Pomalý notebook + hack FB+webcam Vyřešeno

[Cowan]

Ještě jsem jej udělal 1x, a našlo to něco dalšího.

RogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : HP ProBook [Práva správce]
Started from : C:\Users\HP ProBook\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 01/18/2017 12:08:48 (Duration : 00:24:50)

¤¤¤ Procesy : 1 ¤¤¤
[Adw.DNSUnlocker] ZAM.exe(1144) -- C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe[7] -> Zastaveno [TermThr]

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.152.40.4 10.152.40.5 ([X][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8CB299B3-8083-4C88-824D-121E1A38BF7B} | DhcpNameServer : 10.152.40.4 10.152.40.5 ([X][X]) -> Nahrazeno ()

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E380 +++++
--- User ---
[MBR] 5563ee86216a1c21e78cfa8297c1cea8
[BSP] 6a3125a7f090a24988d63ba5cae1a61d : Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 460549 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 946300928 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 947222528 | Size: 350 MB
6 - [SYSTEM] Basic data partition | Offset (sectors): 947939328 | Size: 12026 MB
7 - [SYSTEM] Basic data partition | Offset (sectors): 972568576 | Size: 2048 MB
User = LL1 ... OK
User = LL2 ... OK

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe

Zemana AntiLogger Free" nenašel nic?

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Cowan]

Zemana anti logger nenašel nic.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by HP ProBook (18-01-2017 20:18:46)
Running from C:\Users\HP ProBook\Desktop
Windows 8.1 (Update) (X64) (2015-01-11 13:52:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4198986567-1125021095-2724268533-500 - Administrator - Disabled)
Guest (S-1-5-21-4198986567-1125021095-2724268533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4198986567-1125021095-2724268533-1006 - Limited - Enabled)
HP ProBook (S-1-5-21-4198986567-1125021095-2724268533-1002 - Administrator - Enabled) => C:\Users\HP ProBook

