swipe sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2016 07:20:55 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: c:\users\jan.havrda\desktop\frst64.exe by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (01/22/2016 06:42:54 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/22/2016 06:42:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/22/2016 12:26:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4c341
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000000871c
ID chybujícího procesu: 0xcf4
Čas spuštění chybující aplikace: 0xDaS_21.exe0
Cesta k chybující aplikaci: DaS_21.exe1
Cesta k chybujícímu modulu: DaS_21.exe2
ID zprávy: DaS_21.exe3
Úplný název chybujícího balíčku: DaS_21.exe4
ID aplikace související s chybujícím balíčkem: DaS_21.exe5

Error: (01/22/2016 12:26:21 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DaS_21.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentOutOfRangeException
Zásobník:
na System.String.Substring(Int32, Int32)
na DriverAndServicesOut.GetProcess.GetPathName(System.String)
na DriverAndServicesOut.GetProcess.GetAllServices(System.String)
na DriverAndServicesOut.Program.Main(System.String[])

Error: (01/22/2016 12:20:17 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jan.havrda\Downloads\zoek.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (01/22/2016 12:19:17 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jan.havrda\Downloads\zoek.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (01/21/2016 02:23:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2 na řádku C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (01/21/2016 12:24:14 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/21/2016 12:24:14 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

System errors:
=============
Error: (01/22/2016 06:44:28 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ACTIS)
Description: Zpracování zásad skupiny selhalo v důsledku toho, že se nebylo v síti možné připojit k řadiči domény. Může se jednat o přechodný stav. Po připojení počítače k řadiči domény a úspěšném zpracování zásad skupiny bude odeslána zpráva o úspěšném provedení těchto akcí. Pokud se tato zpráva nezobrazí během několika hodin, obraťte se na správce.

Error: (01/22/2016 06:44:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/22/2016 06:42:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%577

Error: (01/22/2016 06:42:28 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: Zpracování zásad skupiny selhalo. Systém Windows nerozpoznal název počítače. Může to být způsobeno jedním nebo více z následujících důvodů:
a) Selhal překlad IP adres v aktuálním řadiči domény.
b) Čekací doba replikace služby Active Directory (účet vytvořený na jiném řadiči domény nebyl replikován na aktuální řadič domény).

Error: (01/22/2016 06:42:28 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Tento počítač nemohl nastavit zabezpečenou relaci s řadičem
domény v doméně ACTIS z následujícího důvodu:
%%1311

To může vést k potížím při ověřování. Přesvědčte se, zda je tento
počítač připojen k síti. Pokud potíže trvají,
obraťte se na správce domény.

DALŠÍ INFORMACE

Pokud je tento počítač řadičem domény pro určenou doménu,
nastaví zabezpečenou relaci s emulátorem primárního řadiče domény v určené
doméně. V opačném případě tento počítač nastaví zabezpečenou relaci s libovolným řadičem domény
v určené doméně.

Error: (01/22/2016 06:41:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/22/2016 06:17:47 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ACTIS)
Description: Zpracování zásad skupiny selhalo v důsledku toho, že se nebylo v síti možné připojit k řadiči domény. Může se jednat o přechodný stav. Po připojení počítače k řadiči domény a úspěšném zpracování zásad skupiny bude odeslána zpráva o úspěšném provedení těchto akcí. Pokud se tato zpráva nezobrazí během několika hodin, obraťte se na správce.

Error: (01/22/2016 05:27:03 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: Zpracování zásad skupiny selhalo v důsledku toho, že se nebylo v síti možné připojit k řadiči domény. Může se jednat o přechodný stav. Po připojení počítače k řadiči domény a úspěšném zpracování zásad skupiny bude odeslána zpráva o úspěšném provedení těchto akcí. Pokud se tato zpráva nezobrazí během několika hodin, obraťte se na správce.

Error: (01/22/2016 05:26:04 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Tento počítač nemohl nastavit zabezpečenou relaci s řadičem
domény v doméně ACTIS z následujícího důvodu:
%%1311

To může vést k potížím při ověřování. Přesvědčte se, zda je tento
počítač připojen k síti. Pokud potíže trvají,
obraťte se na správce domény.

