ReimagePlus Vyřešeno

[IL62]

RogueKiller V12.9.5.0 (x64) [Jan 23 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : milanek [Práva správce]
Started from : C:\Users\milanek\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 01/29/2017 09:35:11 (Duration : 00:48:52)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.seznam.cz/] -> Smazáno
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.seznam.cz/] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-08M2NA0 +++++
--- User ---
[MBR] 95d2d6f01a9e435b8fa673311e37ee46
[BSP] 6c7372b899691b4625b7403e15b033e9 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2582528 | Size: 500 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 3606528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 3868672 | Size: 926980 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1902323712 | Size: 25000 MB
User = LL1 ... OK
User = LL2 ... OK

[Reklama]

[IL62]

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by milanek on 29.01.2017 at 10:38:10,49.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\milanek\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.01.2017 10:40:13 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Amazon deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\firebird deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\milanek\AppData\Local\ActiveSync deleted successfully
C:\Users\milanek\AppData\Local\EmieSiteList deleted successfully
C:\Users\milanek\AppData\Local\EmieUserList deleted successfully
C:\Users\milanek\AppData\Local\FSDART deleted successfully
C:\Users\milanek\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Amazon not found
C:\PROGRA~3\Package Cache deleted
C:\Users\milanek\AppData\Local\CrashRpt deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\Public\Desktop\VDownloader.lnk deleted
"C:\ProgramData\.tv7" deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]

Seznam.cz - milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkncgicdohgfdncecojfiapgebmlnaoc
Copy Link URL - milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\idimebjnbdepjllaongdhgnekjobbmci
Chrome Media Router - milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.omeglesurf.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.omeglesurf.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_stats.aemediatraffic.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_stats.aemediatraffic.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gayfinder.tv_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gayfinder.tv_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adexchangeprediction.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adexchangeprediction.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.h2porn.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.h2porn.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.shorte.st_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.shorte.st_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.opensubtitles.org_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.opensubtitles.org_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adv.h2porn.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adv.h2porn.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ad.libimseti.cz_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ad.libimseti.cz_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.brazzers.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.brazzers.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static2.nkcdn.cz_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static2.nkcdn.cz_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saunababylonia.cz_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saunababylonia.cz_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_superdeals.aliexpress.com_0.localstorage deleted successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_superdeals.aliexpress.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{D7F36B65-F1FA-4B5F-9544-6E3C083CB33A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{D7F36B65-F1FA-4B5F-9544-6E3C083CB33A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
HKCU\SearchScopes\{115B3A5E-EA3C-4679-9E6D-671F5E753FF7} - http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
HKCU\SearchScopes\{1437176A-E773-468A-AA47-30F6F47F1E17} - http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454
HKCU\SearchScopes\{21FC8015-A8AC-4523-8D12-D0F23B371AD5} - http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
HKCU\SearchScopes\{709B54A5-3748-47CA-A762-EC8D4C420F74} - http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
HKCU\SearchScopes\{78F46192-2110-48B9-8D59-003AFCCADC9A} - http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
HKCU\SearchScopes\{7D9136BE-2143-460A-9341-A3C9F4A0EA34} - http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
HKCU\SearchScopes\{A8D5ABA3-9AA3-40A9-B86D-B60F30EA863E} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
HKCU\SearchScopes\{D1CFF515-A38C-4287-9982-690D2ED74D14} - http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454

==== Reset Google Chrome ======================

C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\milanek\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\milanek\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\milanek\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\milanek\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\milanek\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=69 folders=27 21808922 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\milanek\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 29.01.2017 at 11:16:18,05 ======================