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{e7f56494-d786-472e-aba2-1b93089e06cd}) (Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{af1966e2-5e60-4d93-8a48-c21462a87e3c}) (Version: 1.2.71.9779 - Avira Operations GmbH & Co. KG)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP ESU for Microsoft Windows 8 (HKLM-x32\...\{2F8A00FC-1F12-44B2-AA37-F9A358EDC161}) (Version: 1.2.2 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.30 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HP Wireless Hotspot (HKLM-x32\...\{A161E705-44B9-4B5F-A5F8-8E5847AEA86B}) (Version: 1.0.24.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Malwarebytes verze 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Mediatek MT7630E 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Microsoft Office 2010 pro studenty a domácnosti (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{29DB04FB-B11F-81B8-3F48-6ED6A3D4E3DF}) (Version: 11.0.739.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Spotify (HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {239FEA0F-11A4-4B1B-9B5D-F27F2B0ECCFE} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {4F788ED6-784B-4845-B7AD-AAA4FADD34BD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2017-01-18] (Microsoft Corporation)
Task: {7FE11600-C0D0-4A5B-AC93-0B9D258BE74A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {B635BD8A-77EC-48E3-B89D-C196C599E713} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-18] (Microsoft Corporation)
Task: {C599FA7C-3194-4403-B40C-FE27DB89E44B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-05] (Synaptics Incorporated)
Task: {DE211959-6ACE-4D43-A9C6-0057CFE212BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {F9496D6B-CE85-46E9-A85B-AC2505B6DFDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-15 15:25 - 2015-07-15 15:25 - 00022528 _____ () C:\WINDOWS\System32\ssa6mlm.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00029432 _____ () C:\WINDOWS\system32\BsTrace.dll
2015-02-26 16:50 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00371448 _____ () C:\windows\system32\BsExtendFunc.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00016632 _____ () C:\windows\system32\BsHelpCSps.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00062200 _____ () C:\windows\system32\BlueSoleilCSps.dll
2017-01-17 15:49 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-17 15:49 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-17 15:49 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2015-01-05 15:29 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-05-13 17:44 - 2016-05-13 17:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2014-10-03 17:36 - 2014-10-03 17:36 - 17284400 _____ () C:\WINDOWS\SYSTEM32\igd11dxva64.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00029432 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00080120 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00371448 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00016632 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00062200 _____ () C:\windows\SYSTEM32\BlueSoleilCSps.dll
2015-01-05 15:39 - 2015-01-05 15:39 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-01-18 10:56 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\HP ProBook\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 10.152.40.4 - 10.152.40.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{9106DEFE-2F61-4B7B-BA82-E05973EB7CA0}] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{D807BE8C-0675-43E5-AEAC-D20AB8403CBF}] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{4F15BC5E-BEA9-42D7-9826-FC1D27259A5C}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8B32F4DA-54E0-4879-B173-E0309974DD9A}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3D5B2429-AEDF-455F-8047-3AABDE22EBD0}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7C512110-8942-4A47-876C-FFBF81E01AF8}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E10A7A62-72BE-4550-9D2F-0055D8E0EF50}] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{9DE934E0-5E93-4399-B193-F1F33922BAE9}] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [TCP Query User{DE145C42-3AFF-439B-AB95-B506B25129A4}C:\users\hp probook\appdata\roaming\spotify\spotify.exe] => C:\users\hp probook\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{59221EC5-8995-4E13-BC2D-75407FEB50E2}C:\users\hp probook\appdata\roaming\spotify\spotify.exe] => C:\users\hp probook\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B22A4198-0C4B-4490-8D94-44159EF44C6C}C:\users\hp probook\appdata\roaming\spotify\spotify.exe] => C:\users\hp probook\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B4B8D722-2669-45CC-A545-C206E9067405}C:\users\hp probook\appdata\roaming\spotify\spotify.exe] => C:\users\hp probook\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4F189D1C-ADA7-4D24-B856-76200C029CA2}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A7946A25-AC87-4A55-B635-E1802D7DF2AB}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{489447B8-395D-4BEA-9927-CD9D7E735AF5}C:\users\hp probook\appdata\roaming\utorrent\utorrent.exe] => C:\users\hp probook\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{CBB78438-4AA9-43C6-95A1-19C85D45B244}C:\users\hp probook\appdata\roaming\utorrent\utorrent.exe] => C:\users\hp probook\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{3CEAAC28-4C07-448B-A76E-44B7FF26A8A0}C:\users\hp probook\appdata\roaming\utorrent\utorrent.exe] => C:\users\hp probook\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7F348D40-69A2-4567-9A16-C0C6976E5D7E}C:\users\hp probook\appdata\roaming\utorrent\utorrent.exe] => C:\users\hp probook\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{5C26F82C-1387-4AA6-AF10-68BD73BE0811}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-12-2016 18:27:44 Windows Update
07-01-2017 10:07:15 Naplánovaný kontrolní bod
11-01-2017 11:36:40 Windows Update
15-01-2017 13:26:06 Windows Update
17-01-2017 19:57:10 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2017 08:19:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BtTray.exe, verze: 11.0.738.0, časové razítko: 0x51920027
Název chybujícího modulu: combase.dll, verze: 6.3.9600.18202, časové razítko: 0x569e6792
Kód výjimky: 0xc0000005
Posun chyby: 0x0002b8d3
ID chybujícího procesu: 0x14bc
Čas spuštění chybující aplikace: 0x01d271a8be5e2f56
Cesta k chybující aplikaci: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\combase.dll
ID zprávy: ff70d843-ddb2-11e6-beda-a01d48a85a2f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/18/2017 08:17:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x1484
Čas spuštění chybující aplikace: 0x01d271bf6d684a6f
Cesta k chybující aplikaci: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Cesta k chybujícímu modulu: c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
ID zprávy: afa99d79-ddb2-11e6-beda-a01d48a85a2f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/18/2017 08:15:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0xa84
Čas spuštění chybující aplikace: 0x01d271bf3bd13faa
Cesta k chybující aplikaci: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Cesta k chybujícímu modulu: c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
ID zprávy: 7e214daf-ddb2-11e6-beda-a01d48a85a2f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/18/2017 08:13:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x1674
Čas spuštění chybující aplikace: 0x01d271bee89e1b53
Cesta k chybující aplikaci: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Cesta k chybujícímu modulu: c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
ID zprávy: 2b115b90-ddb2-11e6-beda-a01d48a85a2f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/18/2017 06:10:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x150c
Čas spuštění chybující aplikace: 0x01d271adb68e9d1f
Cesta k chybující aplikaci: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Cesta k chybujícímu modulu: c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
ID zprávy: f91380ab-dda0-11e6-beda-a01d48a85a2f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/18/2017 05:34:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x16e8
Čas spuštění chybující aplikace: 0x01d271a8c830f27f
Cesta k chybující aplikaci: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Cesta k chybujícímu modulu: c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
ID zprávy: 0b7b373a-dd9c-11e6-beda-fc4dd457224a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/18/2017 05:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll_unloaded, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x7f0
Čas spuštění chybující aplikace: 0x01d271a8822bb4eb
Cesta k chybující aplikaci: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Cesta k chybujícímu modulu: tl_filter.dll
ID zprávy: cf659f8e-dd9b-11e6-beda-fc4dd457224a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/18/2017 05:29:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BtTray.exe, verze: 11.0.738.0, časové razítko: 0x51920027
Název chybujícího modulu: combase.dll, verze: 6.3.9600.18202, časové razítko: 0x569e6792
Kód výjimky: 0xc0000005
Posun chyby: 0x0002b8d3
ID chybujícího procesu: 0x348
Čas spuštění chybující aplikace: 0x01d271a6f654be5e
Cesta k chybující aplikaci: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\combase.dll
ID zprávy: 42ca7013-dd9b-11e6-bed9-a01d48a85a2f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/18/2017 05:28:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x1890
Čas spuštění chybující aplikace: 0x01d271a7eeb359b5
Cesta k chybující aplikaci: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Cesta k chybujícímu modulu: c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
ID zprávy: 330e8d9d-dd9b-11e6-bed9-a01d48a85a2f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/18/2017 05:22:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (01/18/2017 08:17:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 6krát.

