Prosím o kontrolu logu

kadstra · Příspěvekod **kadstra** » 26 bře 2017 21:29

Dobrý den,

mohl bych požádat o kontrolu. PC ze kterého je log nelze připojit k internetu. Stále vyskakuje okno "ESET - odchozí síťová komunikace" od různých aplikací.

Už jsem vyzkoušel pár antivirů, některé něco našli a vyléčili. Problém ale přetrvává.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:17:21, on 26.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Milka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
C:\Users\Milka\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
G:\Adaware_Installer.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
G:\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo15.msn.com/?pc=LCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo15.msn.com/?pc=LCTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Intel(R) RealSense(TM) SDK info server] "C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseInfo.exe"
O4 - HKLM\..\Run: [Lenovo Silver Silk Wireless Keyboard] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Milka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Milka\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: RealSense Training.lnk = C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Unknown owner - C:\WINDOWS\system32\IntelCpHDCPSvc.exe (file missing)
O23 - Service: Dolby DAX2 API Service (DAX2API) - Unknown owner - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem66.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo NFC Connector Service - Lenovo - C:\Program Files\Lenovo\TAPit\TAPitService.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: Intel(R) RealSense(TM) Depth Camera Manager Service (RealSenseDCM) - Intel(R) Corporation - C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Spy Emergency Health Check (SpyEmrgHealth) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 12210 bytes

Reklama

Příspěvekod **jerabina** » 26 bře 2017 21:46

Zdravím, vítej na fóru PC-HELP!

Odinstaluj prosím Spy Emergency

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

kadstra · Příspěvekod **kadstra** » 27 bře 2017 22:01

TFC

Getting user folders.

Stopping running processes.

Emptying Temp folders.

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Milka
->Temp folder emptied: 72732655 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 521 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 816384 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2099843 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 73,00 mb

*****************************************************************************************************

# AdwCleaner v6.044 - Log vytvořen 27/03/2017 v 21:42:05
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Milka - ALLIN
# Spuštěno z : C:\Users\Milka\Desktop\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.

***** [ Složky ] *****

Nebyly nalezeny žádné škodlivé složky.

***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.

***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.

***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.

***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.

***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.

***** [ Registry ] *****

Klíč nalezen: HKU\S-1-5-21-418483724-3079150783-266374909-1001\Software\csastats
Klíč nalezen: HKU\S-1-5-21-418483724-3079150783-266374909-1001\Software\ICSW1.23
Klíč nalezen: HKCU\Software\csastats
Klíč nalezen: HKCU\Software\ICSW1.23
Klíč nalezen: [x64] HKCU\Software\csastats
Klíč nalezen: [x64] HKCU\Software\ICSW1.23

***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com
Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web data] - slunecnice.cz
Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web data] - pdfcreator.en.softonic.com
Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxps://mysearch.avg.com?cid={B7599BD4-26E0-41CF-BDBC-76F40125A890}&mid=137fa60617a847d2870ad15f92ab13c5-cabb5bc02e6a
Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxps://mysearch.avg.com?cid={B7599BD4-26E0-41CF-BDBC-76F40125A890}&mid=137fa60617a847d2870ad15f92ab13c5-cabb5bc02e6a

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2249 Bajty] - [27/03/2017 21:42:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2322 Bajty] ##########

*************************************************************************************************************************************************************************************************************************************

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 27.03.17
Čas skenování: 21:47
Logovací soubor: mal.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1394
Licence: Bezplatný

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: ALLIN\Milka

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 396859
Uplynulý čas: 0 min, 44 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 2
PUP.Optional.InstallCore, HKU\S-1-5-21-418483724-3079150783-266374909-1001\SOFTWARE\csastats, Žádná uživatelská akce, [8], [260986],1.0.1394
PUP.Optional.InstallCore, HKU\S-1-5-21-418483724-3079150783-266374909-1001\SOFTWARE\ICSW1.23, Žádná uživatelská akce, [8], [239562],1.0.1394

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 28 bře 2017 09:39

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Scan“, po prohledání klikni na „ Clean“

Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY

64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

kadstra · Příspěvekod **kadstra** » 29 bře 2017 16:29

Už jsem trošku zoufalej. Nálezy z AdwCleaner jsem smazal. Teď RogueKiller našel 3 nálezy. Mohu smazat?

Děkuji

# AdwCleaner v6.044 - Log vytvořen 28/03/2017 v 19:30:27
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Milka - ALLIN
# Spuštěno z : C:\Users\Milka\Desktop\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.

***** [ Složky ] *****

Nebyly nalezeny žádné škodlivé složky.