[IL62]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by milanek (29-01-2017 16:07:47)
Running from C:\Users\milanek\Desktop
Windows 10 Home Version 1607 (X64) (2016-11-11 17:33:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1040683045-3520781050-4236757564-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1040683045-3520781050-4236757564-503 - Limited - Disabled)
Guest (S-1-5-21-1040683045-3520781050-4236757564-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1040683045-3520781050-4236757564-1003 - Limited - Enabled)
milanek (S-1-5-21-1040683045-3520781050-4236757564-1001 - Administrator - Enabled) => C:\Users\milanek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: - )
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4002 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.4002 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.01 - Lenovo Group Limited) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.13 - DivX, LLC)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
DTS+AC3 ÇĘĹÍ (HKLM-x32\...\DtsFilter) (Version: - )
ESET NOD32 Antivirus (HKLM\...\{F92DA023-338E-4C8A-A6C6-8F36DB179AE4}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
forteManager (HKLM-x32\...\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}) (Version: 3.15 - LG Soft India)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
GOM Audio (HKLM-x32\...\GomAudio) (Version: 2.2.2.0 - Gretech Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.10.5266 - Gretech Corporation)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7104.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.7104.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
ManyCam 5.5.0 (HKLM-x32\...\ManyCam) (Version: 5.5.0 - Visicom Media Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0112.135 - Mio Technology)
Nitro Pro 9 (HKLM\...\{356896F4-F148-4BEB-8268-7D877F6C0DD0}) (Version: 9.0.6.20 - Nitro)
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 42.0.2393.517 (HKLM-x32\...\Opera 42.0.2393.517) (Version: 42.0.2393.517 - Opera Software)
Pomocník při upgradu na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17329 - Microsoft Corporation)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG2500 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2500 series) (Version: - ‭Canon Inc.)
Seznam Software (HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\SeznamInstall) (Version: - Seznam.cz)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Sound Blaster X-Fi Surround 5.1 (HKLM-x32\...\{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}) (Version: 1.0 - )
Subtitle Edit 3.4.12 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.12.1 - Nikse)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.0.3 - Lenovo)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VDownloader 4.4.2350 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VisualSubSync (remove only) (HKLM-x32\...\VisualSubSync) (Version: - )
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: 16.0.1.9 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00688DAE-574A-4E22-AFD7-A312D4582F22} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {014F5DA0-01B1-491B-9130-306A67DDC241} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {12DF0AD2-AB76-49FF-A783-8AAC3BDAE50C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {1BDE8803-9996-4B66-96F5-888A036A0313} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {28991BB5-0964-4B19-AC34-FBE3E647B4CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35FCCE0A-B190-4120-A13E-749B044B2D54} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2015-11-30] (DivX, LLC)
Task: {36CF8FCE-7D30-48A1-8902-B7477FCD6832} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3EE0AD6D-B451-406E-85A8-87AD9827CF71} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4892F3FF-6669-4CAE-A93E-EC56F57305BF} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {569E6EA0-05DE-4BF9-BEAB-7318B6C00E9A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5EFB9E7C-DB13-40AD-A42A-E2EA25194714} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {664F5A95-0C46-43E6-8E8A-D2A573F8E37A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {66791A04-F3E5-4369-B4D8-EC89D01D56C7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {797E68FF-787C-4CFF-B669-C9906B9F09D1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {809ECAB6-E8E7-4616-AF38-3225DE3FAFEA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8568E347-8F68-4993-895B-EA0167FEFCA9} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {9F745D22-3479-4813-AA2F-E52B24859271} - \WPD\SqmUpload_S-1-5-21-1040683045-3520781050-4236757564-1001 -> No File <==== ATTENTION
Task: {A53FE1A2-58A1-4F2E-8B14-C6D65799EFA2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A93C170C-9D22-41E1-83AC-F7D4FA60EE15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {B962104E-528E-481B-8234-6BF17BEFDE8D} - System32\Tasks\{49099353-6AA6-45E5-85ED-C34C1810ACE2} => pcalua.exe -a D:\lge.exe -d D:\
Task: {C468B6A5-06DD-4383-88B7-C4089ACF8E85} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C6D86791-167D-489D-A950-C888D74B1EAB} - System32\Tasks\Opera scheduled Autoupdate 1445013092 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-26] (Opera Software)
Task: {CAEB823F-A40E-4F64-8E16-B17355090BFD} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {CE234D42-A301-4662-95B3-D01352FE9F5C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D1616354-913D-4EA8-B9CE-4E758D499A83} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E69339A9-7934-4909-A5B9-FC8C666BECB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {F4EB940E-81EB-4CEE-9ABF-0C19A561ADD8} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {F5786D02-E586-4C1E-B342-C00220DF0505} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {FAF8D97E-E08D-402B-8B3A-1A52EF604503} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_dkncgicdohgfdncecojfiapgebmlnaoc\Seznam.cz.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
ShortcutWithArgument: C:\Users\milanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Seznam.cz.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
ShortcutWithArgument: C:\Users\milanek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Seznam.cz.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 21:30 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-01-08 19:35 - 2011-08-17 05:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2015-01-08 19:57 - 2012-04-24 11:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-04-09 17:33 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\30786libfoxloader-x64.dll
2016-12-14 21:30 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-11 17:42 - 2016-11-11 17:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 17:24 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 17:23 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 17:24 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 17:23 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 17:23 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 17:24 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-23 16:14 - 2017-01-23 16:15 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 16:14 - 2017-01-23 16:15 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 16:14 - 2017-01-23 16:15 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 21:32 - 2016-12-14 21:33 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2015-01-08 19:34 - 2013-10-25 10:23 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2016-04-09 17:33 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2015-01-08 19:35 - 2011-08-17 05:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2016-04-09 17:33 - 2015-05-26 12:36 - 00073896 _____ () C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2016-11-23 09:21 - 2016-11-23 09:21 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 09:21 - 2016-11-23 09:21 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-07-15 15:12 - 2016-07-15 15:12 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 09:21 - 2016-11-23 09:21 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 09:21 - 2016-11-23 09:21 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-01-22 05:54 - 2017-01-22 05:55 - 13017288 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2016-04-09 17:33 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-04-09 17:33 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\30786libfoxloader.dll
2015-01-08 19:35 - 2011-05-17 22:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-01-29 10:41 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\milanek\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\p1000766.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "forteManager.lnk"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{3249A19A-E9CF-418A-AC6B-31A9280EFBFB}C:\program files (x86)\lenovo\beacon\beaconclientwindows.exe] => C:\program files (x86)\lenovo\beacon\beaconclientwindows.exe
FirewallRules: [TCP Query User{DC96DA33-F7D1-4C17-859F-18081E9B5C90}C:\program files (x86)\lenovo\beacon\beaconclientwindows.exe] => C:\program files (x86)\lenovo\beacon\beaconclientwindows.exe
FirewallRules: [UDP Query User{A5CFF5F2-2838-4681-B8B3-44A12C37551D}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{42A171F0-5416-4668-B6DC-0191F30AA7D8}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{695CEB33-5197-41D7-9380-4C3F877973E7}C:\users\milanek\appdata\roaming\utorrent\utorrent.exe] => C:\users\milanek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{2A67BE44-7BDA-41E1-B0DB-D21DFD85625F}C:\users\milanek\appdata\roaming\utorrent\utorrent.exe] => C:\users\milanek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{CE368163-0E6A-4315-9DAF-93227CF9E056}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CF9CB9C1-E991-4DEB-94DB-D71F8282FAF3}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{1C776AD9-3236-4C6D-A18C-7EAE7AFAD170}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{A272ED4F-7225-483A-85CF-C69BE2343566}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{61DE8F0E-FC42-4CA9-A34A-6874AAB6CCC7}] => C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{0FA9A8C3-ED67-4CEA-9B2C-69968739D353}] => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{90395B3B-9DED-42E1-92E7-6831BF7329A7}] => C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{564DD277-CC03-4B04-9287-E2DFEA992E30}] => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{530C824E-D710-49BC-A0FE-02FC2F55279E}] => C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7EA5905C-F9AA-4373-8B1F-9C3B9290A2A4}] => C:\Users\milanek\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{E154C401-E193-4CE4-8797-9ECC5F2F3CA4}] => C:\Users\milanek\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{7280CFB2-FCE3-40C2-9391-731B1CD99BF1}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7D928A5D-0D26-4202-8FED-AD5BA83473E0}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5E9F0DF7-17CB-4A4F-89CB-277C39C1BCC1}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{C932AE42-DCC9-4F60-AA60-B5A78D5BEF43}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F64DCA3C-1336-4BD3-B6EA-5F48A77922CE}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EBF5455B-82A7-495A-BBDE-DCE34D44D49A}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{BF962758-092B-423F-A4CC-2972DC9472FC}] => C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{48ABC6EA-172C-4FE7-8400-E6310697F26F}] => C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{29466B46-000D-48C3-A0DC-879D6D4327CB}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{66BA6263-B45C-46EA-83C3-D15425DCA496}] => C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
FirewallRules: [{A2C2C612-B5C0-4919-8F28-D53639D1597B}] => C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe

==================== Restore Points =========================

08-01-2017 20:19:32 Naplánovaný kontrolní bod
17-01-2017 19:11:44 Naplánovaný kontrolní bod
25-01-2017 17:33:21 Windows Update
27-01-2017 19:38:48 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2017 11:12:03 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/29/2017 11:11:08 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/29/2017 10:40:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (01/29/2017 10:39:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (01/29/2017 10:25:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (01/29/2017 10:23:57 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/29/2017 10:23:57 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/29/2017 10:23:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.14393.0, časové razítko: 0x57899ab2
Název chybujícího modulu: ntdll.dll, verze: 10.0.14393.479, časové razítko: 0x5825887f
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000f8283
ID chybujícího procesu: 0x16e8
Čas spuštění chybující aplikace: 0x01d27a114d9cdc40
Cesta k chybující aplikaci: C:\WINDOWS\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 4da20e13-325e-4996-9d85-2164dc2246a5
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/29/2017 10:23:31 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/29/2017 10:23:31 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (01/29/2017 11:24:36 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/29/2017 11:18:57 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {784E29F4-5EBE-4279-9948-1E8FE941646D} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/29/2017 11:15:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/29/2017 11:11:54 AM) (Source: GeneStor) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/29/2017 11:11:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/29/2017 11:03:56 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/29/2017 11:03:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/29/2017 11:03:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/29/2017 11:03:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/29/2017 11:03:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