DALŠÍ INFORMACE

Pokud je tento počítač řadičem domény pro určenou doménu,
nastaví zabezpečenou relaci s emulátorem primárního řadiče domény v určené
doméně. V opačném případě tento počítač nastaví zabezpečenou relaci s libovolným řadičem domény
v určené doméně.

Error: (01/22/2016 04:52:33 AM) (Source: DCOM) (EventID: 10010) (User: ACTIS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

CodeIntegrity:
===================================
Date: 2016-01-22 06:42:44.824
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-21 01:57:16.839
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-21 00:24:05.589
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-20 12:22:45.263
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-20 12:04:51.997
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-20 11:50:43.979
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-19 15:44:03.229
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-14 13:03:57.794
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-09 18:07:01.888
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-03 23:28:15.670
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\DgivEcp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 23%
Total physical RAM: 7989.83 MB
Available physical RAM: 6083.82 MB
Total Virtual: 16181.83 MB
Available Virtual: 14316.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:6.22 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (OS) (Fixed) (Total:121.01 GB) (Free:71.32 GB) NTFS
Drive g: (DATA) (Fixed) (Total:111.1 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or

(Size: 111.8 GB) (Disk ID: 81AD8E80)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 8A427EA7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=121 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=111.1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Reklama

slunce · Příspěvekod **slunce** » 22 led 2016 07:36

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by jan.havrda (administrator) on HAVRDA-E6510 (22-01-2016 07:22:05)
Running from C:\Users\jan.havrda\Desktop
Loaded Profiles: jan.havrda (Available Profiles: havrda & jan.havrda)
Platform: Windows 8.1 Pro (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(IBM) C:\IBM\Notes\nsd.exe
(IBM Corp) C:\IBM\Notes\SUService.exe
(IBM Corp) C:\IBM\Notes\ntmulti.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NGWIN) C:\Program Files (x86)\PicPick\picpick.exe
(Intuwave Ltd.) C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
(Intuwave Ltd.) C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(IBM Corporation) C:\Program Files (x86)\IBM\Connections Desktop Plugins\LFMonitor.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103576 2012-06-09] (VMware, Inc.)
HKLM-x32\...\Run: [PC Suite for Smartphones] => C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [548864 2007-12-25] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-08-07] (Juniper Networks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [19959616 2015-08-24] (NGWIN)
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Run: [mRouterConfig] => C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe [290816 2006-03-02] (Intuwave Ltd.)
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Run: [Dropbox Update] => C:\Users\jan.havrda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Technologies S.A.)
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\...\MountPoints2: {0b7b397b-af6c-11e3-824e-f07bcba8ca67} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [ IBMFileSync1 (Conflict)] -> {3855B2BD-E9D0-49FA-A10C-9CBEF436D4E7} => C:\Program Files (x86)\IBM\Connections Desktop Plugins\LFShellMenu64.dll [2014-06-12] (IBM Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sledování konceptů produktu IBM Connections.lnk [2014-08-06]
ShortcutTarget: Sledování konceptů produktu IBM Connections.lnk -> C:\Program Files (x86)\IBM\Connections Desktop Plugins\LFMonitor.exe (IBM Corporation)
Startup: C:\Users\jan.havrda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\jan.havrda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{2310EB76-1CF9-4790-8278-0211F7E7A118}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F11C00B1-916A-4F8E-BA24-5543A63480FD}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-ww
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-20] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-20] (Oracle Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\bin\IPS\IPSBHO.DLL [2015-07-20] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/Juni ... Client.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\jan.havrda\AppData\Roaming\Mozilla\Firefox\Profiles\jkaee4h3.default
FF NewTab: about:newtab
FF SearchEngineOrder.3: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

