RogueKiller V12.8.4.0 (x64) [Dec 5 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : Milz [Práva správce]
Started from : C:\Users\Milan\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 12/07/2016 18:37:18 (Duration : 00:25:51)
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 8 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDIDX -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ggbugreport -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IHPUL -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSFK -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDMAN -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WINSERE -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1 ([][][-][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f9d4fdb8-0e8f-424e-8e19-7dd26c417fb2} | DhcpNameServer : 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1 ([][][-][-]) -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0x20]) ¤¤¤
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] z4ox15ht.default : user_pref("browser.search.selectedEngine", "Yahoo®"); -> Nalezeno
[PUM.SearchEngine][Firefox:Config] z4ox15ht.default : user_pref("browser.search.defaultenginename", "Yahoo®"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 +++++
--- User ---
[MBR] 7c03c08a37cdee6f8a662e1e0af4e801
[BSP] e1c6413a4382cda5c64b552b16e47601 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 1083392 | Size: 98672 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 203163648 | Size: 450 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 204085248 | Size: 350 MB
4 - [MAN-MOUNT] EFI system partition | Offset (sectors): 205416448 | Size: 100 MB
5 - Basic data partition | Offset (sectors): 205621248 | Size: 853467 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 6972099fa3cf8533afc33e5f20147bba
[BSP] 5ccfc07ec0029eec0a80715eebc8d82d : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 499999 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1023999165 | Size: 453867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: ST3250620AS +++++
--- User ---
[MBR] c5ade427a94d08b81cda5d81d36449c7
[BSP] 2a7d45abb849dd06b49ec950609f6766 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive3: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
Zabržděný PC stroj Vyřešeno
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
====================================================
Stáhni
Zoek.exe
a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.
Do okna programu vlož skript níže:
Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
====================================================
Co problémy?
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
====================================================
Stáhni
Zoek.exe
a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
====================================================
Co problémy?
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
-
milancz
- Level 3
- Příspěvky: 400
- Registrován: srpen 08
- Bydliště: České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
RogueKiller V12.8.4.0 (x64) [Dec 5 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : Milz [Práva správce]
Started from : C:\Users\Milan\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 12/07/2016 19:10:04 (Duration : 00:27:53)
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 8 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDIDX -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ggbugreport -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IHPUL -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSFK -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDMAN -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WINSERE -> Smazáno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1 ([][][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f9d4fdb8-0e8f-424e-8e19-7dd26c417fb2} | DhcpNameServer : 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1 ([][][-][-]) -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] z4ox15ht.default : user_pref("browser.search.selectedEngine", "Yahoo®"); -> Smazáno
[PUM.SearchEngine][Firefox:Config] z4ox15ht.default : user_pref("browser.search.defaultenginename", "Yahoo®"); -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 +++++
--- User ---
[MBR] 7c03c08a37cdee6f8a662e1e0af4e801
[BSP] e1c6413a4382cda5c64b552b16e47601 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 1083392 | Size: 98672 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 203163648 | Size: 450 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 204085248 | Size: 350 MB
4 - [MAN-MOUNT] EFI system partition | Offset (sectors): 205416448 | Size: 100 MB
5 - Basic data partition | Offset (sectors): 205621248 | Size: 853467 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 6972099fa3cf8533afc33e5f20147bba
[BSP] 5ccfc07ec0029eec0a80715eebc8d82d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 499999 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1023999165 | Size: 453867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: ST3250620AS +++++
--- User ---
[MBR] c5ade427a94d08b81cda5d81d36449c7
[BSP] 2a7d45abb849dd06b49ec950609f6766 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive3: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : Milz [Práva správce]
Started from : C:\Users\Milan\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 12/07/2016 19:10:04 (Duration : 00:27:53)
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 8 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AMDIDX -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ggbugreport -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IHPUL -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSFK -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDMAN -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WINSERE -> Smazáno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1 ([][][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f9d4fdb8-0e8f-424e-8e19-7dd26c417fb2} | DhcpNameServer : 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1 ([][][-][-]) -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] z4ox15ht.default : user_pref("browser.search.selectedEngine", "Yahoo®"); -> Smazáno
[PUM.SearchEngine][Firefox:Config] z4ox15ht.default : user_pref("browser.search.defaultenginename", "Yahoo®"); -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 +++++
--- User ---
[MBR] 7c03c08a37cdee6f8a662e1e0af4e801
[BSP] e1c6413a4382cda5c64b552b16e47601 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 1083392 | Size: 98672 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 203163648 | Size: 450 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 204085248 | Size: 350 MB
4 - [MAN-MOUNT] EFI system partition | Offset (sectors): 205416448 | Size: 100 MB
5 - Basic data partition | Offset (sectors): 205621248 | Size: 853467 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 6972099fa3cf8533afc33e5f20147bba
[BSP] 5ccfc07ec0029eec0a80715eebc8d82d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 499999 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1023999165 | Size: 453867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: ST3250620AS +++++
--- User ---
[MBR] c5ade427a94d08b81cda5d81d36449c7
[BSP] 2a7d45abb849dd06b49ec950609f6766 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive3: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
-
milancz
- Level 3
- Příspěvky: 400
- Registrován: srpen 08
- Bydliště: České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Milz on st 07. 12. 2016 at 19:44:20,47.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Milan\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
7. 12. 2016 19:45:41 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\trhm1xqb deleted successfully
C:\PROGRA~2\vk05xn8d deleted successfully
C:\PROGRA~3\firebird deleted successfully
C:\Users\Milan\AppData\Local\ActiveSync deleted successfully
C:\Users\Milan\AppData\Local\GHISLER deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default\prefs.js:
user_pref("browser.search.defaulturl", "https://www.google.com/search?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search?trackid=sp-006");
Added to C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\shell\open\command]
@="C:\\Program Files\\AVAST Software\\SZBrowser\\Launcher.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\trhm1xqb not found
C:\PROGRA~2\vk05xn8d not found
C:\Users\Milan\.android deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Milan\AppData\Local\Unity deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Milan\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Users\Milan\AppData\Roaming\dlg" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [15. 05. 2016 14:31]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [15. 05. 2016 14:31]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default
62D98B286C805E193568037B70D936D2 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[15. 05. 2016 14:31]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
Avast Online Security - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Drive App Launcher - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Chrome Media Router - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Chromium Fix ======================
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adaptor.blog.cz_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adaptor.blog.cz_0.localstorage-journal deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{2137A133-F838-4C2C-B5D5-87B66F0A751D} - http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{4EB37233-050F-4235-92B7-CB7A9E87355A} - http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{556085BB-8626-46AB-BF25-45242389416C} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{56D23827-7125-4731-B5FC-EEDBA4BA3651} - http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{9FBE5682-DE6E-4206-9A4A-140A2CB91A99} - http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{BF3670C2-090F-4604-9AFC-B127FCFF4754} - http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
HKCU\SearchScopes\{DBEF27A1-48F2-486B-B357-40411FEB5624} - http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
HKCU\SearchScopes\{E30BDFC0-C20B-47CA-9C9B-845A154082F5} - http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
==== Reset Google Chrome ======================
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Milan\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=571 folders=100 850952376 bytes)
==== Empty Temp Folders ======================
C:\Users\Milan\AppData\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Milan\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on st 07. 12. 2016 at 19:59:54,51 ======================
Jinak start trochu delší, ale ještě vyzkouším.
Tool run by Milz on st 07. 12. 2016 at 19:44:20,47.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Milan\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
7. 12. 2016 19:45:41 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\trhm1xqb deleted successfully
C:\PROGRA~2\vk05xn8d deleted successfully
C:\PROGRA~3\firebird deleted successfully
C:\Users\Milan\AppData\Local\ActiveSync deleted successfully
C:\Users\Milan\AppData\Local\GHISLER deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default\prefs.js:
user_pref("browser.search.defaulturl", "https://www.google.com/search?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search?trackid=sp-006");
Added to C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\shell\open\command]
@="C:\\Program Files\\AVAST Software\\SZBrowser\\Launcher.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\trhm1xqb not found
C:\PROGRA~2\vk05xn8d not found
C:\Users\Milan\.android deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Milan\AppData\Local\Unity deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Milan\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Users\Milan\AppData\Roaming\dlg" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [15. 05. 2016 14:31]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [15. 05. 2016 14:31]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default
62D98B286C805E193568037B70D936D2 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[15. 05. 2016 14:31]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
Avast Online Security - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Drive App Launcher - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Chrome Media Router - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Chromium Fix ======================
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adaptor.blog.cz_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adaptor.blog.cz_0.localstorage-journal deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{2137A133-F838-4C2C-B5D5-87B66F0A751D} - http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{4EB37233-050F-4235-92B7-CB7A9E87355A} - http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{556085BB-8626-46AB-BF25-45242389416C} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{56D23827-7125-4731-B5FC-EEDBA4BA3651} - http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{9FBE5682-DE6E-4206-9A4A-140A2CB91A99} - http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{BF3670C2-090F-4604-9AFC-B127FCFF4754} - http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
HKCU\SearchScopes\{DBEF27A1-48F2-486B-B357-40411FEB5624} - http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
HKCU\SearchScopes\{E30BDFC0-C20B-47CA-9C9B-845A154082F5} - http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
==== Reset Google Chrome ======================
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Milan\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=571 folders=100 850952376 bytes)
==== Empty Temp Folders ======================
C:\Users\Milan\AppData\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Milan\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on st 07. 12. 2016 at 19:59:54,51 ======================
Jinak start trochu delší, ale ještě vyzkouším.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
milancz
- Level 3
- Příspěvky: 400
- Registrován: srpen 08
- Bydliště: České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 8. 12. 2016
Čas skenování: 19:23
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.12.08.12
Databáze rootkitů: v2016.11.20.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Milz
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 313303
Uplynulý čas: 5 min, 48 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Stále to ještě není ono, ale nějaký ten čas na spouštění navíc bude asi normální. Pokud tedy není ještě někde něco schovaného..
www.malwarebytes.org
Datum skenování: 8. 12. 2016
Čas skenování: 19:23
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.12.08.12
Databáze rootkitů: v2016.11.20.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Milz
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 313303
Uplynulý čas: 5 min, 48 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Stále to ještě není ono, ale nějaký ten čas na spouštění navíc bude asi normální. Pokud tedy není ještě někde něco schovaného..