CodeIntegrity:
===================================
Date: 2017-01-29 11:12:09.382
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-29 11:12:09.375
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-29 11:12:09.368
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-29 11:12:09.317
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-29 09:30:54.147
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-29 09:30:54.141
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-29 09:30:54.134
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-29 09:30:54.086
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-29 05:56:25.708
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-29 05:56:25.701
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 44%
Total physical RAM: 3988.55 MB
Available physical RAM: 2213.88 MB
Total Virtual: 6676.55 MB
Available Virtual: 4735.11 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:750.69 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9F437DC7)

Partition: GPT.

==================== End of Addition.txt ============================

[IL62]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01
Ran by milanek (administrator) on BALU (29-01-2017 16:06:01)
Running from C:\Users\milanek\Desktop
Loaded Profiles: milanek (Available Profiles: milanek)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\jmesoft\Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Windows\jmesoft\JME_LOAD.exe
() C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [837640 2015-12-08] (DivX, LLC)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\milanek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\RunOnce: [Uninstall C:\Users\milanek\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\milanek\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Policies\Explorer: [NoDrives] 00000003
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk [2015-09-26]
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d7f36ed6-9e53-4fa1-b89c-a8c1b460c4a5}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {115B3A5E-EA3C-4679-9E6D-671F5E753FF7} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {1437176A-E773-468A-AA47-30F6F47F1E17} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {21FC8015-A8AC-4523-8D12-D0F23B371AD5} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {709B54A5-3748-47CA-A762-EC8D4C420F74} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {78F46192-2110-48B9-8D59-003AFCCADC9A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {7D9136BE-2143-460A-9341-A3C9F4A0EA34} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {A8D5ABA3-9AA3-40A9-B86D-B60F30EA863E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {D1CFF515-A38C-4287-9982-690D2ED74D14} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareu ... PIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareu ... TSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareu ... /CTPID.cab