***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.

***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.

***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.

***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.

***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.

***** [ Registry ] *****

Klíč nalezen: HKU\S-1-5-21-418483724-3079150783-266374909-1001\Software\csastats
Klíč nalezen: HKU\S-1-5-21-418483724-3079150783-266374909-1001\Software\ICSW1.23
Klíč nalezen: HKCU\Software\csastats
Klíč nalezen: HKCU\Software\ICSW1.23
Klíč nalezen: [x64] HKCU\Software\csastats
Klíč nalezen: [x64] HKCU\Software\ICSW1.23

***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com
Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web data] - slunecnice.cz
Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web data] - pdfcreator.en.softonic.com
Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxps://mysearch.avg.com?cid={B7599BD4-26E0-41CF-BDBC-76F40125A890}&mid=137fa60617a847d2870ad15f92ab13c5-cabb5bc02e6a

**********************************************************************************************************************************************************************************************************************************************

RogueKiller V12.10.2.0 (x64) [Mar 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Milka [Práva správce]
Started from : C:\Users\Milka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 03/29/2017 05:48:35 (Duration : 00:11:03)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 3 ¤¤¤
[Tr.Gen0][Soubor] C:\Users\Milka\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Nalezeno
[Tr.Gen0][Soubor] C:\Users\Milka\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Nalezeno
[Tr.Gen0][Soubor] C:\Users\Milka\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Nalezeno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://idnes.cz/] -> Nalezeno
[PUP.Gen1][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://mysearch.avg.com?cid={B7599BD4-26E0-41CF-BDBC-76F40125A890}&mid=137fa60617a847d2870ad15f92ab13c5-cabb5bc02e6a1f068450d0218af589adfcca858b&lang=cs&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-29 18:16:41&v=3.2.0.14&pid=wtu&sg=&sap=hp|https://mysearch.avg.com?cid={B7599BD4-26E0-41CF-BDBC-76F40125A890}&mid=137fa60617a847d2870ad15f92ab13c5-cabb5bc02e6a1f068450d0218af589adfcca858b&lang=cs&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-29 18:16:41&v=3.2.0.15&pid=wtu&sg=&sap=hp] -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZ7LF120HCHP-000L1 +++++
--- User ---
[MBR] 590ff119e14eb9d32991702de1b0b3a0
[BSP] 7eec8d98ce99b7a86e2e4641ef5e4203 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 113084 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 232392704 | Size: 1000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST2000DM001-1ER164 +++++
--- User ---
[MBR] 59ff6b45ef6e14ed31f1b0a63c5696ec
[BSP] b7e23dd145f67be7f46d8c0a623a41b1 : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 1876508 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 3843090432 | Size: 30720 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 3906004992 | Size: 500 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic Flash Disk USB Device +++++
--- User ---
[MBR] 8fc09a76c68325cccca4f1c7b0cf1ea3
[BSP] 1d895c1a5352db6c7dc7845f55313851 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 16576 | Size: 3815 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Chromium nastavení nalezeno: [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxps://mysearch.avg.com?cid={B7599BD4-26E0-41CF-BDBC-76F40125A890}&mid=137fa60617a847d2870ad15f92ab13c5-cabb5bc02e6a

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2409 Bajty] - [27/03/2017 21:42:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [2322 Bajty] - [28/03/2017 19:30:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2395 Bajty] ##########

******************************************************************************************************************************************************************************************************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64
Ran by Milka (Administrator) on 28.03.2017 at 19:47:00,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.03.2017 at 19:47:54,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

********************************************************************************************************************************************************************************************************************************************************

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 28.03.17
Čas skenování: 19:51
Logovací soubor: mlw.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1394
Licence: Bezplatný

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: ALLIN\Milka

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 396791
Uplynulý čas: 0 min, 39 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 29 bře 2017 19:22

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Scan“, po prohledání klikni na „ Clean“

Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni
Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
klik nahoře vpravo na .rar-file
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.

Vlož nový log z HJT + informuj o problémech

kadstra · Příspěvekod **kadstra** » 29 bře 2017 21:44

Bohužel žádný progres. Internet stále neběží. Instalované antiviry si tak nesáhnou na aktualizace. Program "Zemana" se mi nepodařilo spustit. V hlavním okně programu není volba "skenovat".

Vkládám logy. Aktuální HJT je na konci.

# AdwCleaner v6.044 - Log vytvořen 29/03/2017 v 20:12:55
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Milka - ALLIN
# Spuštěno z : C:\Users\Milka\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

***** [ Prohlížeče ] *****

[-] [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: slunecnice.cz
[-] [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: pdfcreator.en.softonic.com
[-] [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: mysearch.avg.com
[-] [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxps://mysearch.avg.com?cid={B7599BD4-26E0-41CF-BDBC-76F40125A890}&mid=137fa60617a847d2870ad15f92ab13c5-cabb5bc02e6a1f068450d0218af589adfcca858b&lang=cs&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-29 18:16:41&v=3.2.0.14&pid=wtu&sg=&sap=hp
[-] [C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxps://mysearch.avg.com?cid={B7599BD4-26E0-41CF-BDBC-76F40125A890}&mid=137fa60617a847d2870ad15f92ab13c5-cabb5bc02e6a1f068450d0218af589adfcca858b&lang=cs&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-29 18:16:41&v=3.2.0.15&pid=wtu&sg=&sap=hp

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2520 Bajty] - [28/03/2017 19:30:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [1883 Bajty] - [29/03/2017 20:12:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [2409 Bajty] - [27/03/2017 21:42:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [2482 Bajty] - [28/03/2017 19:30:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1575 Bajty] - [28/03/2017 20:00:10]
C:\AdwCleaner\AdwCleaner[S3].txt - [2417 Bajty] - [29/03/2017 20:12:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2248 Bajty] ##########