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
Vlož nový log z HJT
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Na konci klepni na tlačítko Nastavení (ozubené kolo v rohu)> Advanced> ""
- "Přečetl jsem si upozornění a chci pokračovat stejně .....
Zaškrtnutí Auto Launch
Nezaškrtnutí Auto upload
Zaškrtnutí All Browser Extensions (Všechna rozšíření prohlížeče)
Inteligentní nastavení skenování jako náhrada za hloubkové prověření
Zavři všechny otevřené soubory, složky a prohlížeče
Klepni na tlačítko Scan now (Skenovat) a začne sken hrozeb.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Na konci klepni na tlačítko Nastavení (ozubené kolo v rohu)> Advanced> ""
- "Přečetl jsem si upozornění a chci pokračovat stejně .....
Zaškrtnutí Auto Launch
Nezaškrtnutí Auto upload
Zaškrtnutí All Browser Extensions (Všechna rozšíření prohlížeče)
Inteligentní nastavení skenování jako náhrada za hloubkové prověření
Zavři všechny otevřené soubory, složky a prohlížeče
Klepni na tlačítko Scan now (Skenovat) a začne sken hrozeb.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
milancz
- Level 3
- Příspěvky: 400
- Registrován: srpen 08
- Bydliště: České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-12-09 19:08:05
-----------------------------
19:08:05.689 OS Version: Windows x64 6.2.9200
19:08:05.689 Number of processors: 4 586 0x3A09
19:08:05.689 ComputerName: MSI_HOME UserName: Milz
19:08:08.205 Initialize success
19:08:08.236 VM: initialized successfully
19:08:08.236 VM: Intel CPU supported virtualized
19:08:15.621 VM: disk I/O storahci.sys
19:08:17.574 AVAST engine defs: 16120901
19:08:29.957 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000030
19:08:29.957 Disk 0 Vendor: WDC_WD10EZEX-00RKKA0 80.00A80 Size: 953869MB BusType: 11
19:08:29.957 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000031
19:08:29.957 Disk 1 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 11
19:08:29.972 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000032
19:08:29.972 Disk 2 Vendor: ST3250620AS 3.AAK Size: 238475MB BusType: 11
19:08:30.051 Disk 0 MBR read successfully
19:08:30.051 Disk 0 MBR scan
19:08:30.051 Disk 0 unknown MBR code
19:08:30.066 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
19:08:30.613 Disk 0 scanning C:\WINDOWS\system32\drivers
19:08:38.020 Service scanning
19:08:44.848 Modules scanning
19:08:44.848 Disk 0 trace - called modules:
19:08:44.880 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys
19:08:44.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0006bdef060]
19:08:44.880 3 CLASSPNP.SYS[fffff801d1e67d95] -> nt!IofCallDriver -> [0xffffe0006bbf6e40]
19:08:44.880 5 ACPI.sys[fffff801cff81361] -> nt!IofCallDriver -> \Device\00000030[0xffffe0006bbf9060]
19:08:45.864 AVAST engine scan C:\WINDOWS
19:08:46.755 AVAST engine scan C:\WINDOWS\system32
19:10:03.452 AVAST engine scan C:\WINDOWS\system32\drivers
19:10:14.540 AVAST engine scan C:\Users\Milan
19:12:56.349 File: C:\Users\Milan\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
19:14:24.136 AVAST engine scan C:\ProgramData
19:16:36.427 Disk 0 statistics 1207531/0/0 @ 1,57 MB/s
19:16:36.427 Scan finished successfully
19:17:35.619 Disk 0 MBR has been saved successfully to "C:\Users\Milan\Desktop\MBR.dat"
19:17:35.619 The log file has been saved successfully to "C:\Users\Milan\Desktop\aswMBR.txt"
Run date: 2016-12-09 19:08:05
-----------------------------
19:08:05.689 OS Version: Windows x64 6.2.9200
19:08:05.689 Number of processors: 4 586 0x3A09
19:08:05.689 ComputerName: MSI_HOME UserName: Milz
19:08:08.205 Initialize success
19:08:08.236 VM: initialized successfully
19:08:08.236 VM: Intel CPU supported virtualized
19:08:15.621 VM: disk I/O storahci.sys
19:08:17.574 AVAST engine defs: 16120901
19:08:29.957 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000030
19:08:29.957 Disk 0 Vendor: WDC_WD10EZEX-00RKKA0 80.00A80 Size: 953869MB BusType: 11
19:08:29.957 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000031
19:08:29.957 Disk 1 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 11
19:08:29.972 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000032
19:08:29.972 Disk 2 Vendor: ST3250620AS 3.AAK Size: 238475MB BusType: 11
19:08:30.051 Disk 0 MBR read successfully
19:08:30.051 Disk 0 MBR scan
19:08:30.051 Disk 0 unknown MBR code
19:08:30.066 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
19:08:30.613 Disk 0 scanning C:\WINDOWS\system32\drivers
19:08:38.020 Service scanning
19:08:44.848 Modules scanning
19:08:44.848 Disk 0 trace - called modules:
19:08:44.880 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys
19:08:44.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0006bdef060]
19:08:44.880 3 CLASSPNP.SYS[fffff801d1e67d95] -> nt!IofCallDriver -> [0xffffe0006bbf6e40]
19:08:44.880 5 ACPI.sys[fffff801cff81361] -> nt!IofCallDriver -> \Device\00000030[0xffffe0006bbf9060]
19:08:45.864 AVAST engine scan C:\WINDOWS
19:08:46.755 AVAST engine scan C:\WINDOWS\system32
19:10:03.452 AVAST engine scan C:\WINDOWS\system32\drivers
19:10:14.540 AVAST engine scan C:\Users\Milan
19:12:56.349 File: C:\Users\Milan\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
19:14:24.136 AVAST engine scan C:\ProgramData
19:16:36.427 Disk 0 statistics 1207531/0/0 @ 1,57 MB/s
19:16:36.427 Scan finished successfully
19:17:35.619 Disk 0 MBR has been saved successfully to "C:\Users\Milan\Desktop\MBR.dat"
19:17:35.619 The log file has been saved successfully to "C:\Users\Milan\Desktop\aswMBR.txt"
-
milancz
- Level 3
- Příspěvky: 400
- Registrován: srpen 08
- Bydliště: České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
Zemana AntiMalware 2.70.2.25 (nainstalovaný)
-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2016/12/9
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BIOS Mode : UEFI
CUID : 128D2C767C03BA8501F095
Scan Type : System Scan
Duration : 6m 32s
Scanned Objects : 107775
Detected Objects : 1
Excluded Objects : 0
Read Level : Normal
Auto Upload : Vypnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Soubor hosts
Status : Skenováno
Object : %systemroot%\system32\drivers\etc\hosts
MD5 : B45F8BBB8580502550FB714DF5B7E19F
Publisher : -
Size : 753
Version : -
Detection : Změna v hosts souboru
Cleaning Action : Opravit
Related Objects :
Soubor hosts - 127.0.0.1 - ca
Soubor - %systemroot%\system32\drivers\etc\hosts
Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0
-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2016/12/9
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BIOS Mode : UEFI
CUID : 128D2C767C03BA8501F095
Scan Type : System Scan
Duration : 6m 32s
Scanned Objects : 107775
Detected Objects : 1
Excluded Objects : 0
Read Level : Normal
Auto Upload : Vypnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Soubor hosts
Status : Skenováno
Object : %systemroot%\system32\drivers\etc\hosts
MD5 : B45F8BBB8580502550FB714DF5B7E19F
Publisher : -
Size : 753
Version : -
Detection : Změna v hosts souboru
Cleaning Action : Opravit
Related Objects :
Soubor hosts - 127.0.0.1 - ca
Soubor - %systemroot%\system32\drivers\etc\hosts
Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0
-
milancz
- Level 3
- Příspěvky: 400
- Registrován: srpen 08
- Bydliště: České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Milz (administrator) on MSI_HOME (09-12-2016 19:28:13)
Running from C:\Users\Milan\Desktop
Loaded Profiles: Milz (Available Profiles: Milz)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057408 2012-06-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819048 2016-11-11] (Google)
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\RunOnce: [Uninstall C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-15] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2016-12-06]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{f9d4fdb8-0e8f-424e-8e19-7dd26c417fb2}: [DhcpNameServer] 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {2137A133-F838-4C2C-B5D5-87B66F0A751D} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {4EB37233-050F-4235-92B7-CB7A9E87355A} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {556085BB-8626-46AB-BF25-45242389416C} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {56D23827-7125-4731-B5FC-EEDBA4BA3651} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {9FBE5682-DE6E-4206-9A4A-140A2CB91A99} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {BF3670C2-090F-4604-9AFC-B127FCFF4754} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {DBEF27A1-48F2-486B-B357-40411FEB5624} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {E30BDFC0-C20B-47CA-9C9B-845A154082F5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-12] (Oracle Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> hxxp://www.google.com
FireFox:
========
FF DefaultProfile: z4ox15ht.default
FF ProfilePath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default [2016-12-08]
FF NewTab: Mozilla\Firefox\Profiles\z4ox15ht.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\z4ox15ht.default -> about:home
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-12] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2956889099-2159444239-4127303854-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Milan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Prezentace Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-07]
CHR Extension: (Dokumenty Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-07]
CHR Extension: (Disk Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-07]
CHR Extension: (YouTube) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-07]
CHR Extension: (Tabulky Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-07]
CHR Extension: (Gmail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-07]
CHR HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-15]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-15] (AVAST Software)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 a016bus; C:\WINDOWS\System32\drivers\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\WINDOWS\System32\drivers\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\WINDOWS\System32\drivers\a016obex.sys [125480 2008-01-18] (MCCI Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-05-15] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-05-15] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [107792 2016-05-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-15] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1070904 2016-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [465792 2016-05-15] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [166432 2016-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2015-04-04] (Intel Corporation)
R3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 s0016bus; C:\WINDOWS\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\WINDOWS\System32\drivers\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\WINDOWS\System32\drivers\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\WINDOWS\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\WINDOWS\System32\drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\WINDOWS\System32\drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\WINDOWS\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 s1018bus; C:\WINDOWS\System32\drivers\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\WINDOWS\System32\drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\WINDOWS\System32\drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\WINDOWS\System32\drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 s1029bus; C:\WINDOWS\System32\drivers\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\WINDOWS\System32\drivers\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\WINDOWS\System32\drivers\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\WINDOWS\System32\drivers\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
S3 s1039bus; C:\WINDOWS\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\WINDOWS\System32\drivers\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\WINDOWS\System32\drivers\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\WINDOWS\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S3 s916bus; C:\WINDOWS\System32\drivers\s916bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s916mgmt; C:\WINDOWS\System32\drivers\s916mgmt.sys [130088 2007-11-02] (MCCI Corporation)
S3 s916obex; C:\WINDOWS\System32\drivers\s916obex.sys [124968 2007-11-02] (MCCI Corporation)
S3 se3ebus; C:\WINDOWS\System32\drivers\se3ebus.sys [107784 2007-04-10] (MCCI Corporation)
S3 se3emgmt; C:\WINDOWS\System32\drivers\se3emgmt.sys [126216 2007-04-10] (MCCI Corporation)
S3 se3eobex; C:\WINDOWS\System32\drivers\se3eobex.sys [123144 2007-04-10] (MCCI Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-06] (Zemana Ltd.)