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> hxxp://www.seznam.cz/

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-12-02] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default [2017-01-29]
CHR Extension: (Prezentace Google) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-29]
CHR Extension: (Dokumenty Google) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-29]
CHR Extension: (Disk Google) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-29]
CHR Extension: (YouTube) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-29]
CHR Extension: (Adobe Acrobat) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-29]
CHR Extension: (Tabulky Google) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-29]
CHR Extension: (Skype) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-01-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
CHR Extension: (Gmail) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-12-10] (ESET)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-07] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-12-10] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-28] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-12-10] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [181384 2016-12-10] (ESET)
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [103656 2013-10-21] (GenesysLogic)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [1134208 2009-08-05] (Creative Technology Ltd.)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2008-12-12] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2008-12-12] () [File not signed]
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [49312 2016-08-25] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-29 16:06 - 2017-01-29 16:06 - 00018173 _____ C:\Users\milanek\Desktop\FRST.txt
2017-01-29 16:02 - 2017-01-29 16:06 - 00000000 ____D C:\FRST
2017-01-29 15:57 - 2017-01-29 15:57 - 02420736 _____ (Farbar) C:\Users\milanek\Desktop\FRST64.exe
2017-01-29 11:37 - 2017-01-29 11:37 - 00000000 ____D C:\Users\milanek\AppData\Local\CrashRpt
2017-01-29 11:08 - 2017-01-29 10:38 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-01-29 10:38 - 2017-01-29 11:05 - 00000000 ____D C:\zoek_backup
2017-01-29 10:35 - 2017-01-29 10:35 - 01309184 _____ C:\Users\milanek\Desktop\zoek.exe
2017-01-28 11:56 - 2017-01-28 11:56 - 00001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-01-28 10:46 - 2017-01-29 10:36 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-28 10:46 - 2017-01-29 09:35 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-28 10:43 - 2017-01-28 10:43 - 25949256 _____ C:\Users\milanek\Desktop\RogueKillerX64.exe
2017-01-27 19:55 - 2017-01-27 19:55 - 00000000 ____D C:\ProgramData\Sophos
2017-01-27 19:54 - 2017-01-27 19:54 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-27 19:54 - 2017-01-27 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-27 19:54 - 2017-01-27 19:54 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-27 19:36 - 2017-01-27 19:36 - 01663040 _____ (Malwarebytes) C:\Users\milanek\Desktop\JRT.exe
2017-01-27 17:25 - 2017-01-29 11:24 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-27 17:25 - 2017-01-29 11:12 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-27 17:25 - 2017-01-29 11:12 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-27 17:25 - 2017-01-29 11:12 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-27 17:25 - 2017-01-29 11:12 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-27 17:25 - 2017-01-27 17:25 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-27 17:24 - 2017-01-27 17:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-27 17:24 - 2017-01-27 17:24 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-27 17:24 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-27 16:58 - 2017-01-27 16:59 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 16:57 - 2017-01-27 17:11 - 00000000 ____D C:\AdwCleaner
2017-01-27 16:56 - 2017-01-27 16:57 - 03988944 _____ C:\Users\milanek\Desktop\AdwCleaner.exe
2017-01-27 16:31 - 2017-01-27 16:31 - 00448512 _____ (OldTimer Tools) C:\Users\milanek\Desktop\TFC.exe
2017-01-25 16:23 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 16:23 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-16 11:25 - 2017-01-16 11:25 - 00765267 _____ C:\Users\milanek\Documents\IMG_20170116_0001.pdf
2017-01-16 11:19 - 2017-01-16 11:20 - 00000000 ____D C:\Users\milanek\Documents\Daně
2017-01-14 07:19 - 2017-01-14 07:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\milanek\Desktop\HijackThis.exe
2017-01-11 17:25 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:25 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:25 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:25 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 17:25 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:25 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:24 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:24 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:24 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:24 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:24 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 17:24 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:24 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:24 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:24 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 17:24 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:24 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:24 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:24 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:24 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:24 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:24 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:24 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:24 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:24 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:24 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:24 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:24 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:24 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:24 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:24 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:24 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:24 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:24 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:24 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 17:24 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:24 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:24 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:24 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:24 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:24 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:24 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:24 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:24 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:24 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 17:24 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:24 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:24 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:24 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:24 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:24 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:24 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:24 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:24 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:24 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 17:24 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:24 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 17:24 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 17:24 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 17:24 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 17:24 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:24 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 17:24 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 17:24 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 17:24 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:24 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:24 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:24 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 17:24 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 17:24 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 17:24 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 17:24 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 17:24 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 17:24 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 17:24 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 17:24 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 17:24 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 17:24 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 17:24 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 17:24 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 17:24 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:24 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 17:24 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 17:24 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 17:24 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 17:24 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 17:24 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:24 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:24 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:24 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:24 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:24 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 17:24 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:24 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 17:24 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 17:24 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 17:24 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 17:24 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:24 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:24 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 17:24 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 17:24 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 17:24 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:24 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 17:24 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:24 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:24 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:24 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:24 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 17:24 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:24 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:24 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 17:24 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 17:24 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:24 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:24 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:24 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 17:24 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:24 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:24 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:24 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 17:24 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 17:24 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 17:24 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 17:24 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 17:24 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:24 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 17:24 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 17:24 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:24 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:24 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:24 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:24 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:24 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:24 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:24 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 17:24 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:24 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:24 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:24 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:24 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 17:24 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:24 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:24 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:24 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 17:24 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 17:23 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:23 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 17:23 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:23 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 17:23 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:23 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 17:23 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:23 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:23 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 17:23 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 17:23 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 17:23 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 17:23 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 17:23 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 17:23 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 17:23 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:23 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:23 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 17:23 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 17:23 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-29 15:56 - 2016-11-11 17:54 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-29 12:09 - 2015-08-08 07:00 - 00000000 ____D C:\Users\milanek\AppData\Roaming\Skype
2017-01-29 12:06 - 2016-11-12 13:33 - 00000000 ____D C:\Users\milanek\AppData\Local\ManyCam
2017-01-29 11:29 - 2016-11-11 18:00 - 00000000 ____D C:\Users\milanek
2017-01-29 11:12 - 2016-11-11 18:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-29 11:11 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-29 11:03 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-29 09:33 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-29 06:06 - 2015-08-13 18:30 - 00000000 ____D C:\Users\milanek\AppData\Local\CrashDumps
2017-01-28 18:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-28 11:56 - 2016-11-11 18:28 - 00003948 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1445013092
2017-01-28 11:56 - 2015-10-16 17:28 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-27 18:33 - 2016-05-18 16:14 - 00000000 ____D C:\Users\milanek\Downloads\Filmy
2017-01-27 17:37 - 2016-12-09 18:35 - 00000000 ____D C:\Users\milanek\AppData\Local\VDownloader
2017-01-27 16:59 - 2015-08-08 20:01 - 00002443 _____ C:\Users\milanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 16:59 - 2015-08-04 08:50 - 00000000 __RDO C:\Users\milanek\OneDrive
2017-01-27 16:25 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-25 18:02 - 2015-08-06 15:52 - 00000000 ____D C:\Users\milanek\AppData\Roaming\uTorrent
2017-01-25 17:40 - 2015-08-14 19:38 - 00000000 ____D C:\Users\milanek\AppData\Roaming\Nitro PDF
2017-01-25 17:34 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-20 20:01 - 2015-08-24 11:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 05:31 - 2015-08-08 06:59 - 00000000 ____D C:\ProgramData\Skype
2017-01-14 07:19 - 2015-08-04 07:47 - 00000000 ____D C:\Users\milanek\AppData\Local\VirtualStore
2017-01-12 18:44 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 18:45 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-11 18:25 - 2016-04-27 07:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 18:22 - 2016-11-11 17:54 - 00234040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 18:20 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 18:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 18:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 18:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 18:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 18:05 - 2015-08-06 11:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 18:01 - 2015-08-06 11:22 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 16:22 - 2016-11-11 18:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-08 15:51 - 2015-08-08 06:52 - 00001271 _____ C:\Users\milanek\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2017-01-08 15:51 - 2015-08-08 06:52 - 00001247 _____ C:\Users\Public\Desktop\GOM Player.lnk