****************************************************************************************************************************************************************************************************************************************************************************

RogueKiller V12.10.2.0 (x64) [Mar 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Milka [Práva správce]
Started from : C:\Users\Milka\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 03/29/2017 20:17:43 (Duration : 00:09:57)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 3 ¤¤¤
[Tr.Gen0][Soubor] C:\Users\Milka\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Smazáno
[Tr.Gen0][Soubor] C:\Users\Milka\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Smazáno
[Tr.Gen0][Soubor] C:\Users\Milka\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Smazáno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://idnes.cz/] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZ7LF120HCHP-000L1 +++++
--- User ---
[MBR] 590ff119e14eb9d32991702de1b0b3a0
[BSP] 7eec8d98ce99b7a86e2e4641ef5e4203 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 113084 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 232392704 | Size: 1000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST2000DM001-1ER164 +++++
--- User ---
[MBR] 59ff6b45ef6e14ed31f1b0a63c5696ec
[BSP] b7e23dd145f67be7f46d8c0a623a41b1 : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 1876508 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 3843090432 | Size: 30720 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 3906004992 | Size: 500 MB
User = LL1 ... OK
User = LL2 ... OK

****************************************************************************************************************************************************************************************************************************************************************************

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Milka on 29.03.2017 at 20:53:00,20.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Milka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.03.2017 20:53:45 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~2\Spyware Terminator deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Milka\AppData\Local\ActiveSync deleted successfully
C:\Users\Milka\AppData\Local\CrashDumps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-418483724-3079150783-266374909-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\AllMyTube@Wondershare.com deleted successfully

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~2\Spyware Terminator not found
C:\PROGRA~3\Package Cache deleted
C:\Users\Milka\AppData\Local\Wondershare deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [10.01.2017 18:27]

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Chrome Media Router - Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{56EFBBD3-68FF-46F9-A520-57CB59A0C724}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56EFBBD3-68FF-46F9-A520-57CB59A0C724}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milka\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Milka\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Milka\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=45 folders=48 112362377 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Milka\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 29.03.2017 at 21:02:29,20 ======================

****************************************************************************************************************************************************************************************************************************************************************************
!!!NOVÝ LOG HJT!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:26:48, on 29.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Milka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Milka\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Milka\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Intel(R) RealSense(TM) SDK info server] "C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseInfo.exe"
O4 - HKLM\..\Run: [Lenovo Silver Silk Wireless Keyboard] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Milka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Milka\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: RealSense Training.lnk = C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Unknown owner - C:\WINDOWS\system32\IntelCpHDCPSvc.exe (file missing)
O23 - Service: Dolby DAX2 API Service (DAX2API) - Unknown owner - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem66.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo NFC Connector Service - Lenovo - C:\Program Files\Lenovo\TAPit\TAPitService.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: Intel(R) RealSense(TM) Depth Camera Manager Service (RealSenseDCM) - Intel(R) Corporation - C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Spy Emergency Health Check (SpyEmrgHealth) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 12387 bytes

Příspěvekod **jaro3** » 29 bře 2017 22:22

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.