U3 aswMBR; C:\Users\Milan\AppData\Local\Temp\aswMBR.sys [62728 2016-12-09] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-09 19:28 - 2016-12-09 19:28 - 00019817 _____ C:\Users\Milan\Desktop\FRST.txt
2016-12-09 19:28 - 2016-12-09 19:28 - 00000000 ____D C:\FRST
2016-12-09 19:23 - 2016-12-09 19:27 - 02420224 _____ (Farbar) C:\Users\Milan\Desktop\FRST64.exe
2016-12-09 19:17 - 2016-12-09 19:17 - 00002366 _____ C:\Users\Milan\Desktop\aswMBR.txt
2016-12-09 19:17 - 2016-12-09 19:17 - 00000512 _____ C:\Users\Milan\Desktop\MBR.dat
2016-12-09 19:07 - 2016-12-09 19:08 - 05200384 _____ (AVAST Software) C:\Users\Milan\Desktop\aswmbr.exe
2016-12-08 20:38 - 2016-12-08 20:38 - 00000000 ____D C:\Users\Milan\AppData\Local\GHISLER
2016-12-08 19:08 - 2016-12-08 19:08 - 00000000 ____D C:\Users\Milan\.QtWebEngineProcess
2016-12-08 19:08 - 2016-12-08 19:08 - 00000000 ____D C:\Users\Milan\.Plays.tv
2016-12-08 19:08 - 2016-12-08 19:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-08 19:06 - 2016-12-08 19:15 - 00000000 ____D C:\Users\Milan\AppData\Roaming\PlaysTV
2016-12-08 19:04 - 2016-12-08 19:05 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-12-08 19:02 - 2016-12-08 19:02 - 00026344 _____ C:\Users\Milan\Downloads\[CzT]Hookup_Hotshot_094_Arya_Fae_Anal_Text_2016_1080p_.torrent
2016-12-08 18:11 - 2016-12-08 18:11 - 00003326 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-12-08 18:10 - 2016-12-08 18:10 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Skype
2016-12-07 20:01 - 2016-12-07 20:01 - 00000000 ____D C:\Users\Milan\AppData\Local\ActiveSync
2016-12-07 19:57 - 2016-12-07 19:57 - 00000000 ____D C:\Users\Milan\AppData\Temp
2016-12-07 19:57 - 2016-12-07 19:44 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-12-07 19:44 - 2016-12-07 19:56 - 00000000 ____D C:\zoek_backup
2016-12-07 19:43 - 2016-12-07 19:44 - 01309184 _____ C:\Users\Milan\Desktop\zoek.exe
2016-12-06 19:41 - 2016-12-09 19:28 - 00180389 _____ C:\WINDOWS\ZAM.krnl.trace
2016-12-06 19:41 - 2016-12-09 19:28 - 00145626 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-12-06 19:41 - 2016-12-06 19:41 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-12-06 19:41 - 2016-12-06 19:41 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-12-06 19:41 - 2016-12-06 19:41 - 00000000 ____D C:\Users\Milan\AppData\Local\Zemana
2016-12-06 19:41 - 2016-12-06 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-12-06 19:41 - 2016-12-06 19:41 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-06 19:22 - 2016-12-06 19:22 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-12-06 19:22 - 2016-12-06 19:22 - 00000000 ____D C:\ProgramData\Sophos
2016-12-06 19:22 - 2016-12-06 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-12-06 19:22 - 2016-12-06 19:22 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-12-06 19:20 - 2016-12-06 19:20 - 00001136 _____ C:\Users\Milan\Desktop\mbam2.txt
2016-12-06 19:13 - 2016-12-06 19:53 - 25550920 _____ C:\Users\Milan\Desktop\RogueKillerX64.exe
2016-12-06 19:12 - 2016-12-06 19:41 - 05431336 _____ ( ) C:\Users\Milan\Desktop\Zemana.AntiMalware.Setup.exe
2016-12-06 19:11 - 2016-12-06 19:21 - 157310216 _____ (Sophos Limited) C:\Users\Milan\Desktop\Sophos Virus Removal Tool.exe
2016-12-06 17:09 - 2016-12-06 17:09 - 00001869 _____ C:\Users\Milan\Desktop\mbam.txt
2016-12-06 16:59 - 2016-12-06 16:59 - 00000719 _____ C:\Users\Milan\Desktop\JRT.txt
2016-12-06 16:55 - 2016-12-06 16:55 - 00000000 ____D C:\Users\Milan\AppData\Local\CEF
2016-12-06 16:55 - 2016-12-06 16:55 - 00000000 ____D C:\Users\Milan\AppData\Local\Adobe
2016-12-06 16:53 - 2016-12-06 16:53 - 00000000 ____D C:\Users\Milan\AppData\Local\ABBYY
2016-12-06 16:52 - 2016-12-06 16:57 - 01631928 _____ (Malwarebytes) C:\Users\Milan\Desktop\JRT.exe
2016-12-05 21:27 - 2016-12-05 21:27 - 22851472 _____ (Malwarebytes ) C:\Users\Milan\Desktop\mbam-setup-2.2.1.1043.exe
2016-12-05 21:23 - 2016-12-05 21:24 - 03968464 _____ C:\Users\Milan\Desktop\AdwCleaner.exe
2016-12-05 21:17 - 2016-12-05 21:17 - 00448512 _____ (OldTimer Tools) C:\Users\Milan\Desktop\TFC.exe
2016-12-05 21:14 - 2016-12-05 21:15 - 00050688 _____ (Atribune.org) C:\Users\Milan\Desktop\ATF-Cleaner.exe
2016-12-05 16:05 - 2016-12-05 16:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Milan\Desktop\HijackThis.exe
2016-12-02 15:56 - 2016-12-02 15:56 - 00038856 _____ C:\Users\Milan\Desktop\validace.pdf
2016-12-02 11:43 - 2016-12-09 19:05 - 00000000 ___RD C:\Users\Milan\Disk Google
2016-12-02 11:43 - 2016-12-06 19:08 - 00001777 _____ C:\Users\Milan\Desktop\Disk Google.lnk
2016-12-02 11:27 - 2016-12-06 19:08 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-12-02 11:27 - 2016-12-06 19:08 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-12-02 11:27 - 2016-12-06 19:08 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-12-02 11:27 - 2016-12-02 11:27 - 01065376 _____ (Google Inc.) C:\Users\Milan\Downloads\googledrivesync.exe
2016-12-02 11:27 - 2016-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-27 16:15 - 2016-11-27 16:15 - 01052758 _____ C:\Users\Milan\Downloads\podaci_listek.pdf
2016-11-26 13:05 - 2016-11-26 13:05 - 01072246 _____ C:\Users\Milan\Downloads\Ford-Edge-Top-Edition.pdf
2016-11-26 12:57 - 2016-11-26 12:57 - 00847756 _____ C:\Users\Milan\Downloads\odstoupeni-od-kupni-smlouvy-uzavrene-pres-internet-ci-po-telefonu.pdf
2016-11-22 19:07 - 2016-11-22 19:07 - 01119168 _____ C:\Users\Milan\Desktop\formulář NZ.tiff
2016-11-15 19:34 - 2016-12-08 19:03 - 00001921 _____ C:\Users\Public\Desktop\Vuze.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-09 19:19 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-09 19:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-09 19:05 - 2016-01-02 21:26 - 00000000 ____D C:\Users\Milan\AppData\Local\CrashDumps
2016-12-09 19:03 - 2016-03-27 07:52 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-08 20:03 - 2015-11-07 15:07 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Azureus
2016-12-08 20:02 - 2015-11-07 15:02 - 00000000 ____D C:\Users\Milan\AppData\Roaming\vlc
2016-12-08 19:23 - 2016-01-02 09:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-08 19:18 - 2016-09-27 09:33 - 00000000 ____D C:\Users\Milan\AppData\Roaming\TeamViewer
2016-12-08 19:17 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-12-08 19:16 - 2015-11-06 06:08 - 00000000 ____D C:\Users\Milan\AppData\Local\Packages
2016-12-08 19:08 - 2015-12-02 17:49 - 00000000 ____D C:\Users\Milan
2016-12-08 19:03 - 2015-11-07 15:07 - 00001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-12-08 19:03 - 2015-11-07 15:07 - 00000000 ____D C:\Program Files (x86)\Vuze
2016-12-08 18:11 - 2015-11-06 14:38 - 00002391 _____ C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-08 18:11 - 2015-08-01 17:00 - 00000000 ___RD C:\Users\Milan\OneDrive
2016-12-08 18:03 - 2015-11-07 15:44 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-12-07 20:05 - 2015-11-06 06:07 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-07 20:05 - 2015-10-30 19:31 - 00750030 _____ C:\WINDOWS\system32\perfh005.dat
2016-12-07 20:05 - 2015-10-30 19:31 - 00150654 _____ C:\WINDOWS\system32\perfc005.dat
2016-12-07 19:59 - 2016-03-08 20:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-12-07 19:59 - 2015-12-02 17:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-07 19:58 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-07 19:55 - 2015-11-06 05:30 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-07 19:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-12-07 19:10 - 2016-01-02 14:58 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-06 19:09 - 2016-09-27 09:33 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-12-06 19:09 - 2016-05-15 14:34 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-06 19:09 - 2016-05-12 20:13 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-12-06 19:09 - 2016-03-27 07:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-06 19:09 - 2015-12-02 17:52 - 00001552 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-06 19:09 - 2015-11-27 18:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-06 19:09 - 2015-11-10 20:32 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-06 19:09 - 2015-11-07 15:44 - 00002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-12-06 19:08 - 2016-10-29 20:57 - 00000907 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-06 19:08 - 2016-09-27 09:33 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-12-06 19:08 - 2016-08-12 13:41 - 00001328 _____ C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Remote.lnk