Error: (01/18/2017 08:15:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 5krát.

Error: (01/18/2017 08:13:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 4krát.

Error: (01/18/2017 06:10:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (01/18/2017 05:34:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (01/18/2017 05:34:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/18/2017 05:32:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba ESET Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/18/2017 05:32:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (14:33:31, ‎18. ‎1. ‎2017) bylo neočekávané.

Error: (01/18/2017 05:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 4krát.

Error: (01/18/2017 05:22:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 3krát.


CodeIntegrity:
===================================
Date: 2015-08-11 17:09:36.354
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-10 16:03:35.278
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 13:11:32.766
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-18 12:58:27.716
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-02 14:53:19.931
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-24 18:27:34.832
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-15 13:17:44.477
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-26 00:17:27.001
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-10 14:22:42.875
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-23 09:28:32.548
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 3977.11 MB
Available physical RAM: 2320.59 MB
Total Virtual: 4377.11 MB
Available Virtual: 2213.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:449.75 GB) (Free:365.66 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.74 GB) (Free:1.12 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive g: (My CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================

[Cowan]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by HP ProBook (administrator) on PROBOOK (18-01-2017 20:17:26)
Running from C:\Users\HP ProBook\Desktop
Loaded Profiles: HP ProBook (Available Profiles: HP ProBook)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\HP ProBook\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(© 2015 Microsoft Corporation) C:\Users\HP ProBook\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Camera\Camera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2015-01-05] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-07-04] (IDT, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\Run: [Spotify Web Helper] => C:\Users\HP ProBook\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-30] (Spotify Ltd)
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50603136 2016-01-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\Run: [BingSvc] => C:\Users\HP ProBook\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-15] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\Run: [Spotify] => C:\Users\HP ProBook\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-30] (Spotify Ltd)
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {1347ec27-dd67-11e6-bed8-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {538080fb-7aa4-11e6-bec9-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {b95fc9a3-c83e-11e6-bed2-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {b95fca2d-c83e-11e6-bed2-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {c14939e7-a94f-11e4-be7c-fc4dd457224b} - "G:\iStudio.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.152.40.4 10.152.40.5
Tcpip\..\Interfaces\{8CB299B3-8083-4C88-824D-121E1A38BF7B}: [DhcpNameServer] 10.152.40.4 10.152.40.5