Odinstaluj:
NETGATE\Spy Emergency

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

kadstra · Příspěvekod **kadstra** » 30 bře 2017 18:06

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Milka (administrator) on ALLIN (30-03-2017 17:57:49)
Running from C:\Users\Milka\Desktop
Loaded Profiles: Milka (Available Profiles: Milka)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files\Lenovo\TAPit\TAPitApp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Spotify Ltd) C:\Users\Milka\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
() C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseInfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files\Lenovo\TAPit\TAPitService.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-10-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-02] (Realtek Semiconductor)
HKLM\...\Run: [Lenovo NFC Connector] => C:\Program Files\Lenovo\TAPit\TAPitApp.exe [1161976 2015-09-08] (Lenovo)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795704 2015-11-29] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14516464 2017-03-28] (Copyright 2017.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel(R) RealSense(TM) SDK info server] => C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseInfo.exe [21144 2015-10-16] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Silver Silk Wireless Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [1742336 2013-08-14] (Lenovo)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-418483724-3079150783-266374909-1001\...\Run: [Spotify Web Helper] => C:\Users\Milka\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-24] (Spotify Ltd)
HKU\S-1-5-21-418483724-3079150783-266374909-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealSense Training.lnk [2016-03-03]
ShortcutTarget: RealSense Training.lnk -> C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe ()
Startup: C:\Users\Milka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-12-11]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f0dd82c1-db37-401a-85be-49edeef30ad6}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f5069317-6167-4f3f-b91a-62c36efe4dcb}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-418483724-3079150783-266374909-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-418483724-3079150783-266374909-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-418483724-3079150783-266374909-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-10]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default [2017-03-30]
CHR Extension: (No Name) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-22]
CHR Extension: (Docs) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-29]
CHR Extension: (Disk Google) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-29]
CHR Extension: (YouTube) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-29]
CHR Extension: (No Name) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-22]
CHR Extension: (No Name) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\Milka\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [604280 2016-01-13] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-15] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2016-12-14] (ESET)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [354936 2016-01-13] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61768 2017-02-15] (Lenovo Group Limited)
R2 Lenovo NFC Connector Service; C:\Program Files\Lenovo\TAPit\TAPitService.exe [523000 2015-09-08] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271328 2015-12-10] (Lenovo)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 RealSenseDCM; C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe [3663512 2015-10-16] (Intel(R) Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14516464 2017-03-28] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BcmNfcIc; C:\WINDOWS\system32\DRIVERS\BcmNfcIc.sys [86304 2016-03-03] (Broadcom Corporation.)
R3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [53024 2016-03-03] (Broadcom Corporation.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2016-12-13] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2016-12-13] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-12-13] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2016-12-13] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2016-12-13] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2016-12-13] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2016-12-13] (ESET)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [253696 2017-01-13] (Intel Corporation)
R3 IXCamera; C:\WINDOWS\system32\DRIVERS\RealSenseDCM.sys [72704 2015-10-15] (Intel(R) Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlawu.inf_amd64_dcbd1642e4d4ce7e\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-29] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 17:57 - 2017-03-30 17:57 - 00017414 _____ C:\Users\Milka\Desktop\FRST.txt
2017-03-30 17:57 - 2017-03-30 17:57 - 00000000 ____D C:\FRST
2017-03-30 17:57 - 2017-03-30 17:42 - 02424832 _____ (Farbar) C:\Users\Milka\Desktop\FRST64.exe
2017-03-30 17:52 - 2017-03-30 17:52 - 00000000 ____D C:\Users\Milka\Desktop\backups
2017-03-30 17:49 - 2017-03-30 17:49 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-30 17:49 - 2017-03-30 17:49 - 00001224 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-30 17:49 - 2017-03-30 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-30 17:48 - 2017-03-30 17:40 - 05766464 _____ (Zemana Ltd. ) C:\Users\Milka\Desktop\Zemana.AntiMalware.Setup.exe
2017-03-30 17:47 - 2017-03-30 17:55 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-03-29 21:25 - 2017-03-26 21:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Milka\Desktop\hijackthis.exe
2017-03-29 21:05 - 2017-03-30 17:57 - 00063213 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-29 21:05 - 2017-03-30 17:57 - 00025624 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-29 21:05 - 2017-03-30 17:49 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-29 21:05 - 2017-03-29 21:05 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-29 21:05 - 2017-03-29 21:05 - 00000000 ____D C:\Users\Milka\AppData\Local\Zemana
2017-03-29 21:01 - 2017-03-29 20:52 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-03-29 20:52 - 2017-03-29 21:00 - 00000000 ____D C:\zoek_backup
2017-03-29 20:51 - 2017-03-29 20:51 - 00000091 _____ C:\Users\Milka\Desktop\Nový textový dokument.txt
2017-03-29 20:46 - 2017-03-29 20:42 - 01309184 _____ C:\Users\Milka\Desktop\zoek.exe
2017-03-29 05:48 - 2017-03-29 20:17 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-29 05:48 - 2017-03-29 05:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-29 05:47 - 2017-03-28 20:07 - 26188360 _____ C:\Users\Milka\Desktop\RogueKillerX64.exe