2016-12-06 19:08 - 2016-08-12 13:39 - 00001286 _____ C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-12-06 19:08 - 2016-01-13 17:55 - 00001281 _____ C:\Users\Milan\Desktop\Tisk Obalek.lnk
2016-12-06 19:08 - 2016-01-02 08:59 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-06 19:08 - 2015-12-06 17:26 - 00002230 _____ C:\Users\Public\Desktop\Media Impression 2.lnk
2016-12-06 19:08 - 2015-12-06 17:15 - 00001007 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-12-06 19:08 - 2015-11-07 14:12 - 00001801 _____ C:\Users\Milan\Desktop\FarmingSimulator2015Game.lnk
2016-12-06 19:08 - 2015-07-30 08:04 - 00002173 _____ C:\Users\Milan\Desktop\Minecraft.lnk
2016-12-06 17:16 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-12-06 16:43 - 2016-07-30 06:03 - 00000000 ____D C:\AdwCleaner
2016-12-05 21:35 - 2016-01-07 04:03 - 00000000 ____D C:\Users\Milan\AppData\Local\Comms
2016-12-05 21:28 - 2016-01-02 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-05 21:28 - 2016-01-02 08:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-05 21:20 - 2015-12-02 17:41 - 00350264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-02 11:27 - 2015-11-07 13:29 - 00000000 ____D C:\Users\Milan\AppData\Local\Google
2016-12-02 11:27 - 2015-11-07 13:29 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-23 19:52 - 2014-09-14 08:09 - 00000000 ____D C:\Winterhalter
2016-11-10 19:15 - 2015-11-27 18:56 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2015-11-30 22:43 - 2015-11-30 22:43 - 0099384 _____ () C:\Users\Milan\AppData\Roaming\inst.exe
2015-11-30 22:43 - 2015-11-30 22:43 - 0007859 _____ () C:\Users\Milan\AppData\Roaming\pcouffin.cat
2015-11-30 22:43 - 2015-11-30 22:43 - 0001167 _____ () C:\Users\Milan\AppData\Roaming\pcouffin.inf
2015-11-30 22:44 - 2015-11-30 22:44 - 0000034 _____ () C:\Users\Milan\AppData\Roaming\pcouffin.log
2015-11-30 22:43 - 2015-11-30 22:43 - 0082816 _____ (VSO Software) C:\Users\Milan\AppData\Roaming\pcouffin.sys
2015-11-30 22:44 - 2015-11-30 22:45 - 0001041 _____ () C:\Users\Milan\AppData\Roaming\vso_ts_preview.xml
2015-11-12 21:51 - 2012-07-16 17:28 - 0024772 _____ () C:\ProgramData\P1100DEF.css
2015-11-12 21:51 - 2015-11-12 21:51 - 0004188 _____ () C:\ProgramData\P1100OS.HTM
2015-11-12 21:51 - 2012-07-16 17:28 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF
Some files in TEMP:
====================
C:\Users\Milan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Milan\AppData\Local\Temp\playstv_patch.exe
C:\Users\Milan\AppData\Local\Temp\raptrpatch.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-24 06:29
==================== End of FRST.txt ============================
Ran by Milz (administrator) on MSI_HOME (09-12-2016 19:28:13)
Running from C:\Users\Milan\Desktop
Loaded Profiles: Milz (Available Profiles: Milz)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057408 2012-06-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819048 2016-11-11] (Google)
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\RunOnce: [Uninstall C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-15] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2016-12-06]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{f9d4fdb8-0e8f-424e-8e19-7dd26c417fb2}: [DhcpNameServer] 10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {2137A133-F838-4C2C-B5D5-87B66F0A751D} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {4EB37233-050F-4235-92B7-CB7A9E87355A} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {556085BB-8626-46AB-BF25-45242389416C} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {56D23827-7125-4731-B5FC-EEDBA4BA3651} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {9FBE5682-DE6E-4206-9A4A-140A2CB91A99} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {BF3670C2-090F-4604-9AFC-B127FCFF4754} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {DBEF27A1-48F2-486B-B357-40411FEB5624} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {E30BDFC0-C20B-47CA-9C9B-845A154082F5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-12] (Oracle Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> hxxp://www.google.com
FireFox:
========
FF DefaultProfile: z4ox15ht.default
FF ProfilePath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\z4ox15ht.default [2016-12-08]
FF NewTab: Mozilla\Firefox\Profiles\z4ox15ht.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\z4ox15ht.default -> about:home
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-12] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2956889099-2159444239-4127303854-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Milan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Prezentace Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-07]
CHR Extension: (Dokumenty Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-07]
CHR Extension: (Disk Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-07]
CHR Extension: (YouTube) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-07]
CHR Extension: (Tabulky Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-07]
CHR Extension: (Gmail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-07]
CHR HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-15]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-15] (AVAST Software)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 a016bus; C:\WINDOWS\System32\drivers\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\WINDOWS\System32\drivers\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\WINDOWS\System32\drivers\a016obex.sys [125480 2008-01-18] (MCCI Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-05-15] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-05-15] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [107792 2016-05-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-15] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1070904 2016-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [465792 2016-05-15] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [166432 2016-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2015-04-04] (Intel Corporation)
R3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 s0016bus; C:\WINDOWS\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\WINDOWS\System32\drivers\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\WINDOWS\System32\drivers\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\WINDOWS\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\WINDOWS\System32\drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\WINDOWS\System32\drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\WINDOWS\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 s1018bus; C:\WINDOWS\System32\drivers\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\WINDOWS\System32\drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\WINDOWS\System32\drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\WINDOWS\System32\drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 s1029bus; C:\WINDOWS\System32\drivers\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\WINDOWS\System32\drivers\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\WINDOWS\System32\drivers\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\WINDOWS\System32\drivers\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
S3 s1039bus; C:\WINDOWS\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\WINDOWS\System32\drivers\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\WINDOWS\System32\drivers\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\WINDOWS\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S3 s916bus; C:\WINDOWS\System32\drivers\s916bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s916mgmt; C:\WINDOWS\System32\drivers\s916mgmt.sys [130088 2007-11-02] (MCCI Corporation)
S3 s916obex; C:\WINDOWS\System32\drivers\s916obex.sys [124968 2007-11-02] (MCCI Corporation)
S3 se3ebus; C:\WINDOWS\System32\drivers\se3ebus.sys [107784 2007-04-10] (MCCI Corporation)
S3 se3emgmt; C:\WINDOWS\System32\drivers\se3emgmt.sys [126216 2007-04-10] (MCCI Corporation)
S3 se3eobex; C:\WINDOWS\System32\drivers\se3eobex.sys [123144 2007-04-10] (MCCI Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-06] (Zemana Ltd.)