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002 -> {D5A08B92-A3DB-4F5A-A0B4-659A1E236A5E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-01-05] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default [2017-01-18]
CHR Extension: (Prezentace Google) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-18]
CHR Extension: (Dokumenty Google) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-18]
CHR Extension: (Disk Google) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Tabulky Google) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (Skype) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-01-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-18]
CHR Profile: C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
S3 HotSpotSrv; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [372920 2013-09-18] (Hewlett-Packard Development Company, L.P.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2015-01-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2015-01-05] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-04] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-05-19] (Avira Operations GmbH & Co. KG)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFSrv; C:\WINDOWS\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
U4 BthHFSrv; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
S3 BthL2caScoIfSrv; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18816 2016-05-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [158848 2016-08-10] (Zemana Ltd.)
R3 m76usb; C:\WINDOWS\System32\drivers\m76usb.sys [538312 2013-12-01] (Ralink Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-18] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-18] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-18] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2015-01-05] (Intel Corporation)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [476888 2015-01-05] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-19] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [1512952 2013-08-08] (Sunplus)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 20:17 - 2017-01-18 20:18 - 00018254 _____ C:\Users\HP ProBook\Desktop\FRST.txt
2017-01-18 20:17 - 2017-01-18 20:17 - 00000000 ____D C:\FRST
2017-01-18 20:16 - 2017-01-18 20:16 - 02419200 _____ (Farbar) C:\Users\HP ProBook\Desktop\FRST64.exe
2017-01-18 20:16 - 2017-01-18 20:16 - 00000000 ____D C:\Users\HP ProBook\Desktop\backups
2017-01-18 17:34 - 2017-01-18 17:35 - 00000000 ____D C:\Users\HP ProBook\Desktop\Rozpis praxe 3. LS
2017-01-18 14:09 - 2017-01-18 14:10 - 00000000 ____D C:\Users\HP ProBook\Desktop\CisteniPC
2017-01-18 12:01 - 2017-01-18 12:01 - 00000000 ____D C:\Users\HP ProBook\AppData\Local\ESET
2017-01-18 12:00 - 2017-01-18 12:00 - 00000000 ____D C:\ProgramData\ESET
2017-01-18 12:00 - 2017-01-18 12:00 - 00000000 ____D C:\Program Files\ESET
2017-01-18 11:31 - 2017-01-18 14:33 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger
2017-01-18 11:31 - 2017-01-18 14:09 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2017-01-18 11:31 - 2016-08-10 23:13 - 00158848 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2017-01-18 11:14 - 2017-01-18 10:55 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-01-18 10:40 - 2017-01-18 11:30 - 00000000 ____D C:\Users\HP ProBook\AppData\Local\CrashDumps
2017-01-18 10:00 - 2017-01-18 11:12 - 00000000 ____D C:\zoek_backup
2017-01-18 09:58 - 2017-01-18 09:59 - 01309184 _____ C:\Users\HP ProBook\Desktop\zoek.exe
2017-01-18 08:55 - 2017-01-18 12:08 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-18 08:54 - 2017-01-18 09:49 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-18 08:45 - 2017-01-18 14:32 - 00120077 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-18 08:45 - 2017-01-18 14:08 - 00525250 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-18 08:45 - 2017-01-18 11:31 - 00000000 ____D C:\Users\HP ProBook\AppData\Local\Zemana
2017-01-18 08:45 - 2017-01-18 08:45 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-17 20:05 - 2017-01-17 20:05 - 00000000 ____D C:\ProgramData\Sophos
2017-01-17 20:05 - 2017-01-17 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-17 20:04 - 2017-01-17 20:04 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-17 19:54 - 2017-01-17 19:54 - 25947720 _____ C:\Users\HP ProBook\Desktop\RogueKillerX64.exe
2017-01-17 19:50 - 2017-01-17 19:50 - 01663040 _____ (Malwarebytes) C:\Users\HP ProBook\Desktop\JRT.exe
2017-01-17 15:50 - 2017-01-18 17:34 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-17 15:50 - 2017-01-18 17:34 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-17 15:50 - 2017-01-18 17:34 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-17 15:50 - 2017-01-18 17:33 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 15:50 - 2017-01-17 15:50 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-17 15:50 - 2017-01-17 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-17 15:49 - 2017-01-17 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 15:49 - 2017-01-17 15:49 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-17 15:49 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-17 15:39 - 2017-01-17 15:44 - 00000000 ____D C:\AdwCleaner
2017-01-17 15:28 - 2017-01-17 15:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\HP ProBook\Desktop\HijackThis.exe
2017-01-17 15:20 - 2017-01-17 15:20 - 00000000 ____D C:\Users\HP ProBook\AppData\Local\CEF
2017-01-17 15:10 - 2017-01-17 15:10 - 00000000 ____D C:\Users\HP ProBook\AppData\Local\bluesoleil