==================== Files in the root of some directories =======

2015-08-22 16:19 - 2015-08-22 16:19 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2015-08-26 07:24 - 2015-08-26 07:24 - 0007602 _____ () C:\Users\milanek\AppData\Local\Resmon.ResmonCfg
2015-08-04 11:14 - 2009-08-04 12:33 - 0001026 _____ () C:\ProgramData\CfSB0270.ini
2015-08-04 11:14 - 2009-08-04 12:33 - 0001026 _____ () C:\ProgramData\CfSB0271.ini
2015-08-04 11:14 - 2009-08-04 12:33 - 0001302 _____ () C:\ProgramData\CfSB0300.ini
2015-08-04 11:14 - 2009-08-04 12:33 - 0001282 _____ () C:\ProgramData\CfSB0471.ini
2015-08-04 11:14 - 2009-08-04 12:33 - 0001208 _____ () C:\ProgramData\CfSB0490.ini
2015-08-04 11:14 - 2009-08-04 12:33 - 0001027 _____ () C:\ProgramData\CfSB0560.ini
2015-08-04 11:14 - 2009-08-04 12:33 - 0001352 _____ () C:\ProgramData\CfSB0910.ini
2015-08-04 11:14 - 2009-08-04 12:33 - 0001352 _____ () C:\ProgramData\CfSB1090.ini
2016-11-11 17:57 - 2016-11-11 17:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-21 20:07

==================== End of FRST.txt ============================

[jerabina]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\milanek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\RunOnce: [Uninstall C:\Users\milanek\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\milanek\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Policies\Explorer: [NoDrives] 00000003

HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {115B3A5E-EA3C-4679-9E6D-671F5E753FF7} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {1437176A-E773-468A-AA47-30F6F47F1E17} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {21FC8015-A8AC-4523-8D12-D0F23B371AD5} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {709B54A5-3748-47CA-A762-EC8D4C420F74} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {78F46192-2110-48B9-8D59-003AFCCADC9A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {7D9136BE-2143-460A-9341-A3C9F4A0EA34} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {A8D5ABA3-9AA3-40A9-B86D-B60F30EA863E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {D1CFF515-A38C-4287-9982-690D2ED74D14} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