U3 aswMBR; C:\Users\Milan\AppData\Local\Temp\aswMBR.sys [62728 2016-12-09] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-09 19:28 - 2016-12-09 19:28 - 00019817 _____ C:\Users\Milan\Desktop\FRST.txt
2016-12-09 19:28 - 2016-12-09 19:28 - 00000000 ____D C:\FRST
2016-12-09 19:23 - 2016-12-09 19:27 - 02420224 _____ (Farbar) C:\Users\Milan\Desktop\FRST64.exe
2016-12-09 19:17 - 2016-12-09 19:17 - 00002366 _____ C:\Users\Milan\Desktop\aswMBR.txt
2016-12-09 19:17 - 2016-12-09 19:17 - 00000512 _____ C:\Users\Milan\Desktop\MBR.dat
2016-12-09 19:07 - 2016-12-09 19:08 - 05200384 _____ (AVAST Software) C:\Users\Milan\Desktop\aswmbr.exe
2016-12-08 20:38 - 2016-12-08 20:38 - 00000000 ____D C:\Users\Milan\AppData\Local\GHISLER
2016-12-08 19:08 - 2016-12-08 19:08 - 00000000 ____D C:\Users\Milan\.QtWebEngineProcess
2016-12-08 19:08 - 2016-12-08 19:08 - 00000000 ____D C:\Users\Milan\.Plays.tv
2016-12-08 19:08 - 2016-12-08 19:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-08 19:06 - 2016-12-08 19:15 - 00000000 ____D C:\Users\Milan\AppData\Roaming\PlaysTV
2016-12-08 19:04 - 2016-12-08 19:05 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-12-08 19:02 - 2016-12-08 19:02 - 00026344 _____ C:\Users\Milan\Downloads\[CzT]Hookup_Hotshot_094_Arya_Fae_Anal_Text_2016_1080p_.torrent
2016-12-08 18:11 - 2016-12-08 18:11 - 00003326 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-12-08 18:10 - 2016-12-08 18:10 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Skype
2016-12-07 20:01 - 2016-12-07 20:01 - 00000000 ____D C:\Users\Milan\AppData\Local\ActiveSync
2016-12-07 19:57 - 2016-12-07 19:57 - 00000000 ____D C:\Users\Milan\AppData\Temp
2016-12-07 19:57 - 2016-12-07 19:44 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-12-07 19:44 - 2016-12-07 19:56 - 00000000 ____D C:\zoek_backup
2016-12-07 19:43 - 2016-12-07 19:44 - 01309184 _____ C:\Users\Milan\Desktop\zoek.exe
2016-12-06 19:41 - 2016-12-09 19:28 - 00180389 _____ C:\WINDOWS\ZAM.krnl.trace
2016-12-06 19:41 - 2016-12-09 19:28 - 00145626 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-12-06 19:41 - 2016-12-06 19:41 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-12-06 19:41 - 2016-12-06 19:41 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-12-06 19:41 - 2016-12-06 19:41 - 00000000 ____D C:\Users\Milan\AppData\Local\Zemana
2016-12-06 19:41 - 2016-12-06 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-12-06 19:41 - 2016-12-06 19:41 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-06 19:22 - 2016-12-06 19:22 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-12-06 19:22 - 2016-12-06 19:22 - 00000000 ____D C:\ProgramData\Sophos
2016-12-06 19:22 - 2016-12-06 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-12-06 19:22 - 2016-12-06 19:22 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-12-06 19:20 - 2016-12-06 19:20 - 00001136 _____ C:\Users\Milan\Desktop\mbam2.txt
2016-12-06 19:13 - 2016-12-06 19:53 - 25550920 _____ C:\Users\Milan\Desktop\RogueKillerX64.exe
2016-12-06 19:12 - 2016-12-06 19:41 - 05431336 _____ ( ) C:\Users\Milan\Desktop\Zemana.AntiMalware.Setup.exe
2016-12-06 19:11 - 2016-12-06 19:21 - 157310216 _____ (Sophos Limited) C:\Users\Milan\Desktop\Sophos Virus Removal Tool.exe
2016-12-06 17:09 - 2016-12-06 17:09 - 00001869 _____ C:\Users\Milan\Desktop\mbam.txt
2016-12-06 16:59 - 2016-12-06 16:59 - 00000719 _____ C:\Users\Milan\Desktop\JRT.txt
2016-12-06 16:55 - 2016-12-06 16:55 - 00000000 ____D C:\Users\Milan\AppData\Local\CEF
2016-12-06 16:55 - 2016-12-06 16:55 - 00000000 ____D C:\Users\Milan\AppData\Local\Adobe
2016-12-06 16:53 - 2016-12-06 16:53 - 00000000 ____D C:\Users\Milan\AppData\Local\ABBYY
2016-12-06 16:52 - 2016-12-06 16:57 - 01631928 _____ (Malwarebytes) C:\Users\Milan\Desktop\JRT.exe
2016-12-05 21:27 - 2016-12-05 21:27 - 22851472 _____ (Malwarebytes ) C:\Users\Milan\Desktop\mbam-setup-2.2.1.1043.exe
2016-12-05 21:23 - 2016-12-05 21:24 - 03968464 _____ C:\Users\Milan\Desktop\AdwCleaner.exe
2016-12-05 21:17 - 2016-12-05 21:17 - 00448512 _____ (OldTimer Tools) C:\Users\Milan\Desktop\TFC.exe
2016-12-05 21:14 - 2016-12-05 21:15 - 00050688 _____ (Atribune.org) C:\Users\Milan\Desktop\ATF-Cleaner.exe
2016-12-05 16:05 - 2016-12-05 16:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Milan\Desktop\HijackThis.exe
2016-12-02 15:56 - 2016-12-02 15:56 - 00038856 _____ C:\Users\Milan\Desktop\validace.pdf
2016-12-02 11:43 - 2016-12-09 19:05 - 00000000 ___RD C:\Users\Milan\Disk Google
2016-12-02 11:43 - 2016-12-06 19:08 - 00001777 _____ C:\Users\Milan\Desktop\Disk Google.lnk
2016-12-02 11:27 - 2016-12-06 19:08 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-12-02 11:27 - 2016-12-06 19:08 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-12-02 11:27 - 2016-12-06 19:08 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-12-02 11:27 - 2016-12-02 11:27 - 01065376 _____ (Google Inc.) C:\Users\Milan\Downloads\googledrivesync.exe
2016-12-02 11:27 - 2016-12-02 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-27 16:15 - 2016-11-27 16:15 - 01052758 _____ C:\Users\Milan\Downloads\podaci_listek.pdf
2016-11-26 13:05 - 2016-11-26 13:05 - 01072246 _____ C:\Users\Milan\Downloads\Ford-Edge-Top-Edition.pdf
2016-11-26 12:57 - 2016-11-26 12:57 - 00847756 _____ C:\Users\Milan\Downloads\odstoupeni-od-kupni-smlouvy-uzavrene-pres-internet-ci-po-telefonu.pdf
2016-11-22 19:07 - 2016-11-22 19:07 - 01119168 _____ C:\Users\Milan\Desktop\formulář NZ.tiff
2016-11-15 19:34 - 2016-12-08 19:03 - 00001921 _____ C:\Users\Public\Desktop\Vuze.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-09 19:19 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-09 19:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-09 19:05 - 2016-01-02 21:26 - 00000000 ____D C:\Users\Milan\AppData\Local\CrashDumps
2016-12-09 19:03 - 2016-03-27 07:52 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-08 20:03 - 2015-11-07 15:07 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Azureus
2016-12-08 20:02 - 2015-11-07 15:02 - 00000000 ____D C:\Users\Milan\AppData\Roaming\vlc
2016-12-08 19:23 - 2016-01-02 09:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-08 19:18 - 2016-09-27 09:33 - 00000000 ____D C:\Users\Milan\AppData\Roaming\TeamViewer
2016-12-08 19:17 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-12-08 19:16 - 2015-11-06 06:08 - 00000000 ____D C:\Users\Milan\AppData\Local\Packages
2016-12-08 19:08 - 2015-12-02 17:49 - 00000000 ____D C:\Users\Milan
2016-12-08 19:03 - 2015-11-07 15:07 - 00001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-12-08 19:03 - 2015-11-07 15:07 - 00000000 ____D C:\Program Files (x86)\Vuze
2016-12-08 18:11 - 2015-11-06 14:38 - 00002391 _____ C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-08 18:11 - 2015-08-01 17:00 - 00000000 ___RD C:\Users\Milan\OneDrive
2016-12-08 18:03 - 2015-11-07 15:44 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-12-07 20:05 - 2015-11-06 06:07 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-07 20:05 - 2015-10-30 19:31 - 00750030 _____ C:\WINDOWS\system32\perfh005.dat
2016-12-07 20:05 - 2015-10-30 19:31 - 00150654 _____ C:\WINDOWS\system32\perfc005.dat
2016-12-07 19:59 - 2016-03-08 20:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-12-07 19:59 - 2015-12-02 17:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-07 19:58 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-07 19:55 - 2015-11-06 05:30 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-07 19:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-12-07 19:10 - 2016-01-02 14:58 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-06 19:09 - 2016-09-27 09:33 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-12-06 19:09 - 2016-05-15 14:34 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-06 19:09 - 2016-05-12 20:13 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-12-06 19:09 - 2016-03-27 07:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-06 19:09 - 2015-12-02 17:52 - 00001552 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-06 19:09 - 2015-11-27 18:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-06 19:09 - 2015-11-10 20:32 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-06 19:09 - 2015-11-07 15:44 - 00002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-12-06 19:08 - 2016-10-29 20:57 - 00000907 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-06 19:08 - 2016-09-27 09:33 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-12-06 19:08 - 2016-08-12 13:41 - 00001328 _____ C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Remote.lnk
2016-12-06 19:08 - 2016-08-12 13:39 - 00001286 _____ C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-12-06 19:08 - 2016-01-13 17:55 - 00001281 _____ C:\Users\Milan\Desktop\Tisk Obalek.lnk
2016-12-06 19:08 - 2016-01-02 08:59 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-06 19:08 - 2015-12-06 17:26 - 00002230 _____ C:\Users\Public\Desktop\Media Impression 2.lnk
2016-12-06 19:08 - 2015-12-06 17:15 - 00001007 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-12-06 19:08 - 2015-11-07 14:12 - 00001801 _____ C:\Users\Milan\Desktop\FarmingSimulator2015Game.lnk
2016-12-06 19:08 - 2015-07-30 08:04 - 00002173 _____ C:\Users\Milan\Desktop\Minecraft.lnk
2016-12-06 17:16 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-12-06 16:43 - 2016-07-30 06:03 - 00000000 ____D C:\AdwCleaner
2016-12-05 21:35 - 2016-01-07 04:03 - 00000000 ____D C:\Users\Milan\AppData\Local\Comms
2016-12-05 21:28 - 2016-01-02 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-05 21:28 - 2016-01-02 08:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-05 21:20 - 2015-12-02 17:41 - 00350264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-02 11:27 - 2015-11-07 13:29 - 00000000 ____D C:\Users\Milan\AppData\Local\Google
2016-12-02 11:27 - 2015-11-07 13:29 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-23 19:52 - 2014-09-14 08:09 - 00000000 ____D C:\Winterhalter
2016-11-10 19:15 - 2015-11-27 18:56 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2015-11-30 22:43 - 2015-11-30 22:43 - 0099384 _____ () C:\Users\Milan\AppData\Roaming\inst.exe
2015-11-30 22:43 - 2015-11-30 22:43 - 0007859 _____ () C:\Users\Milan\AppData\Roaming\pcouffin.cat
2015-11-30 22:43 - 2015-11-30 22:43 - 0001167 _____ () C:\Users\Milan\AppData\Roaming\pcouffin.inf
2015-11-30 22:44 - 2015-11-30 22:44 - 0000034 _____ () C:\Users\Milan\AppData\Roaming\pcouffin.log
2015-11-30 22:43 - 2015-11-30 22:43 - 0082816 _____ (VSO Software) C:\Users\Milan\AppData\Roaming\pcouffin.sys
2015-11-30 22:44 - 2015-11-30 22:45 - 0001041 _____ () C:\Users\Milan\AppData\Roaming\vso_ts_preview.xml
2015-11-12 21:51 - 2012-07-16 17:28 - 0024772 _____ () C:\ProgramData\P1100DEF.css
2015-11-12 21:51 - 2015-11-12 21:51 - 0004188 _____ () C:\ProgramData\P1100OS.HTM
2015-11-12 21:51 - 2012-07-16 17:28 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF
Some files in TEMP:
====================
C:\Users\Milan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Milan\AppData\Local\Temp\playstv_patch.exe
C:\Users\Milan\AppData\Local\Temp\raptrpatch.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-24 06:29
==================== End of FRST.txt ============================
-
milancz
- Level 3
- Příspěvky: 400
- Registrován: srpen 08
- Bydliště: České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Milz (09-12-2016 19:28:56)
Running from C:\Users\Milan\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-02 17:02:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2956889099-2159444239-4127303854-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2956889099-2159444239-4127303854-503 - Limited - Disabled)
Guest (S-1-5-21-2956889099-2159444239-4127303854-501 - Limited - Disabled)
Milz (S-1-5-21-2956889099-2159444239-4127303854-1001 - Administrator - Enabled) => C:\Users\Milan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.00.1667 RC 1, 30.10.2015 - AIMP DevTeam)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
ConvertXtoDVD 4.0.3.312 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.3.312 - )
Document Capture Pro (HKLM-x32\...\{B4A3C072-87AF-4937-880D-3D7997111C0D}) (Version: 1.01.0000 - Seiko Epson Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{148C8BF9-E1B4-445D-AC67-2CABAE63949A}) (Version: 3.01.0009 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Uživatelská příručka EPSON Perfection V370 Photo (HKLM-x32\...\EPSON Perfection V370 Photo Useg) (Version: - )
Facebook Games for Windows 0.4.0.9 (HKLM-x32\...\{5DDD7E27-5F17-42E8-B035-F8F65A56E82C}) (Version: 0.4.0.9 - Facebook)
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015CZ_is1) (Version: 1.2.0.0 - GIANTS Software)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.5.5258 - Gretech Corporation)
GOM Remote (HKLM-x32\...\GOM Remote) (Version: 2.0.3.0 - Gretech Corporation)
Google Drive (HKLM-x32\...\{8696116E-F4C2-4C64-AD7E-FF365E244FA4}) (Version: 1.32.3889.0961 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.27.17 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{79CA8D8A-8371-4146-8920-C1405318E65E}) (Version: 12.5.26.37 - Hewlett-Packard Company)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft1.5.2 (HKLM-x32\...\Minecraft1.5.2) (Version: - )
Mozilla Firefox 44.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 cs)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Service part catalogue (EN) (HKLM-x32\...\Parts-Publisher (EN) 2396) (Version: 5.0.56.0 - Docware GmbH)
Seznam Software (HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\SeznamInstall) (Version: - Seznam.cz)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Tisk Obalek 3.2.2.9 (HKLM-x32\...\Tisk Obalek_is1) (Version: 3.2.2.9 - Mgr. Radovan Kraus)
TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
XVL Player / XVL Player Pro (HKLM-x32\...\{E95BCA9A-F9ED-48C7-AFB3-4053A0F1E02C}) (Version: 8.6b - Lattice Technology)