2017-01-17 15:09 - 2017-01-17 15:09 - 03988944 _____ C:\Users\HP ProBook\Desktop\adwcleaner_6.042.exe
2017-01-17 15:07 - 2017-01-17 15:07 - 00448512 _____ (OldTimer Tools) C:\Users\HP ProBook\Desktop\TFC.exe
2017-01-17 15:07 - 2017-01-17 15:07 - 00050688 _____ (Atribune.org) C:\Users\HP ProBook\Desktop\ATF-Cleaner.exe
2017-01-13 21:54 - 2017-01-13 21:58 - 00000000 ____D C:\Users\HP ProBook\Downloads\Jack.Reacher.Never.Go.Back.2016.HC.HDRip.XviD.AC3-EVO
2017-01-13 10:08 - 2017-01-14 12:22 - 01432186 _____ C:\Users\HP ProBook\Downloads\KA4_Transkulturniosetrovatelstvi.pdf
2017-01-13 10:08 - 2017-01-13 10:08 - 00659428 _____ C:\Users\HP ProBook\Downloads\25_Vrublova_KULTURAAZDRAVOTNIPECE.pdf
2017-01-02 16:23 - 2017-01-02 16:23 - 00460845 _____ C:\Users\HP ProBook\Downloads\sb0020-2011.pdf
2016-12-29 15:09 - 2016-12-29 15:10 - 23348612 _____ C:\Users\HP ProBook\Downloads\Trachtová---Potřeby-nemocného-v-ošetřovatelském-procesu.pdf
2016-12-28 17:33 - 2016-12-28 17:33 - 00000000 ____D C:\Users\HP ProBook\Documents\HiSuite
2016-12-28 17:33 - 2016-05-25 11:53 - 02152176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01009.dll
2016-12-28 17:33 - 2016-05-25 11:53 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusbcoinstaller2.dll
2016-12-28 17:33 - 2016-05-25 11:53 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2016-12-28 17:33 - 2016-05-25 11:53 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2016-12-28 17:33 - 2016-05-25 11:53 - 00126592 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
2016-12-28 17:33 - 2016-05-25 11:53 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2016-12-28 17:33 - 2016-05-25 11:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-12-28 17:33 - 2016-05-25 11:53 - 00018816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbccgpfilter.sys
2016-12-28 17:32 - 2016-12-28 17:40 - 00000000 ____D C:\Users\HP ProBook\AppData\Local\Hisuite
2016-12-20 17:47 - 2016-12-01 15:13 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-20 17:47 - 2016-12-01 15:13 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-20 17:47 - 2016-12-01 15:11 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-20 17:47 - 2016-12-01 15:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-20 17:47 - 2016-10-20 14:14 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-20 17:47 - 2016-10-20 14:10 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 20:17 - 2013-12-13 21:43 - 00003620 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2017-01-18 20:16 - 2013-07-30 12:40 - 00001017 _____ C:\WINDOWS\SysWOW64\bscs.ini
2017-01-18 20:13 - 2015-01-11 15:31 - 00003986 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB321E2D-D8CF-455A-A4AA-225EB9544498}
2017-01-18 20:11 - 2015-03-28 19:01 - 00000000 ____D C:\Users\HP ProBook\AppData\Local\Spotify
2017-01-18 17:52 - 2015-01-05 15:14 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4198986567-1125021095-2724268533-1002
2017-01-18 17:39 - 2015-03-28 19:00 - 00000000 ____D C:\Users\HP ProBook\AppData\Roaming\Spotify
2017-01-18 17:32 - 2015-01-11 14:33 - 00000000 ____D C:\Users\HP ProBook
2017-01-18 17:32 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-18 14:12 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-18 12:39 - 2016-01-15 21:03 - 00000000 ____D C:\Users\HP ProBook\AppData\Roaming\Skype
2017-01-18 12:39 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-18 12:33 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-18 10:44 - 2015-01-11 10:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-18 10:41 - 2015-01-11 10:42 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-18 09:52 - 2015-07-08 16:00 - 00000000 ____D C:\Users\HP ProBook\AppData\Local\ElevatedDiagnostics
2017-01-18 09:19 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-17 15:29 - 2015-01-05 15:08 - 00000000 ____D C:\Users\HP ProBook\AppData\Local\VirtualStore
2017-01-17 15:22 - 2015-12-04 10:35 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-17 15:22 - 2015-01-05 14:50 - 00170159 ____N C:\WINDOWS\Minidump\011717-18796-01.dmp
2017-01-17 15:21 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-16 20:15 - 2015-02-02 18:32 - 02184192 ___SH C:\Users\HP ProBook\Downloads\Thumbs.db
2017-01-14 11:07 - 2014-09-24 17:23 - 01938474 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 11:07 - 2014-09-24 16:39 - 00803244 _____ C:\WINDOWS\system32\perfh005.dat
2017-01-14 11:07 - 2014-09-24 16:39 - 00184236 _____ C:\WINDOWS\system32\perfc005.dat
2017-01-13 21:59 - 2016-06-04 19:33 - 00000000 ____D C:\Users\HP ProBook\AppData\Roaming\uTorrent
2017-01-03 15:05 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-12-31 13:45 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-28 17:33 - 2015-01-11 14:33 - 00000000 ___RD C:\Users\HP ProBook\Documents
2016-12-28 17:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-22 13:06 - 2013-08-22 15:44 - 00410560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-20 22:24 - 2015-01-11 14:24 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms
2016-12-20 22:24 - 2015-01-11 14:24 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf
2016-12-20 22:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\cs-CZ
2016-12-20 22:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\cs-CZ
2016-12-20 22:23 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-20 22:23 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-20 17:49 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\catroot2