2017-03-28 20:09 - 2017-03-28 20:09 - 00000000 ____D C:\ProgramData\Sophos
2017-03-28 20:08 - 2017-03-28 20:08 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-28 20:08 - 2017-03-28 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-28 20:08 - 2017-03-28 20:08 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-03-28 19:52 - 2017-03-28 19:52 - 00001470 _____ C:\Users\Milka\Desktop\mlw.txt
2017-03-28 19:47 - 2017-03-28 19:47 - 00000547 _____ C:\Users\Milka\Desktop\JRT.txt
2017-03-28 19:44 - 2017-03-28 19:42 - 01663904 _____ (Malwarebytes) C:\Users\Milka\Desktop\JRT.exe
2017-03-27 21:48 - 2017-03-27 21:48 - 00001714 _____ C:\Users\Milka\Desktop\mal.txt
2017-03-27 21:46 - 2017-03-30 17:54 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-27 21:46 - 2017-03-27 21:46 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-27 21:46 - 2017-03-27 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-27 21:45 - 2017-03-27 21:45 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-27 21:45 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-27 21:41 - 2017-03-29 20:12 - 00000000 ____D C:\AdwCleaner
2017-03-27 21:40 - 2017-03-27 21:26 - 04031440 _____ C:\Users\Milka\Desktop\AdwCleaner.exe
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\ProgramData\adaware
2017-03-16 21:33 - 2017-03-16 21:33 - 00000609 _____ C:\Users\Milka\Desktop\Nainstalovat produkt Kaspersky Anti-Virus verze 17.0.0.611.lnk
2017-03-16 21:33 - 2017-03-16 21:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-03-16 21:14 - 2017-03-16 21:14 - 00000000 ____D C:\ProgramData\Emsisoft
2017-03-16 21:11 - 2017-03-16 21:30 - 00000000 ____D C:\Program Files\emisoft
2017-03-16 20:26 - 2015-03-09 12:26 - 00019768 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg_guard.sys
2017-03-16 20:26 - 2011-04-21 11:31 - 00017240 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg.sys
2017-03-15 21:13 - 2017-03-27 21:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-15 20:48 - 2017-03-15 20:51 - 00000000 ____D C:\Users\Milka\Documents\CCleaner záloha registrů
2017-03-13 23:44 - 2017-03-13 23:55 - 00000000 ____D C:\Users\Milka\AppData\Roaming\CENZURA
2017-03-13 23:20 - 2017-03-13 23:20 - 00000000 ____D C:\ProgramData\Apowersoft
2017-03-13 23:16 - 2017-03-13 23:16 - 00000000 ____D C:\Users\Milka\.cache
2017-03-13 23:15 - 2017-03-13 23:52 - 00000000 ____D C:\Users\Milka\AppData\Roaming\Apowersoft
2017-03-13 23:15 - 2017-03-13 23:15 - 00000000 ____D C:\Users\Milka\Documents\Apowersoft
2017-03-13 23:15 - 2017-01-02 16:01 - 00036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2017-03-13 23:00 - 2017-03-13 23:00 - 00000000 ____D C:\Users\Milka\AppData\Roaming\Wondershare AllMyTube
2017-03-13 22:59 - 2017-03-13 23:05 - 00000000 ____D C:\ProgramData\Wondershare
2017-03-13 22:59 - 2017-03-13 23:00 - 00000000 ____D C:\ProgramData\Wondershare AllMyTube
2017-03-13 22:59 - 2017-03-13 22:59 - 00000000 ____D C:\ProgramData\Wondershare Application Common Data
2017-03-13 22:58 - 2017-03-13 22:59 - 00000000 ____D C:\Program Files (x86)\AllMyTube
2017-03-13 22:56 - 2017-03-13 22:59 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-03-13 22:52 - 2017-03-29 21:00 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-03-13 22:52 - 2017-03-29 21:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-03-13 22:52 - 2017-03-13 22:52 - 00000000 ____D C:\Users\Default\AppData\Local\MicrosoftEdge
2017-03-13 22:52 - 2017-03-13 22:52 - 00000000 ____D C:\Users\Default User\AppData\Local\MicrosoftEdge
2017-03-13 22:51 - 2017-03-13 23:07 - 00000000 ____D C:\Users\Milka\AppData\Roaming\Seznam.cz
2017-03-13 22:51 - 2017-03-13 22:51 - 00000000 ____D C:\Users\Milka\AppData\Roaming\TopPlayList.NET
2017-03-13 22:51 - 2017-03-13 22:51 - 00000000 ____D C:\Users\Milka\AppData\Local\TopPlayList.NET
2017-03-13 22:51 - 2017-03-13 22:51 - 00000000 ____D C:\Users\Milka\AppData\Local\Downloaded Installations
2017-03-13 22:51 - 2017-03-13 22:51 - 00000000 ____D C:\ProgramData\TopPlayList.NET
2017-03-04 09:51 - 2017-03-04 09:51 - 02511248 _____ C:\Users\Milka\Desktop\bouzov.gpx
2017-03-04 09:48 - 2017-03-04 09:48 - 00000000 ____D C:\Users\Milka\Documents\Můj Garmin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 17:54 - 2016-11-30 23:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-30 17:54 - 2016-11-30 23:35 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-30 17:54 - 2016-11-23 14:13 - 00000000 __SHD C:\Users\Milka\IntelGraphicsProfiles
2017-03-30 17:54 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-30 17:54 - 2016-03-03 11:21 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-30 17:52 - 2016-11-24 21:49 - 00167013 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-03-30 17:50 - 2016-07-17 00:25 - 01685312 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-30 17:50 - 2016-07-17 00:25 - 00465982 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-30 17:50 - 2015-11-03 21:28 - 03889516 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-29 22:14 - 2016-11-30 23:36 - 00000000 ____D C:\Users\Milka
2017-03-29 21:28 - 2016-11-23 14:15 - 00000000 ___RD C:\Users\Milka\OneDrive
2017-03-29 21:25 - 2016-11-23 14:13 - 00000000 ____D C:\Users\Milka\AppData\Local\VirtualStore
2017-03-29 21:00 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-29 20:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-29 20:10 - 2016-11-30 23:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-26 21:54 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-26 20:12 - 2016-03-03 11:07 - 00000000 ____D C:\ProgramData\Temp
2017-03-16 06:58 - 2016-12-14 21:07 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-03-15 20:52 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-15 20:46 - 2016-12-03 20:26 - 00000000 ____D C:\Users\Milka\AppData\Roaming\uTorrent
2017-03-15 20:46 - 2016-12-03 15:45 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-15 20:46 - 2016-11-30 23:33 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-14 23:47 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-13 22:45 - 2016-11-23 14:13 - 00000000 ____D C:\Users\Milka\AppData\Local\Packages
2017-03-13 22:45 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-13 21:59 - 2016-12-28 01:01 - 00000000 ____D C:\Users\Milka\AppData\Roaming\Garmin
2017-03-13 21:56 - 2016-12-28 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-03-13 19:28 - 2016-12-29 00:13 - 00000000 ____D C:\Garmin
2017-03-11 23:51 - 2016-11-23 23:35 - 00000000 ____D C:\Users\Milka\AppData\Local\Microsoft Help
2017-03-11 23:26 - 2016-03-03 11:06 - 00000000 ____D C:\ProgramData\Lenovo