Chrome:
=======
CHR Profile: C:\Users\jan.havrda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jan.havrda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\jan.havrda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (Rapport) - C:\Users\jan.havrda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-08-06]
CHR Extension: (YouTube) - C:\Users\jan.havrda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\jan.havrda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\jan.havrda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jan.havrda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\jan.havrda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 IBM Notes Diagnostics; C:\IBM\Notes\nsd.exe [5164136 2013-10-15] (IBM)
R2 LNSUSvc; C:\IBM\Notes\SUService.exe [1654376 2013-10-15] (IBM Corp)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Multi-user Cleanup Service; C:\IBM\Notes\ntmulti.exe [38504 2013-10-15] (IBM Corp)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2016-01-03] (IBM Corp.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe [145008 2015-07-20] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe [396344 2015-08-07] (Symantec Corporation)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-06-09] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 Smcinst; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6306.6100.105\SmcLU\Setup\smcinst.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\BASHDefs\20160105.011\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSettings_{C478A420-A500-4274-A52E-70EC7481342F}; C:\Windows\System32\Drivers\SEP\0C0118AE\17D4.105\x64\ccSetx64.sys [162392 2015-07-20] (Symantec Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [47104 2006-09-18] (Samsung Electronics) [File not signed]
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-12-05] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\IPSDefs\20160120.011\IDSvia64.sys [767224 2015-12-16] (Symantec Corporation)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-07-08] (Juniper Networks)
S4 jnprTdi_806_48695; C:\Windows\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-07-08] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-07-08] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160121.021\ENG64.SYS [138488 2016-01-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160121.021\EX64.SYS [2148080 2016-01-18] (Symantec Corporation)
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [503320 2016-01-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2016-01-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2016-01-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2016-01-03] (IBM Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSP64.SYS [890584 2015-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSPX64.SYS [37592 2015-07-20] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\SyDvCtrl64.sys [36952 2015-08-07] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0501010.002\symefasi.sys [1616088 2015-08-07] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C0118AE\17D4.105\x64\SymELAM.sys [23568 2015-07-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [178392 2015-08-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0118AE\17D4.105\x64\Ironx64.SYS [270040 2015-07-20] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0118AE\17D4.105\x64\SYMNETS.SYS [594136 2015-07-20] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [168304 2015-08-11] (Symantec Corporation)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [112648 2015-06-09] (Symantec Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-06-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 zebrbus; C:\Windows\System32\drivers\zebrbus.sys [108544 2008-01-15] (MCCI)
R3 zebrceb; C:\Windows\System32\drivers\zebrceb.sys [81280 2008-01-15] (MCCI)
S3 zebrmdfl; C:\Windows\system32\DRIVERS\zebrmdfl.sys [18944 2008-01-15] (MCCI Corporation)
S3 zebrmdm; C:\Windows\system32\DRIVERS\zebrmdm.sys [145408 2008-01-15] (MCCI)
S3 zebrmdmc; C:\Windows\System32\drivers\zebrmdmc.sys [145408 2008-01-15] (MCCI)
S3 zebrsce; C:\Windows\system32\DRIVERS\zebrsce.sys [120832 2008-01-15] (MCCI)
U3 aswMBR; \??\C:\Users\JAN~1.HAV\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\JAN~1.HAV\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-22 07:22 - 2016-01-22 07:22 - 00023495 _____ C:\Users\jan.havrda\Desktop\FRST.txt
2016-01-22 07:22 - 2016-01-22 07:22 - 00000000 ____D C:\FRST
2016-01-22 07:18 - 2016-01-22 07:18 - 02370560 _____ (Farbar) C:\Users\jan.havrda\Desktop\frst64.exe
2016-01-22 07:11 - 2016-01-22 07:11 - 00003810 _____ C:\Users\jan.havrda\Desktop\aswMBR.txt
2016-01-22 07:11 - 2016-01-22 07:11 - 00000512 _____ C:\Users\jan.havrda\Desktop\MBR.dat
2016-01-22 07:07 - 2016-01-22 07:07 - 05200384 _____ (AVAST Software) C:\Users\jan.havrda\Desktop\aswmbr.exe
2016-01-22 06:44 - 2016-01-22 06:44 - 00000000 ____D C:\ProgramData\PicPick
2016-01-22 01:56 - 2016-01-22 00:24 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-01-22 00:23 - 2016-01-22 06:42 - 00000000 ____D C:\zoek_backup
2016-01-22 00:20 - 2016-01-22 00:21 - 01309184 _____ C:\Users\jan.havrda\Desktop\zoek.exe
2016-01-22 00:08 - 2016-01-22 00:08 - 00016806 _____ C:\Users\jan.havrda\Desktop\RogueKillerX64_2016-01-22_00-08.txt
2016-01-21 03:06 - 2016-01-21 03:06 - 00014908 _____ C:\Users\jan.havrda\Desktop\RogueKillerX64.txt
2016-01-21 02:45 - 2016-01-21 23:25 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-21 02:45 - 2016-01-21 02:45 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-21 02:43 - 2016-01-21 02:43 - 25133128 _____ C:\Users\jan.havrda\Desktop\RogueKillerX64.exe
2016-01-21 02:07 - 2016-01-21 02:07 - 00000812 _____ C:\Users\jan.havrda\Desktop\JRT.txt