==================== Files in the root of some directories =======

2016-07-13 13:54 - 2016-07-13 13:54 - 0000017 _____ () C:\Users\HP ProBook\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\HP ProBook\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-15 16:14

==================== End of FRST.txt ============================

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {1347ec27-dd67-11e6-bed8-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {538080fb-7aa4-11e6-bec9-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {b95fc9a3-c83e-11e6-bed2-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {b95fca2d-c83e-11e6-bed2-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {c14939e7-a94f-11e4-be7c-fc4dd457224b} - "G:\iStudio.exe"
SearchScopes: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002 -> {D5A08B92-A3DB-4F5A-A0B4-659A1E236A5E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
C:\Users\HP ProBook\AppData\Local\ESET
C:\ProgramData\ESET
C:\Program Files\ESET
C:\Users\HP ProBook\AppData\Local\Temp\dllnt_dump.dll

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
U Malwarebytes trvale vypni ochranu v reálném čase.



: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Cesta k chybujícímu modulu: tl_filter.dll
problém s ralink , asi přeinstalovat?

Error: (01/18/2017 08:17:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 6krát.

C:\WINDOWS\Minidump\011717-18796-01.dmp
asi navštívit sekci BSOD..

co problémy?

[Cowan]

Nějak do toho nevidím, byl tam konkrétně nějaký vir?
Notebook už jede plynuleji, webkamera (zatím) nezačala nahrávat sama od sebe a na facebook se také nikdo jiný nepřihlásil.