==================== Files in the root of some directories =======

2016-12-03 20:28 - 2016-12-03 20:28 - 0042788 _____ () C:\Users\Milka\AppData\Roaming\ICSW_0B1L2Z0T1F1C1C1P1G2ZtJ1V0A0V0A0S0T.txt
2017-01-04 23:16 - 2017-01-04 23:16 - 0007629 _____ () C:\Users\Milka\AppData\Local\Resmon.ResmonCfg
2016-11-30 23:35 - 2016-11-30 23:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-30 23:35 - 2016-11-30 23:35 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-26 18:47

==================== End of FRST.txt ============================

kadstra · Příspěvekod **kadstra** » 30 bře 2017 18:06

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Milka (30-03-2017 17:58:09)
Running from C:\Users\Milka\Desktop
Windows 10 Home Version 1607 (X64) (2016-11-30 21:42:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-418483724-3079150783-266374909-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-418483724-3079150783-266374909-503 - Limited - Disabled)
Guest (S-1-5-21-418483724-3079150783-266374909-501 - Limited - Disabled)
kadstra (S-1-5-21-418483724-3079150783-266374909-1003 - Limited - Enabled)
Milka (S-1-5-21-418483724-3079150783-266374909-1001 - Administrator - Enabled) => C:\Users\Milka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-418483724-3079150783-266374909-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
AdriaTOPO 2.40 (HKLM-x32\...\{33D3059C-444E-4DE3-A58D-AFD10D684F54}) (Version: 2.40 - Navigo-Sistem d.o.o.)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISER_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISER_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISER_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
catch (HKLM-x32\...\f7676494-bff8-4d89-ab7c-d353e2d37ed8) (Version: 2.02 - Lenovo)
Counter-Strike 1.6 (HKU\S-1-5-21-418483724-3079150783-266374909-1001\...\Counter-Strike 1.6) (Version: - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.1125 - Lenovo)
ESET Smart Security (HKLM\...\{E483B847-824D-4659-A760-0AC8FE24055E}) (Version: 10.0.386.1 - ESET, spol. s r.o.)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GuardRadish (HKLM-x32\...\c7bee6ad-7eb2-4bfe-9c1e-4b78ca25f73b) (Version: 1.09 - Lenovo)
Intel RealSense Training (HKLM-x32\...\Intel RealSense Training) (Version: 1.12 - Intel)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4352 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f9d669a3-fc5a-449e-a82c-c0ff491369be}) (Version: 18.30.1 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager Beta (x86): dptf_com (x32 Version: 2.2.0.52404 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager Beta (x86): Intel® RealSense™ SDK info server (x32 Version: 2.2.0.52404 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager F200 (HKLM-x32\...\ARP_for_prd_dcm_runtime_1.4.27.52404) (Version: 1.4.27.52404 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ 3D camera IO module (x32 Version: 1.4.27.52404 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (x32 Version: 1.4.27.52404 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime (x86): Core (HKLM-x32\...\{AD1C5601-1C83-41CB-A670-7F02C1D0E72A}) (Version: 4.0.0.52526 - Intel Corporation)
Intel® RealSense™ SDK 2014 Runtime (x86): Core (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime (x86): Hand Tracking (HKLM-x32\...\{1DA11DE3-2EC9-4DB5-9254-7644AC527476}) (Version: 4.0.0.52526 - Intel Corporation)
Intel® RealSense™ SDK 2014 Runtime (x86): Hand Tracking (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime (x86): Hand Tracking: Models (HKLM-x32\...\{00BD3B4C-3D89-42EA-9E2A-14BFC9A1E3C9}) (Version: 4.0.0.52526 - Intel Corporation)
Intel® RealSense™ SDK 2014 Runtime (x86): Hand Tracking: Models (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime (x86): Lantern Rock (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime (x86): Utilities (HKLM-x32\...\{AAD0FFBA-8C49-45FA-B93B-C356FB610E06}) (Version: 4.0.0.52526 - Intel Corporation)
Intel® RealSense™ SDK 2014 Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_v5_5.0.3.187777) (Version: 5.0.3.187777 - Intel Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.4.7 - PandoraTV)