XVL Player [Pro] (x32 Version: 8.6 - Lattice Technology Co.,Ltd) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07B5533C-276D-4415-BD7D-A996434732FD} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {12C25D53-370B-4189-B7FD-EFF95725B528} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {1F41F319-94F2-40FB-AE91-C1469A2191AA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {2DCD3870-6B96-4602-A649-DC2BDB9ADC16} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-15] (AVAST Software)
Task: {44278CFA-0323-42F4-A219-CB2EA3406D85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)
Task: {5E67B330-E211-42AC-B56E-E316DEFFF5C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {76001E07-3D12-40E0-AE5A-D06C95DE8DF3} - no filepath
Task: {933605E4-B148-4EE0-90E2-33AF56D0AF7E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {A7919F8B-D561-48D6-9BC2-370A72398964} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {C25C0090-8987-404E-A835-7DC55C18697B} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
Task: {CBD86C98-ACA5-4DB0-BEF4-B5AECD7F8489} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)
Task: {D0BF7E9D-C106-4EB4-A252-792ADE9D4477} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {D208FE45-E25E-4AFE-B457-6A1E28328B5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {E534450D-0102-4395-AD48-4A0F38D33139} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {EC5FAD4E-BEA0-4132-9847-A850D6B10274} - System32\Tasks\HPCeeScheduleForMilz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F76F757C-2F7C-42D2-9AF0-AA2C607EC383} - System32\Tasks\SafeZone scheduled Autoupdate 1463319274 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMilz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-11-12 21:45 - 2012-08-21 16:07 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2015-11-12 21:50 - 2012-08-21 16:07 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 07:16 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 07:16 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-08 18:11 - 2016-12-08 18:11 - 01864384 _____ () C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2015-12-17 22:03 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 07:17 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-15 14:31 - 2016-05-15 14:31 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-15 14:31 - 2016-05-15 14:31 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-07 18:22 - 2016-12-07 18:22 - 03067392 _____ () C:\Program Files\AVAST Software\Avast\defs\16120700\algo.dll
2016-12-07 20:00 - 2016-12-07 20:00 - 03067392 _____ () C:\Program Files\AVAST Software\Avast\defs\16120701\algo.dll
2016-05-15 14:31 - 2016-05-15 14:31 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-15 14:31 - 2016-05-15 14:31 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-09 19:02 - 2016-12-09 19:02 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16120901\algo.dll
2016-01-09 16:15 - 2016-01-09 16:15 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-09 19:03 - 2016-12-09 19:03 - 00098816 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32api.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00110080 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\pywintypes27.dll
2016-12-09 19:03 - 2016-12-09 19:03 - 00364544 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\pythoncom27.dll
2016-12-09 19:03 - 2016-12-09 19:03 - 00320512 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32com.shell.shell.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00914432 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_hashlib.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 01176576 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._core_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00806400 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._gdi_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00816128 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._windows_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 01067008 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._controls_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00733184 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._misc_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00682496 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\pysqlite2._sqlite.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00088064 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_ctypes.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00686080 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\unicodedata.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00119808 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32file.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00108544 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32security.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00007168 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\hashobjs_ext.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00017920 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\thumbnails_ext.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00088064 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\usb_ext.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00012800 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\common.time34.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00018432 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32event.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00167936 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32gui.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00046080 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_socket.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 01303552 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_ssl.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00128512 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_elementtree.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00127488 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\pyexpat.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00038912 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32inet.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00036864 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_psutil_windows.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00525208 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\windows._lib_cacheinvalidation.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00011264 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32crypt.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00123392 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._wizard.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00077312 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._html2.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00027648 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_multiprocessing.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00020480 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_yappi.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00035840 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32process.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00078848 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._animate.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00024064 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32pipe.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00010240 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\select.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00025600 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32pdh.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00017408 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32profile.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00022528 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32ts.pyd
2016-12-08 18:11 - 2016-12-08 18:11 - 01383616 _____ () C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-11-15 19:10 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 19:10 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-11-06 05:30 - 2016-12-09 19:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\Control Panel\Desktop\\Wallpaper -> D:\Dokumenty\BMW\BMW-M5_E28_mp2_pic_54016.jpg
DNS Servers: 10.255.255.10 - 10.255.255.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HPUsageTrackingLEDM"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{73E7ECD1-7CE0-4030-BF07-865FA2881B63}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{840D3202-D25A-4617-B1CE-C27063BD3EF2}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{AA50A656-2204-4B62-A166-F6A9F28CB46B}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{0D579559-BD7B-439A-AF5A-F85D665210EB}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{9C46090E-E914-4D9E-B492-6904D64C48C2}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{5F779887-1211-45A5-9F09-6A3D2E802CFC}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{3C632911-A431-4950-BCB3-1AB680B677A9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2112E877-D29C-4187-8D83-319DAB62B9FA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EC611A0-4D54-4219-A4C7-36893B7C4A69}] => C:\Program Files (x86)\Farming Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{ADFBC892-4562-4F86-99B1-75F29AFD94F4}] => C:\Program Files (x86)\Farming Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{B405B73C-9C1F-4FAA-AFDC-7256B222DBAF}] => C:\Program Files (x86)\Farming Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{417C9C75-A4A5-4806-B8D7-08E6D2CC6B69}] => C:\Program Files (x86)\Farming Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{0F26A885-E649-4472-90BD-F5A91BDCC2C8}] => C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{8FD4884A-D7CA-456E-870E-F56094CAF253}] => C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [TCP Query User{CD7C962B-F399-48D9-ADDC-B34DA32CD48A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F3F3ADEF-AFF4-4C88-8A5E-F0BD344F42F0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{FADF7C66-30F6-480F-9123-A26466C24783}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E34D606C-335C-48FF-AA1F-585B56B8F4D3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{0187E826-3C72-4BB9-B46F-6EFDACB8EAB2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F2D46198-DBFD-45DF-BB78-51720C0984D0}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FBDB7B88-0EAC-4BD1-9C07-ABAB0549F091}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{8BC4F560-CF4C-4140-914B-EA0D174FD5AB}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{B22C3A75-43B6-4068-8AC4-83E30F12F45E}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{C388233C-ECD7-408B-A702-F890082AD4D1}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{D5CF19B5-843B-4B61-98F3-158B5B5C3D3C}C:\program files (x86)\farming simulator 2015\farmingsimulator2015game.exe] => C:\program files (x86)\farming simulator 2015\farmingsimulator2015game.exe
FirewallRules: [UDP Query User{88BE8C47-873A-48A9-9DE6-5E3463FA14F8}C:\program files (x86)\farming simulator 2015\farmingsimulator2015game.exe] => C:\program files (x86)\farming simulator 2015\farmingsimulator2015game.exe
FirewallRules: [{989A3F46-4ECB-4BA3-95CA-6747A0C80B39}] => C:\Program Files (x86)\GRETECH\GomRemote2\GomRemote2.exe
FirewallRules: [{BF515CCF-66A7-451F-976A-984A2D302C28}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{46211B1A-D9D7-47F7-BE75-030F7C1C270D}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{107D962B-CE1C-43DE-9D96-87DB61502FFE}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{445217C6-C43A-4E57-A82D-665077FA6126}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B77A0EF2-E200-42D4-87A9-C308318BA303}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7565DBAA-6923-4A77-8D4D-23BEAF1E4EEA}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{107F93E5-6256-41C8-9DE8-B851EC9D723A}] => C:\Program Files (x86)\Vuze\Azureus.exe
==================== Restore Points =========================
03-07-2016 05:29:07 Chrome Cleanup Tool
14-07-2016 20:29:17 Windows Update
24-07-2016 06:52:59 Naplánovaný kontrolní bod
06-12-2016 16:57:14 JRT Pre-Junkware Removal
07-12-2016 19:45:09 zoek.exe restore point
08-12-2016 19:07:11 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/09/2016 07:05:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x1ec
Čas spuštění chybující aplikace: 0x01d25246e0b314fb
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: 0d425b32-47f0-4029-b25a-f169a12ee201
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:05:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x14a8
Čas spuštění chybující aplikace: 0x01d25246dbf8990d
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: 22817628-8fff-4730-a2aa-0eb697e7acd6
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:05:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x12ec
Čas spuštění chybující aplikace: 0x01d25246d78085ee
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: 264540d6-0d5e-404d-8ef5-81f95b95a304
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:05:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x364
Čas spuštění chybující aplikace: 0x01d25246d2793528
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: c82b0dda-216a-4087-989c-fc8704d01487
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:05:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0xacc
Čas spuštění chybující aplikace: 0x01d25246cd8998cd
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: 524e2523-6688-4578-b967-a7496cc23a36
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:04:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x1dbc
Čas spuštění chybující aplikace: 0x01d252469137915b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: f5de9075-e41a-49cb-b98d-2b30e3897c5c
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/08/2016 07:07:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).