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by HP ProBook (19-01-2017 09:30:10) Run:1
Running from C:\Users\HP ProBook\Desktop
Loaded Profiles: HP ProBook (Available Profiles: HP ProBook)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {1347ec27-dd67-11e6-bed8-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {538080fb-7aa4-11e6-bec9-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {b95fc9a3-c83e-11e6-bed2-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {b95fca2d-c83e-11e6-bed2-a01d48a85a2f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\...\MountPoints2: {c14939e7-a94f-11e4-be7c-fc4dd457224b} - "G:\iStudio.exe"
SearchScopes: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4198986567-1125021095-2724268533-1002 -> {D5A08B92-A3DB-4F5A-A0B4-659A1E236A5E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
C:\Users\HP ProBook\AppData\Local\ESET
C:\ProgramData\ESET
C:\Program Files\ESET
C:\Users\HP ProBook\AppData\Local\Temp\dllnt_dump.dll

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1347ec27-dd67-11e6-bed8-a01d48a85a2f} => key removed successfully
HKCR\CLSID\{1347ec27-dd67-11e6-bed8-a01d48a85a2f} => key not found.
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{538080fb-7aa4-11e6-bec9-a01d48a85a2f} => key removed successfully
HKCR\CLSID\{538080fb-7aa4-11e6-bec9-a01d48a85a2f} => key not found.
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b95fc9a3-c83e-11e6-bed2-a01d48a85a2f} => key removed successfully
HKCR\CLSID\{b95fc9a3-c83e-11e6-bed2-a01d48a85a2f} => key not found.
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b95fca2d-c83e-11e6-bed2-a01d48a85a2f} => key removed successfully
HKCR\CLSID\{b95fca2d-c83e-11e6-bed2-a01d48a85a2f} => key not found.
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c14939e7-a94f-11e4-be7c-fc4dd457224b} => key removed successfully
HKCR\CLSID\{c14939e7-a94f-11e4-be7c-fc4dd457224b} => key not found.
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-4198986567-1125021095-2724268533-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5A08B92-A3DB-4F5A-A0B4-659A1E236A5E} => key removed successfully
HKCR\CLSID\{D5A08B92-A3DB-4F5A-A0B4-659A1E236A5E} => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => key removed successfully
HKLM\System\CurrentControlSet\Services\ekrn => key removed successfully
ekrn => service removed successfully
C:\Users\HP ProBook\AppData\Local\ESET => moved successfully
C:\ProgramData\ESET => moved successfully
C:\Program Files\ESET => moved successfully
C:\Users\HP ProBook\AppData\Local\Temp\dllnt_dump.dll => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23195973 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 239022964 B
Edge => 0 B
Chrome => 62424885 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7000 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 35290 B
NetworkService => 0 B
HP ProBook => 10765109 B

RecycleBin => 0 B
EmptyTemp: => 319.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:30:21 ====

[jaro3]

Vše je ve výmazech..

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nebudou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[Cowan]

# DelFix v1.013 - Logfile created 20/01/2017 at 10:17:26
# Updated 17/04/2016 by Xplode
# Username : HP ProBook - PROBOOK
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2017-01-18-094016.log
Deleted : C:\Users\HP ProBook\Desktop\adwcleaner_6.042.exe
Deleted : C:\Users\HP ProBook\Desktop\FRST64.exe
Deleted : C:\Users\HP ProBook\Desktop\JRT.exe
Deleted : C:\Users\HP ProBook\Desktop\HijackThis.exe
Deleted : C:\Users\HP ProBook\Desktop\RogueKillerX64.exe
Deleted : C:\Users\HP ProBook\Desktop\TFC.exe
Deleted : C:\Users\HP ProBook\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Cleaning system restore ...

Deleted : RP #87 [Windows Update | 12/28/2016 17:27:44]
Deleted : RP #88 [Naplánovaný kontrolní bod | 01/07/2017 09:07:15]
Deleted : RP #89 [Windows Update | 01/11/2017 10:36:40]
Deleted : RP #90 [Windows Update | 01/15/2017 12:26:06]
Deleted : RP #91 [JRT Pre-Junkware Removal | 01/17/2017 18:57:10]

New restore point created !

########## - EOF - ##########