Lenovo NFC Connector (HKLM-x32\...\InstallShield_{FA9DA141-14EE-4D64-BF8E-89D1B9202A7B}) (Version: 1.0.0.1201 - Lenovo)
Lenovo NFC Connector (Version: 1.0.0.1201 - Lenovo) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.8231 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.)
Lenovo PowerDVD12 (x32 Version: 12.0.5320.55 - CyberLink Corp.) Hidden
Lenovo Product Demo (HKLM-x32\...\{BCB7EAB5-4BB4-49E9-B555-23395E689EDA}) (Version: 1.0.2 - Lenovo)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Silver Silk Wireless Keyboard (HKLM-x32\...\InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.05 - Lenovo)
Lenovo Silver Silk Wireless Keyboard (x32 Version: 1.05 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{52753916-613B-4455-8022-A146CC17B1F6}) (Version: 3.2.002.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.070.04 - Lenovo)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-418483724-3079150783-266374909-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23019 (HKLM-x32\...\{2883cce3-040d-45b1-a27a-07934a6d47ec}) (Version: 14.0.23019.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23019 (HKLM-x32\...\{5184c1f9-e1f4-47ff-82ee-92712c162393}) (Version: 14.0.23019.0 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 376.54 (Version: 376.54 - NVIDIA Corporation) Hidden
PowerLine Utility (HKLM-x32\...\{A5E1CA04-799E-495C-A084-AB48AEF00CCB}) (Version: 1.2.204 - TP-LINK)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.0 - Lenovo)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
SportTracks 3.1 (HKLM-x32\...\{99895EF0-B290-4B21-B1FE-FB00E1B5D195}) (Version: 3.1.6179 - Zone Five Software)
Spotify (HKU\S-1-5-21-418483724-3079150783-266374909-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
TOPO Czech 2010 (HKLM-x32\...\{3C19E918-13AF-4C57-B50D-8C3738EFCABF}) (Version: 4.00 - PICODAS PRAHA, spol. s r.o.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.345 - Zemana Ltd.)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.12 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-418483724-3079150783-266374909-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe (Lenovo Group Limited)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C32D3C-1ABC-4314-9B4D-5740083DDE5F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {081A73A9-0CF4-46D3-B5B3-6F944A9BD331} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-03-24] (Intel Corporation)
Task: {2C47E55A-9F1B-45F3-9D4E-1B235813B51D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Milka\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {31AC008E-F75B-41D6-B77B-928A2F84CBAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-22] (Google Inc.)
Task: {4A3B1F42-EC20-4124-AF03-79B749C42763} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {4A933553-E1DC-47F6-8B2A-B3E3C0130A02} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-07-13] ()
Task: {60BE1935-162C-4997-82C6-730A8ECAC3DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-22] (Google Inc.)
Task: {6EB06510-593F-41AF-BE47-783A3D082E6D} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.)
Task: {9E6F95DF-03C9-4A31-8E9F-ECE596348695} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {9F5641F2-6D98-43E5-B868-CF0F4D13C796} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B8E40553-DE6D-4C35-AE05-876CB35FAEA6} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {BB1BB121-4BF2-4292-B4F2-C49CB13EC3FB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-07] (Lenovo)
Task: {BB5A070B-4E1A-4C47-8CA0-7A3308C34470} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {BDF44777-B55A-4BC4-B25C-8EBB78A86761} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {C24F9693-1110-4975-906A-063E0C6C3E9F} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-07-13] ()
Task: {D1AC9E11-5A48-4240-A259-C15AC8D121BC} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7ea36d8b-6809-4393-b143-6da5e2566129 => powershell.exe -nologo -noninteractive "& {New-Item -Path Registry::HKCU\Software\Lenovo\ImController\ScheduledTasks\7ea36d8b-6809-4393-b143-6da5e2566129 -type directory -force;$conter=Get-Date;$conter=$conter.ToUniversalTime();Set-ItemProperty -Path Registry::HKCU\Software\Lenovo\ImController\ScheduledTasks\7 (the data entry has 73 more characters).