C:\ProgramData\RogueKiller
C:\ProgramData\DP45977C.lfl

Task: {1BDE8803-9996-4B66-96F5-888A036A0313} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {28991BB5-0964-4B19-AC34-FBE3E647B4CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {36CF8FCE-7D30-48A1-8902-B7477FCD6832} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3EE0AD6D-B451-406E-85A8-87AD9827CF71} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {569E6EA0-05DE-4BF9-BEAB-7318B6C00E9A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {664F5A95-0C46-43E6-8E8A-D2A573F8E37A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {809ECAB6-E8E7-4616-AF38-3225DE3FAFEA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F745D22-3479-4813-AA2F-E52B24859271} - \WPD\SqmUpload_S-1-5-21-1040683045-3520781050-4236757564-1001 -> No File <==== ATTENTION
Task: {A53FE1A2-58A1-4F2E-8B14-C6D65799EFA2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A93C170C-9D22-41E1-83AC-F7D4FA60EE15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {B962104E-528E-481B-8234-6BF17BEFDE8D} - System32\Tasks\{49099353-6AA6-45E5-85ED-C34C1810ACE2} => pcalua.exe -a D:\lge.exe -d D:\
Task: {C468B6A5-06DD-4383-88B7-C4089ACF8E85} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CE234D42-A301-4662-95B3-D01352FE9F5C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D1616354-913D-4EA8-B9CE-4E758D499A83} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E69339A9-7934-4909-A5B9-FC8C666BECB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {FAF8D97E-E08D-402B-8B3A-1A52EF604503} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

[IL62]

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by milanek (30-01-2017 16:26:06) Run:1
Running from C:\Users\milanek\Desktop
Loaded Profiles: milanek (Available Profiles: milanek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\milanek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\milanek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\RunOnce: [Uninstall C:\Users\milanek\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\milanek\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Policies\Explorer: [NoDrives] 00000003

HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {115B3A5E-EA3C-4679-9E6D-671F5E753FF7} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {1437176A-E773-468A-AA47-30F6F47F1E17} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {21FC8015-A8AC-4523-8D12-D0F23B371AD5} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {709B54A5-3748-47CA-A762-EC8D4C420F74} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {78F46192-2110-48B9-8D59-003AFCCADC9A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {7D9136BE-2143-460A-9341-A3C9F4A0EA34} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {A8D5ABA3-9AA3-40A9-B86D-B60F30EA863E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {D1CFF515-A38C-4287-9982-690D2ED74D14} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