2016-01-21 01:25 - 2016-01-21 01:25 - 00000000 ____D C:\Users\jan.havrda\AppData\Local\Adobe
2016-01-20 23:53 - 2016-01-20 23:53 - 01600184 _____ (Malwarebytes) C:\Users\jan.havrda\Desktop\JRT.exe
2016-01-20 12:30 - 2016-01-21 02:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-20 12:30 - 2016-01-20 12:30 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-20 12:30 - 2016-01-20 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-20 12:30 - 2016-01-20 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-20 12:30 - 2016-01-20 12:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-20 12:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-20 12:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-20 12:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-20 12:15 - 2016-01-20 12:21 - 00000000 ____D C:\AdwCleaner
2016-01-20 12:10 - 2016-01-20 12:14 - 22908888 _____ (Malwarebytes ) C:\Users\jan.havrda\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-20 12:08 - 2016-01-20 12:08 - 01505280 _____ C:\Users\jan.havrda\Desktop\adwcleaner_5.030.exe
2016-01-20 11:33 - 2016-01-20 11:33 - 00448512 _____ (OldTimer Tools) C:\Users\jan.havrda\Downloads\TFC.exe
2016-01-20 11:26 - 2016-01-20 11:26 - 00050688 _____ (Atribune.org) C:\Users\jan.havrda\Downloads\ATF-Cleaner.exe
2016-01-19 21:12 - 2016-01-19 21:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\jan.havrda\Downloads\HijackThis(1).exe
2016-01-19 20:56 - 2016-01-19 20:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\jan.havrda\Downloads\hijackthis.exe
2016-01-13 13:37 - 2015-12-11 05:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 13:37 - 2015-12-11 05:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 13:37 - 2015-12-11 04:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 13:37 - 2015-12-11 04:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 13:37 - 2015-12-11 04:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 13:37 - 2015-12-11 04:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 13:37 - 2015-12-11 04:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 13:37 - 2015-12-11 04:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-13 13:37 - 2015-12-11 04:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 13:37 - 2015-12-11 04:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 13:37 - 2015-12-11 03:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 13:37 - 2015-12-11 03:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 13:37 - 2015-12-11 03:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-13 13:37 - 2015-12-11 03:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 13:37 - 2015-12-11 03:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 13:37 - 2015-12-11 03:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 13:37 - 2015-12-11 03:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 13:37 - 2015-12-11 03:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 13:37 - 2015-12-11 03:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 13:37 - 2015-12-11 03:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 13:37 - 2015-12-11 03:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 13:36 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 13:36 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 13:35 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 13:35 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 13:35 - 2015-12-03 20:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-13 13:35 - 2015-12-03 20:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-13 13:35 - 2015-12-03 20:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 13:35 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-13 13:35 - 2015-12-03 20:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 13:35 - 2015-12-03 19:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-13 13:35 - 2015-12-03 19:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 13:35 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-13 13:35 - 2015-12-03 19:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 13:35 - 2015-12-03 19:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 13:35 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 13:35 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 13:35 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 13:35 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 13:35 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 13:35 - 2015-12-03 18:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 13:35 - 2015-12-03 18:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-13 13:35 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 13:35 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 13:35 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 13:35 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 13:35 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 13:35 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 13:35 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 13:35 - 2015-12-03 18:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-13 13:35 - 2015-12-03 18:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 13:35 - 2015-12-03 18:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 13:35 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 13:35 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 13:35 - 2015-12-03 17:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 13:35 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 13:35 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 13:34 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 13:34 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 13:33 - 2015-12-30 20:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 