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:45 - 2016-12-09 12:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-15 02:58 - 2015-09-15 02:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-11-30 23:35 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 19:45 - 2016-12-09 12:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-30 23:26 - 2016-11-30 23:26 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:09 - 2016-12-21 09:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 21:09 - 2016-12-21 08:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 21:09 - 2016-12-21 08:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 21:09 - 2016-12-21 08:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 21:09 - 2016-12-21 08:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 21:09 - 2016-12-21 08:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-24 00:44 - 2015-07-24 00:44 - 00145024 _____ () C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe
2016-09-26 14:55 - 2016-09-26 14:55 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2016-11-24 22:04 - 2014-09-09 14:30 - 00603648 _____ () C:\Program Files\Zoner\Photo Studio 17\Program32\SpiderMonkey.dll
2009-12-05 02:59 - 2009-12-05 02:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 03:04 - 2009-12-05 03:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2011-11-03 21:48 - 2011-11-03 21:48 - 00056320 _____ () C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skfunc.dll
2015-03-17 02:34 - 2015-03-17 02:34 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\cs_cz\acrotray.cze

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [153]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2017-03-29 20:53 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-418483724-3079150783-266374909-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Milka\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20160827_101053.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{68E63493-541F-459D-878E-FFCCBE050DBC}C:\users\milka\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\milka\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AD330DE3-97A0-4C0A-8D8B-FCC86950D1EE}C:\users\milka\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\milka\appdata\roaming\spotify\spotify.exe
FirewallRules: [{096EE2DB-0226-4912-AC3A-63AA94521DC3}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe
FirewallRules: [{27561742-EA16-4765-8424-3531B9E6CA0E}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe
FirewallRules: [{ECA9D100-40EB-411F-B6A1-9A98E8B16B73}] => (Allow) C:\Program Files\Lenovo\TAPit\TAPitService.exe
FirewallRules: [{B7A2E728-21B3-415A-9DAE-DAA314504113}] => (Allow) C:\Program Files\Lenovo\TAPit\TAPitService.exe
FirewallRules: [{F7DF7267-C90A-4778-9713-137230713673}] => (Allow) C:\Program Files\Lenovo\TAPit\TAPitApp.exe
FirewallRules: [{38AAD113-9F26-4ED7-931E-4733ABD928CD}] => (Allow) C:\Program Files\Lenovo\TAPit\TAPitPlayer.exe
FirewallRules: [{095B81B0-1CBC-48E1-9FAF-832994619C8C}] => (Allow) C:\Users\Milka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EEB55431-7369-403E-8445-4D31856DD694}] => (Allow) C:\Users\Milka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{51953CE2-579A-46AE-9F60-74ECFCD9129D}] => (Allow) C:\Users\Milka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{11033D74-0B9B-4613-A0DF-F4BEE7D185B2}] => (Allow) C:\Users\Milka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D308FE19-690C-40E2-BE8C-D6B83BCEDD1B}] => (Allow) C:\Users\Milka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{648443C5-5078-47FE-B083-B7C76B9C2C2B}] => (Allow) C:\Users\Milka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{14CB749E-24F2-466D-9131-D607EB2803C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-03-2017 20:53:39 zoek.exe restore point

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2017 05:54:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/30/2017 05:54:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/30/2017 05:45:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/30/2017 05:45:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/29/2017 10:14:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/29/2017 10:14:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/29/2017 09:47:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/29/2017 09:47:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/29/2017 09:11:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/29/2017 09:11:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALLIN)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

System errors:
=============
Error: (03/30/2017 05:56:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba platformy připojených zařízení byla ukončena s následující chybou:
Nespecifikovaná chyba

Error: (03/30/2017 05:54:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/30/2017 05:54:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/30/2017 05:54:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/30/2017 05:54:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SpyEmrgHealth neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (03/30/2017 05:54:44 PM) (Source: ACPI) (EventID: 4) (User: )
Description: AMLI: Systém ACPI BIOS se pokouší o čtení z nesprávné adresy V/V portu (0x70), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error: (03/30/2017 05:54:37 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (03/30/2017 05:54:12 PM) (Source: DCOM) (EventID: 10010) (User: ALLIN)
Description: Server App.AppXx4zfy1ffv3wctgdz2vypnybzjkh27jhw.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/30/2017 05:54:12 PM) (Source: DCOM) (EventID: 10010) (User: ALLIN)
Description: Server App.AppXx4zfy1ffv3wctgdz2vypnybzjkh27jhw.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/30/2017 05:54:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

CodeIntegrity:
===================================
Date: 2017-03-30 17:54:47.620
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-30 17:45:40.228
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-29 22:14:50.676
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-29 21:48:01.456
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-29 21:29:08.027
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-29 21:12:02.174
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-29 21:02:19.107
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-29 20:47:27.664
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-29 20:31:47.634
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-29 20:13:34.771
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 16287.52 MB
Available physical RAM: 14137.25 MB
Total Virtual: 17311.52 MB
Available Virtual: 15221.63 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:110.43 GB) (Free:62.64 GB) NTFS
Drive d: () (Fixed) (Total:1832.53 GB) (Free:1508.34 GB) NTFS
Drive g: () (Removable) (Total:3.72 GB) (Free:1.81 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 4DF2E83C)

Partition: GPT.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 4DF2E8E8)

Partition: GPT.

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 8B00DDAF)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End of Addition.txt ============================

kadstra · Příspěvekod **kadstra** » 30 bře 2017 19:06

Pomohlo by přes systémový nástroj obnovit PC do továrního nastavení? Přeinstaluje Win a odebere vytvořené soubory.

Příspěvekod **jaro3** » 30 bře 2017 19:18

Kdybys tam nepral jeden antivir a antispyware přes druhý , ...

Odinstaluj:
Emsisoft Anti Malware
Kaspersky
NETGATE

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-418483724-3079150783-266374909-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-418483724-3079150783-266374909-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File
CHR Extension: (No Name) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-22]
CHR Extension: (No Name) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-22]
CHR Extension: (No Name) - C:\Users\Milka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X]
C:\Program Files\NETGATE\Spy Emergency
C:\ProgramData\adaware
2017-03-16 21:33 - 2017-03-16 21:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-03-16 21:14 - 2017-03-16 21:14 - 00000000 ____D C:\ProgramData\Emsisoft
2017-03-16 21:11 - 2017-03-16 21:30 - 00000000 ____D C:\Program Files\emisoft
2017-03-16 20:26 - 2015-03-09 12:26 - 00019768 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg_guard.sys
2017-03-16 20:26 - 2011-04-21 11:31 - 00017240 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online