C:\ProgramData\RogueKiller
C:\ProgramData\DP45977C.lfl

Task: {1BDE8803-9996-4B66-96F5-888A036A0313} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {28991BB5-0964-4B19-AC34-FBE3E647B4CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {36CF8FCE-7D30-48A1-8902-B7477FCD6832} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3EE0AD6D-B451-406E-85A8-87AD9827CF71} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {569E6EA0-05DE-4BF9-BEAB-7318B6C00E9A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {664F5A95-0C46-43E6-8E8A-D2A573F8E37A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {809ECAB6-E8E7-4616-AF38-3225DE3FAFEA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F745D22-3479-4813-AA2F-E52B24859271} - \WPD\SqmUpload_S-1-5-21-1040683045-3520781050-4236757564-1001 -> No File <==== ATTENTION
Task: {A53FE1A2-58A1-4F2E-8B14-C6D65799EFA2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A93C170C-9D22-41E1-83AC-F7D4FA60EE15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {B962104E-528E-481B-8234-6BF17BEFDE8D} - System32\Tasks\{49099353-6AA6-45E5-85ED-C34C1810ACE2} => pcalua.exe -a D:\lge.exe -d D:\
Task: {C468B6A5-06DD-4383-88B7-C4089ACF8E85} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CE234D42-A301-4662-95B3-D01352FE9F5C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D1616354-913D-4EA8-B9CE-4E758D499A83} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E69339A9-7934-4909-A5B9-FC8C666BECB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {FAF8D97E-E08D-402B-8B3A-1A52EF604503} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes TrayApp => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => value removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\milanek\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 => value removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDrives => value removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{115B3A5E-EA3C-4679-9E6D-671F5E753FF7} => key removed successfully
HKCR\CLSID\{115B3A5E-EA3C-4679-9E6D-671F5E753FF7} => key not found.
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1437176A-E773-468A-AA47-30F6F47F1E17} => key removed successfully
HKCR\CLSID\{1437176A-E773-468A-AA47-30F6F47F1E17} => key not found.
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21FC8015-A8AC-4523-8D12-D0F23B371AD5} => key removed successfully
HKCR\CLSID\{21FC8015-A8AC-4523-8D12-D0F23B371AD5} => key not found.
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{709B54A5-3748-47CA-A762-EC8D4C420F74} => key removed successfully
HKCR\CLSID\{709B54A5-3748-47CA-A762-EC8D4C420F74} => key not found.
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{78F46192-2110-48B9-8D59-003AFCCADC9A} => key removed successfully
HKCR\CLSID\{78F46192-2110-48B9-8D59-003AFCCADC9A} => key not found.
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D9136BE-2143-460A-9341-A3C9F4A0EA34} => key removed successfully
HKCR\CLSID\{7D9136BE-2143-460A-9341-A3C9F4A0EA34} => key not found.
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8D5ABA3-9AA3-40A9-B86D-B60F30EA863E} => key removed successfully
HKCR\CLSID\{A8D5ABA3-9AA3-40A9-B86D-B60F30EA863E} => key not found.
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1CFF515-A38C-4287-9982-690D2ED74D14} => key removed successfully
HKCR\CLSID\{D1CFF515-A38C-4287-9982-690D2ED74D14} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
C:\ProgramData\RogueKiller => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BDE8803-9996-4B66-96F5-888A036A0313} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BDE8803-9996-4B66-96F5-888A036A0313} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28991BB5-0964-4B19-AC34-FBE3E647B4CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28991BB5-0964-4B19-AC34-FBE3E647B4CE} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36CF8FCE-7D30-48A1-8902-B7477FCD6832} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36CF8FCE-7D30-48A1-8902-B7477FCD6832} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EE0AD6D-B451-406E-85A8-87AD9827CF71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EE0AD6D-B451-406E-85A8-87AD9827CF71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{569E6EA0-05DE-4BF9-BEAB-7318B6C00E9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{569E6EA0-05DE-4BF9-BEAB-7318B6C00E9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{664F5A95-0C46-43E6-8E8A-D2A573F8E37A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664F5A95-0C46-43E6-8E8A-D2A573F8E37A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{809ECAB6-E8E7-4616-AF38-3225DE3FAFEA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{809ECAB6-E8E7-4616-AF38-3225DE3FAFEA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F745D22-3479-4813-AA2F-E52B24859271} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F745D22-3479-4813-AA2F-E52B24859271} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1040683045-3520781050-4236757564-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A53FE1A2-58A1-4F2E-8B14-C6D65799EFA2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A53FE1A2-58A1-4F2E-8B14-C6D65799EFA2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A93C170C-9D22-41E1-83AC-F7D4FA60EE15} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A93C170C-9D22-41E1-83AC-F7D4FA60EE15} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B962104E-528E-481B-8234-6BF17BEFDE8D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B962104E-528E-481B-8234-6BF17BEFDE8D} => key removed successfully
C:\WINDOWS\System32\Tasks\{49099353-6AA6-45E5-85ED-C34C1810ACE2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49099353-6AA6-45E5-85ED-C34C1810ACE2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C468B6A5-06DD-4383-88B7-C4089ACF8E85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C468B6A5-06DD-4383-88B7-C4089ACF8E85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE234D42-A301-4662-95B3-D01352FE9F5C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE234D42-A301-4662-95B3-D01352FE9F5C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1616354-913D-4EA8-B9CE-4E758D499A83} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1616354-913D-4EA8-B9CE-4E758D499A83} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E69339A9-7934-4909-A5B9-FC8C666BECB0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E69339A9-7934-4909-A5B9-FC8C666BECB0} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAF8D97E-E08D-402B-8B3A-1A52EF604503} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAF8D97E-E08D-402B-8B3A-1A52EF604503} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 3344740 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50283144 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 327 B
Edge => 91415516 B
Chrome => 815348169 B
Firefox => 0 B
Opera => 25961000 B

Temp, IE cache, history, cookies, recent:
Default => 1536 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 186618 B
NetworkService => 13500 B
milanek => 5169454 B

RecycleBin => 12126147 B
EmptyTemp: => 957.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:30:01 ====

[jaro3]

Co problémy?

[IL62]

Nevím jak poděkovat. PC teď navíc běží mnohem rychleji a problémy vyřešeny.
Ještě jednou děkuji za pomoc všem, kteří se na tom podíleli.

[jaro3]

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[IL62]

# DelFix v1.013 - Logfile created 01/02/2017 at 17:20:47
# Updated 17/04/2016 by Xplode
# Username : milanek - BALU
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\milanek\Desktop\AdwCleaner.exe
Deleted : C:\Users\milanek\Desktop\FRST64.exe
Deleted : C:\Users\milanek\Desktop\JRT.exe
Deleted : C:\Users\milanek\Desktop\HijackThis.exe
Deleted : C:\Users\milanek\Desktop\RogueKillerX64.exe
Deleted : C:\Users\milanek\Desktop\TFC.exe
Deleted : C:\Users\milanek\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Cleaning system restore ...

Deleted : RP #10 [Naplánovaný kontrolní bod | 01/17/2017 18:11:44]
Deleted : RP #11 [Windows Update | 01/25/2017 16:33:21]
Deleted : RP #12 [JRT Pre-Junkware Removal | 01/27/2017 18:38:48]

New restore point created !

########## - EOF - ##########

[jaro3]

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.