13:33 - 2015-12-30 20:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 13:33 - 2015-12-30 20:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 13:33 - 2015-12-10 01:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 13:33 - 2015-12-07 11:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 13:33 - 2015-12-04 16:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 13:33 - 2015-11-17 22:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 13:33 - 2015-11-17 22:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 13:33 - 2015-11-17 22:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 13:33 - 2015-11-17 22:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 13:33 - 2015-11-17 22:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 13:33 - 2015-11-17 22:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 13:33 - 2015-11-17 22:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 15:25 - 2016-01-12 15:25 - 00022360 _____ C:\Users\jan.havrda\Downloads\R._2009 seznam.xlsx
2016-01-07 11:43 - 2016-01-09 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-29 02:35 - 2015-12-29 02:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-22 07:22 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2016-01-22 07:19 - 2014-03-20 09:54 - 00000000 ____D C:\Users\jan.havrda\AppData\Roaming\Skype
2016-01-22 07:18 - 2015-02-12 12:31 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-22 07:15 - 2015-06-22 09:05 - 00000950 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4055201498-3228124647-2368045543-1112UA.job
2016-01-22 07:10 - 2014-03-28 08:49 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-22 06:46 - 2014-09-23 14:32 - 00783012 _____ C:\Windows\system32\perfh019.dat
2016-01-22 06:46 - 2014-09-23 14:32 - 00162576 _____ C:\Windows\system32\perfc019.dat
2016-01-22 06:46 - 2014-09-23 14:25 - 00742592 _____ C:\Windows\system32\perfh005.dat
2016-01-22 06:46 - 2014-09-23 14:25 - 00152824 _____ C:\Windows\system32\perfc005.dat
2016-01-22 06:46 - 2014-03-19 13:52 - 02700008 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-22 06:46 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-01-22 06:45 - 2014-09-22 14:23 - 00000000 ___RD C:\Users\jan.havrda\Dropbox
2016-01-22 06:45 - 2014-09-22 14:14 - 00000000 ____D C:\Users\jan.havrda\AppData\Roaming\Dropbox
2016-01-22 06:44 - 2014-03-28 08:49 - 00000974 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-22 06:42 - 2014-03-20 05:58 - 00000000 ____D C:\ProgramData\VMware
2016-01-22 06:42 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-22 06:07 - 2014-03-19 17:10 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A19839A3-5F05-427F-BBD2-EDD4FFFE1A55}
2016-01-22 01:29 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-01-22 00:41 - 2014-12-15 09:01 - 00000000 ____D C:\Users\jan.havrda\AppData\Local\CrashDumps
2016-01-22 00:21 - 2014-05-09 13:11 - 00000000 ____D C:\ProgramData\Symantec
2016-01-21 12:06 - 2014-03-20 09:38 - 00000000 ____D C:\ProgramData\Skype
2016-01-21 10:15 - 2015-06-22 09:05 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4055201498-3228124647-2368045543-1112Core.job
2016-01-21 01:45 - 2014-03-19 17:11 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4055201498-3228124647-2368045543-1112
2016-01-21 01:39 - 2014-03-20 06:06 - 00000000 ____D C:\Users\jan.havrda\AppData\Roaming\VMware
2016-01-21 01:39 - 2014-03-20 06:06 - 00000000 ____D C:\Users\jan.havrda\AppData\Local\VMware
2016-01-21 01:19 - 2015-05-20 13:33 - 00000000 __SHD C:\Users\jan.havrda\AppData\LocalLow\EmieBrowserModeList
2016-01-21 01:19 - 2014-10-29 13:35 - 00000000 __SHD C:\Users\jan.havrda\AppData\LocalLow\EmieUserList
2016-01-21 01:19 - 2014-10-29 13:35 - 00000000 __SHD C:\Users\jan.havrda\AppData\LocalLow\EmieSiteList
2016-01-20 11:49 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-01-20 00:18 - 2015-02-12 12:31 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 15:46 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-01-19 09:19 - 2014-03-20 09:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-18 00:15 - 2014-03-19 14:24 - 00000000 ____D C:\Temp
2016-01-15 07:11 - 2014-03-28 08:50 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-15 07:11 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-01-14 13:05 - 2015-08-06 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer
2016-01-14 13:03 - 2014-03-26 15:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 13:03 - 2014-03-26 15:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 07:15 - 2014-12-10 18:00 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 07:15 - 2014-07-15 07:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 20:32 - 2015-11-08 18:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 20:32 - 2015-01-02 11:09 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 14:10 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 14:09 - 2014-03-26 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 14:09 - 2014-03-19 14:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 14:03 - 2014-03-25 13:48 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 13:58 - 2014-03-25 13:48 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-09 18:07 - 2014-03-19 14:41 - 00000000 ____D C:\Users\jan.havrda
2016-01-09 18:06 - 2014-03-19 17:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 21:04 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 21:04 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-03 19:10 - 2015-08-06 14:49 - 00396152 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-01-03 19:10 - 2015-08-06 14:49 - 00141304 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-12-29 02:35 - 2014-03-20 09:38 - 00002747 _____ C:\Users\Public\Desktop\Skype.lnk