System Error:
Přístup byl odepřen.
.
Error: (12/07/2016 07:45:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).
System Error:
Přístup byl odepřen.
.
Error: (12/07/2016 07:37:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (12/07/2016 07:37:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
System errors:
=============
Error: (12/08/2016 10:56:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_406387 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/08/2016 10:56:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_406387 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/08/2016 10:56:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_406387 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/08/2016 10:56:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_406387 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/08/2016 10:56:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (12/07/2016 09:18:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_4773c byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/07/2016 09:18:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_4773c byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/07/2016 09:18:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_4773c byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/07/2016 09:18:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_4773c byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/07/2016 09:18:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2016-07-20 19:27:49.011
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-17 19:43:53.830
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-17 18:34:44.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-23 19:25:44.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-20 18:17:26.565
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-20 16:27:40.077
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-19 09:48:31.587
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-15 06:48:33.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-15 06:26:42.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-17 19:18:06.602
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 54%
Total physical RAM: 4044.44 MB
Available physical RAM: 1837.85 MB
Total Virtual: 4684.44 MB
Available Virtual: 2264.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:96.36 GB) (Free:4.45 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:833.46 GB) (Free:314.07 GB) NTFS
Drive f: () (Fixed) (Total:488.28 GB) (Free:29.52 GB) NTFS
Drive g: () (Fixed) (Total:443.23 GB) (Free:36.54 GB) NTFS
Drive h: () (Fixed) (Total:232.88 GB) (Free:44.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6E286E28)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 909E53E4)
Partition 1: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: CEF3E9B9)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Ran by Milz (09-12-2016 19:28:56)
Running from C:\Users\Milan\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-02 17:02:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2956889099-2159444239-4127303854-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2956889099-2159444239-4127303854-503 - Limited - Disabled)
Guest (S-1-5-21-2956889099-2159444239-4127303854-501 - Limited - Disabled)
Milz (S-1-5-21-2956889099-2159444239-4127303854-1001 - Administrator - Enabled) => C:\Users\Milan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.00.1667 RC 1, 30.10.2015 - AIMP DevTeam)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
ConvertXtoDVD 4.0.3.312 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.3.312 - )
Document Capture Pro (HKLM-x32\...\{B4A3C072-87AF-4937-880D-3D7997111C0D}) (Version: 1.01.0000 - Seiko Epson Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{148C8BF9-E1B4-445D-AC67-2CABAE63949A}) (Version: 3.01.0009 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Uživatelská příručka EPSON Perfection V370 Photo (HKLM-x32\...\EPSON Perfection V370 Photo Useg) (Version: - )
Facebook Games for Windows 0.4.0.9 (HKLM-x32\...\{5DDD7E27-5F17-42E8-B035-F8F65A56E82C}) (Version: 0.4.0.9 - Facebook)
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015CZ_is1) (Version: 1.2.0.0 - GIANTS Software)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.5.5258 - Gretech Corporation)
GOM Remote (HKLM-x32\...\GOM Remote) (Version: 2.0.3.0 - Gretech Corporation)
Google Drive (HKLM-x32\...\{8696116E-F4C2-4C64-AD7E-FF365E244FA4}) (Version: 1.32.3889.0961 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.27.17 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{79CA8D8A-8371-4146-8920-C1405318E65E}) (Version: 12.5.26.37 - Hewlett-Packard Company)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft1.5.2 (HKLM-x32\...\Minecraft1.5.2) (Version: - )
Mozilla Firefox 44.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 cs)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Service part catalogue (EN) (HKLM-x32\...\Parts-Publisher (EN) 2396) (Version: 5.0.56.0 - Docware GmbH)
Seznam Software (HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\SeznamInstall) (Version: - Seznam.cz)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Tisk Obalek 3.2.2.9 (HKLM-x32\...\Tisk Obalek_is1) (Version: 3.2.2.9 - Mgr. Radovan Kraus)
TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
XVL Player / XVL Player Pro (HKLM-x32\...\{E95BCA9A-F9ED-48C7-AFB3-4053A0F1E02C}) (Version: 8.6b - Lattice Technology)
XVL Player [Pro] (x32 Version: 8.6 - Lattice Technology Co.,Ltd) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07B5533C-276D-4415-BD7D-A996434732FD} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {12C25D53-370B-4189-B7FD-EFF95725B528} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {1F41F319-94F2-40FB-AE91-C1469A2191AA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {2DCD3870-6B96-4602-A649-DC2BDB9ADC16} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-15] (AVAST Software)
Task: {44278CFA-0323-42F4-A219-CB2EA3406D85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)
Task: {5E67B330-E211-42AC-B56E-E316DEFFF5C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {76001E07-3D12-40E0-AE5A-D06C95DE8DF3} - no filepath
Task: {933605E4-B148-4EE0-90E2-33AF56D0AF7E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {A7919F8B-D561-48D6-9BC2-370A72398964} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {C25C0090-8987-404E-A835-7DC55C18697B} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
Task: {CBD86C98-ACA5-4DB0-BEF4-B5AECD7F8489} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)
Task: {D0BF7E9D-C106-4EB4-A252-792ADE9D4477} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {D208FE45-E25E-4AFE-B457-6A1E28328B5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {E534450D-0102-4395-AD48-4A0F38D33139} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {EC5FAD4E-BEA0-4132-9847-A850D6B10274} - System32\Tasks\HPCeeScheduleForMilz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F76F757C-2F7C-42D2-9AF0-AA2C607EC383} - System32\Tasks\SafeZone scheduled Autoupdate 1463319274 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMilz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-11-12 21:45 - 2012-08-21 16:07 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2015-11-12 21:50 - 2012-08-21 16:07 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 07:16 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 07:16 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-08 18:11 - 2016-12-08 18:11 - 01864384 _____ () C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2015-12-17 22:03 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 07:17 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-15 14:31 - 2016-05-15 14:31 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-15 14:31 - 2016-05-15 14:31 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-07 18:22 - 2016-12-07 18:22 - 03067392 _____ () C:\Program Files\AVAST Software\Avast\defs\16120700\algo.dll
2016-12-07 20:00 - 2016-12-07 20:00 - 03067392 _____ () C:\Program Files\AVAST Software\Avast\defs\16120701\algo.dll
2016-05-15 14:31 - 2016-05-15 14:31 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-15 14:31 - 2016-05-15 14:31 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-09 19:02 - 2016-12-09 19:02 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16120901\algo.dll
2016-01-09 16:15 - 2016-01-09 16:15 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-09 19:03 - 2016-12-09 19:03 - 00098816 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32api.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00110080 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\pywintypes27.dll
2016-12-09 19:03 - 2016-12-09 19:03 - 00364544 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\pythoncom27.dll
2016-12-09 19:03 - 2016-12-09 19:03 - 00320512 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32com.shell.shell.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00914432 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_hashlib.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 01176576 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._core_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00806400 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._gdi_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00816128 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._windows_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 01067008 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._controls_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00733184 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._misc_.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00682496 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\pysqlite2._sqlite.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00088064 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_ctypes.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00686080 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\unicodedata.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00119808 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32file.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00108544 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32security.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00007168 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\hashobjs_ext.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00017920 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\thumbnails_ext.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00088064 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\usb_ext.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00012800 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\common.time34.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00018432 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32event.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00167936 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32gui.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00046080 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_socket.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 01303552 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_ssl.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00128512 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_elementtree.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00127488 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\pyexpat.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00038912 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32inet.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00036864 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_psutil_windows.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00525208 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\windows._lib_cacheinvalidation.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00011264 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32crypt.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00123392 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._wizard.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00077312 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._html2.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00027648 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_multiprocessing.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00020480 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\_yappi.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00035840 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32process.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00078848 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\wx._animate.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00024064 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32pipe.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00010240 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\select.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00025600 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32pdh.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00017408 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32profile.pyd