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-17 22:16

==================== End of FRST.txt ============================

Příspěvekod **jaro3** » 22 led 2016 10:24

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
Task: {2D340C4A-6B6F-4261-9EFD-37FBB3C74E05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {7329D722-887C-4F93-8246-01B097A82408} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {B48FC41C-B9B1-4B7B-9C75-90666F7DABC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SearchScopes: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
2016-01-22 07:10 - 2014-03-28 08:49 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-22 06:44 - 2014-03-28 08:49 - 00000974 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Aktualizuj javu:
[url= http://www.oracle.com/technetwork/java/ ... 33155.html
Java SE Runtime Environment 8

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-8-windows-i586-p.exe nebo
jre-8-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Drive c: () (Fixed) (Total:111.45 GB) (Free:6.22 GB) NTFS

nedostatek volného místa na systémovém disku , měl bys mít nejméně 15-20% vlného místa na disku , pro bezproblémový chod windows. Něco odinstaluj , smaž.

slunce · Příspěvekod **slunce** » 28 led 2016 00:05

Je možno dostat nějaké info, zda je tam něco závadnéhop nebo je to OK?

Příspěvekod **jaro3** » 28 led 2016 10:18

Udělej ten script. A uvolni si místo na disku.

Jen běžný balast a adware.

slunce · Příspěvekod **slunce** » 05 úno 2016 23:20

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by jan.havrda (2016-02-05 23:10:42) Run:1
Running from C:\Users\jan.havrda\Desktop
Loaded Profiles: jan.havrda (Available Profiles: havrda & jan.havrda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
Task: {2D340C4A-6B6F-4261-9EFD-37FBB3C74E05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {7329D722-887C-4F93-8246-01B097A82408} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {B48FC41C-B9B1-4B7B-9C75-90666F7DABC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SearchScopes: HKU\S-1-5-21-4055201498-3228124647-2368045543-1112 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
2016-01-22 07:10 - 2014-03-28 08:49 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-22 06:44 - 2014-03-28 08:49 - 00000974 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D340C4A-6B6F-4261-9EFD-37FBB3C74E05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D340C4A-6B6F-4261-9EFD-37FBB3C74E05}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7329D722-887C-4F93-8246-01B097A82408}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7329D722-887C-4F93-8246-01B097A82408}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B48FC41C-B9B1-4B7B-9C75-90666F7DABC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B48FC41C-B9B1-4B7B-9C75-90666F7DABC9}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-4055201498-3228124647-2368045543-1112\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof" => key removed successfully
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job" => not found.
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job" => not found.
EmptyTemp: => 400 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 23:11:19 ====

Příspěvekod **jaro3** » 06 úno 2016 09:35

Uvolnil sis místo na tom disku?
Co problémy?

hláška "...Policie ČR..." - kontrola logu po HJT

Re: hláška "...Policie ČR..." - kontrola logu po HJT

Re: hláška "...Policie ČR..." - kontrola logu po HJT

Re: hláška "...Policie ČR..." - kontrola logu po HJT

Re: hláška "...Policie ČR..." - kontrola logu po HJT

Re: hláška "...Policie ČR..." - kontrola logu po HJT

Re: hláška "...Policie ČR..." - kontrola logu po HJT

Re: hláška "...Policie ČR..." - kontrola logu po HJT

Kdo je online