2016-12-09 19:03 - 2016-12-09 19:03 - 00022528 ____R () C:\Users\Milan\AppData\Local\Temp\_MEI18402\win32ts.pyd
2016-12-08 18:11 - 2016-12-08 18:11 - 01383616 _____ () C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-11-15 19:10 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 19:10 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-11-06 05:30 - 2016-12-09 19:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\Control Panel\Desktop\\Wallpaper -> D:\Dokumenty\BMW\BMW-M5_E28_mp2_pic_54016.jpg
DNS Servers: 10.255.255.10 - 10.255.255.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HPUsageTrackingLEDM"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{73E7ECD1-7CE0-4030-BF07-865FA2881B63}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{840D3202-D25A-4617-B1CE-C27063BD3EF2}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{AA50A656-2204-4B62-A166-F6A9F28CB46B}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{0D579559-BD7B-439A-AF5A-F85D665210EB}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{9C46090E-E914-4D9E-B492-6904D64C48C2}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{5F779887-1211-45A5-9F09-6A3D2E802CFC}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{3C632911-A431-4950-BCB3-1AB680B677A9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2112E877-D29C-4187-8D83-319DAB62B9FA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EC611A0-4D54-4219-A4C7-36893B7C4A69}] => C:\Program Files (x86)\Farming Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{ADFBC892-4562-4F86-99B1-75F29AFD94F4}] => C:\Program Files (x86)\Farming Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{B405B73C-9C1F-4FAA-AFDC-7256B222DBAF}] => C:\Program Files (x86)\Farming Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{417C9C75-A4A5-4806-B8D7-08E6D2CC6B69}] => C:\Program Files (x86)\Farming Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{0F26A885-E649-4472-90BD-F5A91BDCC2C8}] => C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{8FD4884A-D7CA-456E-870E-F56094CAF253}] => C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [TCP Query User{CD7C962B-F399-48D9-ADDC-B34DA32CD48A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F3F3ADEF-AFF4-4C88-8A5E-F0BD344F42F0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{FADF7C66-30F6-480F-9123-A26466C24783}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E34D606C-335C-48FF-AA1F-585B56B8F4D3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{0187E826-3C72-4BB9-B46F-6EFDACB8EAB2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F2D46198-DBFD-45DF-BB78-51720C0984D0}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FBDB7B88-0EAC-4BD1-9C07-ABAB0549F091}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{8BC4F560-CF4C-4140-914B-EA0D174FD5AB}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{B22C3A75-43B6-4068-8AC4-83E30F12F45E}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{C388233C-ECD7-408B-A702-F890082AD4D1}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{D5CF19B5-843B-4B61-98F3-158B5B5C3D3C}C:\program files (x86)\farming simulator 2015\farmingsimulator2015game.exe] => C:\program files (x86)\farming simulator 2015\farmingsimulator2015game.exe
FirewallRules: [UDP Query User{88BE8C47-873A-48A9-9DE6-5E3463FA14F8}C:\program files (x86)\farming simulator 2015\farmingsimulator2015game.exe] => C:\program files (x86)\farming simulator 2015\farmingsimulator2015game.exe
FirewallRules: [{989A3F46-4ECB-4BA3-95CA-6747A0C80B39}] => C:\Program Files (x86)\GRETECH\GomRemote2\GomRemote2.exe
FirewallRules: [{BF515CCF-66A7-451F-976A-984A2D302C28}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{46211B1A-D9D7-47F7-BE75-030F7C1C270D}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{107D962B-CE1C-43DE-9D96-87DB61502FFE}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{445217C6-C43A-4E57-A82D-665077FA6126}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B77A0EF2-E200-42D4-87A9-C308318BA303}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7565DBAA-6923-4A77-8D4D-23BEAF1E4EEA}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{107F93E5-6256-41C8-9DE8-B851EC9D723A}] => C:\Program Files (x86)\Vuze\Azureus.exe
==================== Restore Points =========================
03-07-2016 05:29:07 Chrome Cleanup Tool
14-07-2016 20:29:17 Windows Update
24-07-2016 06:52:59 Naplánovaný kontrolní bod
06-12-2016 16:57:14 JRT Pre-Junkware Removal
07-12-2016 19:45:09 zoek.exe restore point
08-12-2016 19:07:11 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/09/2016 07:05:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x1ec
Čas spuštění chybující aplikace: 0x01d25246e0b314fb
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: 0d425b32-47f0-4029-b25a-f169a12ee201
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:05:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x14a8
Čas spuštění chybující aplikace: 0x01d25246dbf8990d
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: 22817628-8fff-4730-a2aa-0eb697e7acd6
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:05:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x12ec
Čas spuštění chybující aplikace: 0x01d25246d78085ee
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: 264540d6-0d5e-404d-8ef5-81f95b95a304
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:05:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x364
Čas spuštění chybující aplikace: 0x01d25246d2793528
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: c82b0dda-216a-4087-989c-fc8704d01487
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:05:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0xacc
Čas spuštění chybující aplikace: 0x01d25246cd8998cd
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: 524e2523-6688-4578-b967-a7496cc23a36
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/09/2016 07:04:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.10586.494, časové razítko: 0x5775e69a
Název chybujícího modulu: Windows.UI.Xaml.dll, verze: 10.0.10586.494, časové razítko: 0x5775e900
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000006fd01b
ID chybujícího procesu: 0x1dbc
Čas spuštění chybující aplikace: 0x01d252469137915b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll
ID zprávy: f5de9075-e41a-49cb-b98d-2b30e3897c5c
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (12/08/2016 07:07:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).
System Error:
Přístup byl odepřen.
.
Error: (12/07/2016 07:45:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).
System Error:
Přístup byl odepřen.
.
Error: (12/07/2016 07:37:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (12/07/2016 07:37:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
System errors:
=============
Error: (12/08/2016 10:56:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_406387 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/08/2016 10:56:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_406387 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/08/2016 10:56:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_406387 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/08/2016 10:56:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_406387 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/08/2016 10:56:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (12/07/2016 09:18:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_4773c byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/07/2016 09:18:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_4773c byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/07/2016 09:18:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_4773c byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/07/2016 09:18:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_4773c byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/07/2016 09:18:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2016-07-20 19:27:49.011
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-17 19:43:53.830
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-17 18:34:44.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-23 19:25:44.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-20 18:17:26.565
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-20 16:27:40.077
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-19 09:48:31.587
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-15 06:48:33.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-15 06:26:42.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-17 19:18:06.602
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 54%
Total physical RAM: 4044.44 MB
Available physical RAM: 1837.85 MB
Total Virtual: 4684.44 MB
Available Virtual: 2264.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:96.36 GB) (Free:4.45 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:833.46 GB) (Free:314.07 GB) NTFS
Drive f: () (Fixed) (Total:488.28 GB) (Free:29.52 GB) NTFS
Drive g: () (Fixed) (Total:443.23 GB) (Free:36.54 GB) NTFS
Drive h: () (Fixed) (Total:232.88 GB) (Free:44.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6E286E28)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 909E53E4)
Partition 1: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: CEF3E9B9)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zabržděný PC stroj
Odinstaluj:
Avast\SafePrice\FF
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\ProgramData\P1100DEF.css
C:\ProgramData\P1100OS.HTM
C:\ProgramData\P1100SIG.GIF
C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Drive c: () (Fixed) (Total:96.36 GB) (Free:4.45 GB) NTFS
Totální nedostatek volného místa na disku!! Něco odinstaluj , smaž. Máš mít nejméně 15-20% volného místa na syst. disku , pro zajištění bezproblémového chodu windows!!
Avast\SafePrice\FF
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CloseProcesses:
HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\...\RunOnce: [Uninstall C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Milan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {2137A133-F838-4C2C-B5D5-87B66F0A751D} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {4EB37233-050F-4235-92B7-CB7A9E87355A} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {556085BB-8626-46AB-BF25-45242389416C} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {56D23827-7125-4731-B5FC-EEDBA4BA3651} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {9FBE5682-DE6E-4206-9A4A-140A2CB91A99} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {BF3670C2-090F-4604-9AFC-B127FCFF4754} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {DBEF27A1-48F2-486B-B357-40411FEB5624} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2956889099-2159444239-4127303854-1001 -> {E30BDFC0-C20B-47CA-9C9B-845A154082F5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
FF Plugin HKU\S-1-5-21-2956889099-2159444239-4127303854-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Milan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
CHR HKU\S-1-5-21-2956889099-2159444239-4127303854-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Milan\AppData\Roaming\inst.exe
C:\Users\Milan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Milan\AppData\Local\Temp\playstv_patch.exe
C:\Users\Milan\AppData\Local\Temp\raptrpatch.exe
Task: {76001E07-3D12-40E0-AE5A-D06C95DE8DF3} - no filepath
Task: {CBD86C98-ACA5-4DB0-BEF4-B5AECD7F8489} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMilz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
C:\Users\Milan\AppData\Local\Temp\_MEI18402
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\ProgramData\P1100DEF.css
C:\ProgramData\P1100OS.HTM
C:\ProgramData\P1100SIG.GIF
C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Drive c: () (Fixed) (Total:96.36 GB) (Free:4.45 GB) NTFS
Totální nedostatek volného místa na disku!! Něco odinstaluj , smaž. Máš mít nejméně 15-20% volného místa na syst. disku , pro zajištění bezproblémového chodu windows!!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů