Kontrola logu - vytuhávající noťas Vyřešeno

[jaro3]

A log z Combofixu je kde?

[Reklama]

[Ferin]

O tom se nic nepsalo.
Hodím ho sem večer.

[jaro3]

OK.-

[Vercingetorix]

Tak tady je:

ComboFix 17-04-05.01 - Michal a Leňa 06.04.2017 22:12:55.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3764.2469 [GMT 2:00]
Spuštěný z: c:\users\Michal a Le˛a\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal a Le˛a\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-03-06 do 2017-04-06 )))))))))))))))))))))))))))))))
.
.
2017-04-06 20:18 . 2017-04-06 20:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-04-06 20:18 . 2017-04-06 20:18 -------- d-----w- c:\users\Michal a Lena\AppData\Local\temp
2017-04-06 20:18 . 2017-04-06 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-04-06 20:18 . 2017-04-06 20:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2017-04-06 18:38 . 2017-04-06 18:39 -------- d-----w- c:\users\Michal a Leňa\AppData\Local\{7F36541D-9770-4A2C-B9B4-02B46C26701B}
2017-04-05 17:57 . 2017-04-05 17:57 -------- d-----w- c:\users\Michal a Leňa\AppData\Local\{8C083BB2-717E-4CFF-959D-E42475330707}
2017-04-04 19:05 . 2017-04-04 19:06 -------- d-----w- c:\users\Michal a Leňa\AppData\Local\{1B46DFC9-AB34-4BCE-9064-943BD4DCF3BC}
2017-04-03 19:13 . 2017-04-03 19:13 399944 ----a-w- c:\windows\system32\aswBoot.exe
2017-04-03 17:54 . 2017-04-03 17:54 -------- d-----w- c:\users\Michal a Leňa\AppData\Local\{16A064F2-0D24-4C3A-AA4B-E051E3287EC5}
2017-04-02 23:35 . 2017-04-02 23:35 -------- d-----w- c:\users\MICHAL~3
2017-04-02 23:34 . 2017-04-02 23:34 -------- d-----w- c:\users\Michal a Leňa\AppData\Local\{9566ECD3-26A9-48A4-B941-3CBD86C185CA}
2017-04-02 21:43 . 2017-04-02 21:43 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-04-02 21:43 . 2017-04-02 21:43 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-04-02 21:43 . 2017-04-02 21:43 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-04-02 21:42 . 2017-04-02 21:42 -------- d-----w- c:\users\Michal a Leňa\AppData\Local\Zemana
2017-04-02 21:28 . 2017-04-02 21:02 24064 ----a-w- c:\windows\zoek-delete.exe
2017-04-02 21:28 . 2017-04-06 20:18 -------- d-----w- c:\users\Michal a Leňa\AppData\Local\Temp
2017-04-01 00:35 . 2017-04-01 00:35 -------- d-----w- c:\programdata\Sophos
2017-04-01 00:33 . 2017-04-01 00:33 -------- d-----w- c:\program files (x86)\Sophos
2017-03-31 19:01 . 2017-04-05 18:25 6180 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2017-03-22 19:40 . 2017-03-22 19:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2017-03-20 19:32 . 2017-03-30 20:15 527816 ----a-w- c:\program files (x86)\Mozilla Firefox\minidump-analyzer.exe
2017-03-18 15:58 . 2017-04-03 19:12 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-03-18 15:58 . 2017-04-03 19:12 334088 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-03-18 15:58 . 2017-04-03 19:12 307736 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-03-18 15:58 . 2017-04-03 19:12 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-03-15 18:05 . 2017-03-15 18:05 -------- d-----w- c:\program files (x86)\Common Files\Skype
2017-03-15 18:05 . 2017-03-15 18:05 -------- d-----r- c:\program files (x86)\Skype
2017-03-14 20:57 . 2017-02-22 23:37 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-03-14 20:57 . 2017-02-18 14:05 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-03-14 20:57 . 2016-12-31 15:36 556544 ----a-w- c:\windows\system32\devinv.dll
2017-03-14 20:57 . 2016-12-31 15:36 233984 ----a-w- c:\windows\system32\aepic.dll
2017-03-14 20:57 . 2017-02-22 23:42 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-03-14 20:57 . 2017-02-18 14:05 646656 ----a-w- c:\windows\system32\generaltel.dll
2017-03-14 20:57 . 2016-12-31 15:36 335360 ----a-w- c:\windows\system32\invagent.dll
2017-03-14 20:57 . 2016-12-31 15:36 293376 ----a-w- c:\windows\system32\centel.dll
2017-03-14 20:57 . 2016-12-31 15:36 133632 ----a-w- c:\windows\system32\acmigration.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-04-03 19:13 . 2014-01-12 20:09 164064 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-04-03 19:13 . 2014-05-02 22:50 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-04-03 19:13 . 2013-03-17 16:53 339696 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-04-03 19:13 . 2013-03-17 16:53 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-04-03 19:13 . 2011-01-12 18:36 556784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-04-03 19:13 . 2011-01-12 18:36 127112 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-04-03 19:13 . 2012-06-20 21:21 101152 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-04-03 19:13 . 2011-07-27 18:19 1005048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-04-03 19:13 . 2016-06-14 20:31 32600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-04-02 19:54 . 2015-02-28 20:03 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-04-01 00:13 . 2014-04-07 10:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-03-22 19:39 . 2015-01-18 12:40 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-03-22 19:22 . 2012-06-21 20:50 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-03-22 19:22 . 2011-05-18 17:03 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-03-15 18:24 . 2011-02-07 23:53 138634176 -c--a-w- c:\windows\system32\MRT.exe
2017-03-05 16:52 . 2015-09-12 20:15 952 --sha-w- c:\programdata\KGyGaAvL.sys
2017-02-09 16:32 . 2017-03-14 21:21 345600 ----a-w- c:\windows\system32\schannel.dll
2017-02-09 16:32 . 2017-03-14 21:21 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-02-09 16:14 . 2017-03-14 21:21 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-02-09 16:14 . 2017-03-14 21:21 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-02-09 16:14 . 2017-03-14 21:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-01-11 22:03 . 2010-06-24 10:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2014-05-07 1300560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
R0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
R0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
R0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
R0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS;c:\windows\SYSNATIVE\MLPTDR_C.SYS [x]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\Alwil Software\Avast5\x64\aswidsagenta.exe;c:\program files\Alwil Software\Avast5\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys;c:\windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VMLiteUSB;VMLite USB;c:\windows\system32\Drivers\VMLiteUSB.sys;c:\windows\SYSNATIVE\Drivers\VMLiteUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-04-03 19:13 1529352 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-04-03 19:13 1529352 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-04 520760]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-03-28 14516464]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvLaunch.exe" [2017-04-03 213824]
.
------- Doplňkový sken -------
.
uStart Page = https://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 185.108.248.35 185.108.248.36
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3993225330-1198342409-558517700-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3993225330-1198342409-558517700-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_127_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_127_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_127_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_127_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_127.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.25"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_127.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_127.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_127.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-04-06 22:22:05
ComboFix-quarantined-files.txt 2017-04-06 20:22
.
Před spuštěním: 3 107 278 848
Po spuštění: 3 326 095 360
.
- - End Of File - - 0A6FC642BEDB04F108E5C1E607007C0A


PS: A bylo s tím něco konkrétního? Nebo jen zaflákaný?

[jaro3]

Je a Combofix nic nesm,azal a ještě tam něco přibylo.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[Vercingetorix]

OTL logfile created on: 4/7/2017 10:44:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michal a Leňa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18617)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.68 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 67.15% Memory free
5.98 Gb Paging File | 4.45 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.22 Gb Total Space | 3.01 Gb Free Space | 5.00% Space Free | Partition Type: NTFS
Drive D: | 392.44 Gb Total Space | 150.36 Gb Free Space | 38.31% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: Michal a Leňa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Michal a Leňa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\ffl2.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\event_routing_rpc.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\gaming_mode_ui.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\libcef.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (aswbIDSAgent) -- C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe (AVAST Software s.r.o.)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (DbxSvc) -- C:\Windows\SysNative\DbxSvc.exe (Dropbox, Inc.)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (DCSLoader) -- C:\Windows\SysNative\spool\drivers\x64\3\OPHPLDCS.EXE (Oki Data Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ZAMSvc) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (DCSLoader) -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHPLDCS.EXE (Oki Data Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys (AVAST Software)
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswblog) -- C:\Windows\SysNative\drivers\aswbloga.sys (AVAST Software s.r.o.)
DRV:64bit: - (aswbidsdriver) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys (AVAST Software s.r.o.)
DRV:64bit: - (aswbidsh) -- C:\Windows\SysNative\drivers\aswbidsha.sys (AVAST Software s.r.o.)
DRV:64bit: - (aswbuniv) -- C:\Windows\SysNative\drivers\aswbuniva.sys (AVAST Software s.r.o.)
DRV:64bit: - (ZAM) -- C:\Windows\SysNative\drivers\zam64.sys (Zemana Ltd.)
DRV:64bit: - (ZAM_Guard) -- C:\Windows\SysNative\drivers\zamguard64.sys (Zemana Ltd.)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (VMLiteUSB) -- C:\Windows\SysNative\drivers\VMLiteUSB.sys (VMLite, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (MLPTDR_C) -- C:\Windows\SysWOW64\MLPTDR_C.SYS (Minolta Co., Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 82 96 9C BD F3 AB D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "LU"
FF - prefs.js..browser.search.region: "LU"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.121.2: C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2: C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF48 [2017/04/03 21:13:41 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\SAFEPRICE\FF48 [2017/04/03 21:13:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext [2012/07/27 19:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF48 [2017/04/03 21:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\Alwil Software\Avast5\SafePrice\FF48 [2017/04/03 21:13:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6\components [2017/04/03 02:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6\plugins [2017/01/12 00:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2016/11/20 19:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2017/01/12 00:17:36 | 000,000,000 | ---D | M]

[2014/09/07 21:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal a Leňa\AppData\Roaming\Mozilla\Extensions
[2014/09/07 21:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal a Leňa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2017/04/03 02:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal a Leňa\AppData\Roaming\Mozilla\Firefox\Profiles\9jurvoh7.default-1450473415681\extensions
[2017/04/03 02:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal a Leňa\AppData\Roaming\Mozilla\Firefox\Profiles\annk24f8.Firefox novy\extensions
[2017/03/10 23:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal a Leňa\AppData\Roaming\Mozilla\Firefox\Profiles\apazlbvc.default\extensions
[2017/04/03 02:24:52 | 000,008,115 | ---- | M] () (No name found) -- C:\Users\Michal a Leňa\AppData\Roaming\Mozilla\Firefox\Profiles\annk24f8.Firefox novy\features\{71875a6e-7c6e-4765-a1bf-14486b9c56b7}\deployment-checker@mozilla.org.xpi
[2017/04/03 02:24:52 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Michal a Leňa\AppData\Roaming\Mozilla\Firefox\Profiles\annk24f8.Firefox novy\features\{71875a6e-7c6e-4765-a1bf-14486b9c56b7}\e10srollout@mozilla.org.xpi
[2017/04/04 21:15:46 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\Michal a Leňa\AppData\Roaming\Mozilla\Firefox\Profiles\apazlbvc.default\features\{2b9e48ec-429f-4ded-b123-58253d8070eb}\disable-prefetch@mozilla.org.xpi
[2017/04/04 21:15:47 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Michal a Leňa\AppData\Roaming\Mozilla\Firefox\Profiles\apazlbvc.default\features\{2b9e48ec-429f-4ded-b123-58253d8070eb}\e10srollout@mozilla.org.xpi
[2017/03/30 22:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/12/23 20:10:54 | 000,230,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2012/07/27 19:57:04 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll
[2012/07/27 19:57:17 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll
[2012/07/27 19:57:01 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

O1 HOSTS File: ([2017/04/04 21:20:17 | 000,000,813 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Pomocná služba pro přihlášení ke službě Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvLaunch.exe (AVAST Software)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 185.108.248.35 185.108.248.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EE4A5C3-B471-4D1E-AAB4-FCFF57C63BAA}: DhcpNameServer = 185.108.248.35 185.108.248.36
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[Vercingetorix]

========== Files/Folders - Created Within 30 Days ==========

[2017/04/07 22:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SWCUTemp
[2017/04/07 22:39:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michal a Leňa\Desktop\OTL.exe
[2017/04/07 20:45:45 | 000,000,000 | ---D | C] -- C:\Users\Michal a Leňa\AppData\Local\{B21B3A11-9BA4-472C-B58A-2232A0533140}
[2017/04/06 22:22:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017/04/06 22:22:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2017/04/06 22:09:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2017/04/06 22:09:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2017/04/06 22:09:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2017/04/06 22:09:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2017/04/06 20:38:58 | 000,000,000 | ---D | C] -- C:\Users\Michal a Leňa\AppData\Local\{7F36541D-9770-4A2C-B9B4-02B46C26701B}
[2017/04/05 20:28:19 | 005,659,546 | R--- | C] (Swearware) -- C:\Users\Michal a Leňa\Desktop\ComboFix.exe
[2017/04/05 19:57:14 | 000,000,000 | ---D | C] -- C:\Users\Michal a Leňa\AppData\Local\{8C083BB2-717E-4CFF-959D-E42475330707}
[2017/04/04 21:05:56 | 000,000,000 | ---D | C] -- C:\Users\Michal a Leňa\AppData\Local\{1B46DFC9-AB34-4BCE-9064-943BD4DCF3BC}
[2017/04/03 21:13:42 | 000,399,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2017/04/03 19:54:14 | 000,000,000 | ---D | C] -- C:\Users\Michal a Leňa\AppData\Local\{16A064F2-0D24-4C3A-AA4B-E051E3287EC5}
[2017/04/03 01:34:15 | 000,000,000 | ---D | C] -- C:\Users\Michal a Leňa\AppData\Local\{9566ECD3-26A9-48A4-B941-3CBD86C185CA}
[2017/04/02 23:43:13 | 000,203,680 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\zam64.sys
[2017/04/02 23:43:12 | 000,203,680 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\zamguard64.sys
[2017/04/02 23:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2017/04/02 23:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zemana AntiMalware
[2017/04/02 23:42:28 | 000,000,000 | ---D | C] -- C:\Users\Michal a Leňa\AppData\Local\Zemana
[2017/04/02 23:41:42 | 005,766,464 | ---- | C] (Zemana Ltd. ) -- C:\Users\Michal a Leňa\Desktop\Zemana.AntiMalware.Setup.exe
[2017/04/02 23:28:49 | 000,000,000 | ---D | C] -- C:\Users\Michal a Leňa\AppData\Local\Temp
[2017/04/01 02:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2017/04/01 02:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2017/04/01 02:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2017/03/22 21:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2017/03/18 17:58:35 | 000,334,088 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbloga.sys
[2017/03/18 17:58:35 | 000,307,736 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
[2017/03/18 17:58:35 | 000,189,768 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsha.sys
[2017/03/18 17:58:35 | 000,048,528 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbuniva.sys
[2017/03/15 20:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2017/03/15 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2017/03/15 20:05:45 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2017/03/14 23:21:59 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2017/03/14 23:21:59 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2017/03/14 23:21:59 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2017/03/14 23:21:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2017/03/14 23:21:59 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2017/03/14 23:21:59 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2017/03/14 23:21:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2017/03/14 23:21:58 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2017/03/14 23:21:58 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2017/03/14 23:21:58 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2017/03/14 23:21:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2017/03/14 23:21:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2017/03/14 23:21:57 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2017/03/14 23:21:57 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2017/03/14 23:21:57 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2017/03/14 23:21:57 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2017/03/14 23:21:56 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2017/03/14 23:21:56 | 000,806,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2017/03/14 23:21:56 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2017/03/14 23:21:56 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2017/03/14 23:21:56 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2017/03/14 23:21:56 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2017/03/14 23:21:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2017/03/14 23:21:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2017/03/14 23:21:55 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2017/03/14 23:21:55 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2017/03/14 23:21:54 | 002,131,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2017/03/14 23:21:54 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2017/03/14 23:21:54 | 000,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2017/03/14 23:21:53 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2017/03/14 23:21:53 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2017/03/14 23:21:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2017/03/14 23:21:53 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2017/03/14 23:21:52 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2017/03/14 23:21:52 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2017/03/14 23:21:51 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2017/03/14 23:21:51 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2017/03/14 23:21:51 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2017/03/14 23:21:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2017/03/14 23:21:50 | 006,045,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2017/03/14 23:21:50 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2017/03/14 23:21:49 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2017/03/14 23:21:49 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2017/03/14 23:21:47 | 005,548,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017/03/14 23:21:45 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2017/03/14 23:21:44 | 004,000,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2017/03/14 23:21:43 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2017/03/14 23:21:42 | 003,945,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2017/03/14 23:21:42 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2017/03/14 23:21:41 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2017/03/14 23:21:41 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2017/03/14 23:21:41 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2017/03/14 23:21:41 | 000,706,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2017/03/14 23:21:41 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2017/03/14 23:21:41 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2017/03/14 23:21:40 | 001,574,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2017/03/14 23:21:40 | 000,803,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2017/03/14 23:21:40 | 000,733,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2017/03/14 23:21:39 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2017/03/14 23:21:39 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2017/03/14 23:21:39 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2017/03/14 23:21:39 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2017/03/14 23:21:39 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2017/03/14 23:21:39 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2017/03/14 23:21:39 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2017/03/14 23:21:38 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2017/03/14 23:21:38 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2017/03/14 23:21:38 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2017/03/14 23:21:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2017/03/14 23:21:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2017/03/14 23:21:38 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2017/03/14 23:21:38 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2017/03/14 23:21:38 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2017/03/14 23:21:38 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2017/03/14 23:21:37 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2017/03/14 23:21:37 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icm32.dll
[2017/03/14 23:21:37 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2017/03/14 23:21:37 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2017/03/14 23:21:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2017/03/14 23:21:36 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2017/03/14 23:21:36 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2017/03/14 23:21:36 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2017/03/14 23:21:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2017/03/14 23:21:36 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2017/03/14 23:21:36 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2017/03/14 23:21:36 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2017/03/14 23:21:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2017/03/14 23:21:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2017/03/14 23:21:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2017/03/14 23:21:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2017/03/14 23:21:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2017/03/14 23:21:35 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\INETRES.dll
[2017/03/14 23:21:35 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2017/03/14 23:21:35 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2017/03/14 23:21:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2017/03/14 23:21:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2017/03/14 23:21:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2017/03/14 23:21:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2017/03/14 23:21:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2017/03/14 23:21:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2017/03/14 23:21:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2017/03/14 23:21:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2017/03/14 23:21:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2017/03/14 23:21:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2017/03/14 23:21:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2017/03/14 23:21:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2017/03/14 23:21:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2017/03/14 23:21:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2017/03/14 23:21:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2017/03/14 23:21:34 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2017/03/14 23:21:34 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2017/03/14 23:21:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2017/03/14 23:21:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2017/03/14 22:57:36 | 001,609,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2017/03/14 22:57:36 | 001,285,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2017/03/14 22:57:36 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2017/03/14 22:57:36 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2017/03/14 22:57:35 | 000,646,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2017/03/14 22:57:35 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2017/03/14 22:57:35 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\centel.dll
[2017/03/14 22:57:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2017/03/14 22:57:35 | 000,084,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2017/04/07 22:45:34 | 000,065,797 | ---- | M] () -- C:\Windows\ZAM.krnl.trace
[2017/04/07 22:43:08 | 000,038,212 | ---- | M] () -- C:\Windows\ZAM_Guard.krnl.trace
[2017/04/07 22:39:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michal a Leňa\Desktop\OTL.exe
[2017/04/07 20:45:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/04/06 22:37:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/04/06 22:37:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/04/06 22:29:02 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2017/04/05 20:28:24 | 005,659,546 | R--- | M] (Swearware) -- C:\Users\Michal a Leňa\Desktop\ComboFix.exe
[2017/04/05 20:11:47 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/04/04 22:42:30 | 000,090,541 | ---- | M] () -- C:\Users\Michal a Leňa\Desktop\paiement terrasse.JPG
[2017/04/04 22:39:47 | 000,025,090 | ---- | M] () -- C:\Users\Michal a Leňa\Desktop\virement solde.pdf
[2017/04/04 21:59:27 | 000,020,793 | ---- | M] () -- C:\Users\Michal a Leňa\Desktop\Výstřižek.JPG
[2017/04/04 21:35:13 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2017/04/04 21:20:17 | 000,000,813 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2017/04/03 21:13:29 | 000,164,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2017/04/03 21:13:28 | 000,556,784 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2017/04/03 21:13:28 | 000,399,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2017/04/03 21:13:28 | 000,339,696 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2017/04/03 21:13:28 | 000,127,112 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2017/04/03 21:13:28 | 000,075,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2017/04/03 21:13:28 | 000,038,296 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2017/04/03 21:13:27 | 000,101,152 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2017/04/03 21:13:07 | 001,005,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2017/04/03 21:13:06 | 000,032,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2017/04/03 21:12:56 | 000,334,088 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbloga.sys
[2017/04/03 21:12:56 | 000,307,736 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
[2017/04/03 21:12:56 | 000,189,768 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsha.sys
[2017/04/03 21:12:56 | 000,048,528 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbuniva.sys
[2017/04/03 02:28:03 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox novy.lnk
[2017/04/03 00:31:26 | 000,001,009 | ---- | M] () -- C:\Users\Michal a Leňa\Desktop\Mozilla Firefox.lnk
[2017/04/02 23:43:13 | 000,203,680 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\zam64.sys
[2017/04/02 23:43:12 | 000,203,680 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\zamguard64.sys
[2017/04/02 23:43:11 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017/04/02 23:41:42 | 005,766,464 | ---- | M] (Zemana Ltd. ) -- C:\Users\Michal a Leňa\Desktop\Zemana.AntiMalware.Setup.exe
[2017/04/02 23:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2017/04/02 21:54:40 | 000,028,272 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2017/04/01 02:33:55 | 000,002,759 | ---- | M] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017/04/01 02:13:32 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017/03/31 22:29:35 | 000,781,110 | ---- | M] () -- C:\Users\Michal a Leňa\Desktop\SCAN_20170331_181512235.pdf
[2017/03/22 21:39:08 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2017/03/22 21:22:05 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017/03/22 21:22:05 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/03/18 17:56:48 | 000,547,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.148985272618304
[2017/03/18 17:56:48 | 000,337,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswvmm.sys.148985272817906
[2017/03/15 22:01:22 | 000,343,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017/03/15 20:05:48 | 000,002,731 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2017/04/06 22:09:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2017/04/06 22:09:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2017/04/06 22:09:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2017/04/06 22:09:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2017/04/06 22:09:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2017/04/04 22:42:30 | 000,090,541 | ---- | C] () -- C:\Users\Michal a Leňa\Desktop\paiement terrasse.JPG
[2017/04/04 22:39:46 | 000,025,090 | ---- | C] () -- C:\Users\Michal a Leňa\Desktop\virement solde.pdf
[2017/04/04 21:59:27 | 000,020,793 | ---- | C] () -- C:\Users\Michal a Leňa\Desktop\Výstřižek.JPG
[2017/04/02 23:43:18 | 000,065,797 | ---- | C] () -- C:\Windows\ZAM.krnl.trace
[2017/04/02 23:43:18 | 000,038,212 | ---- | C] () -- C:\Windows\ZAM_Guard.krnl.trace
[2017/04/02 23:43:11 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017/04/02 23:28:50 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2017/04/01 02:33:55 | 000,002,759 | ---- | C] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017/03/31 22:29:34 | 000,781,110 | ---- | C] () -- C:\Users\Michal a Leňa\Desktop\SCAN_20170331_181512235.pdf
[2017/03/15 20:05:47 | 000,002,731 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/09/12 22:15:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2014/07/13 15:17:34 | 000,004,608 | ---- | C] () -- C:\Users\Michal a Leňa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/06 16:54:07 | 000,007,605 | ---- | C] () -- C:\Users\Michal a Leňa\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/08/29 17:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/08/29 17:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/04 21:28:10 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\AVAST Software
[2014/04/07 15:36:38 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\CheckPoint
[2011/01/18 21:07:30 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\EPSON
[2015/08/11 15:19:29 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\GHISLER
[2011/10/23 23:32:38 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\InterVideo
[2016/11/07 00:45:47 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\Jablotron
[2013/03/24 15:33:26 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\Memeo
[2011/12/20 16:06:00 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\mp3DirectCut
[2013/03/24 15:19:54 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\Seagate
[2011/02/09 00:26:50 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\Windows Live Writer
[2015/02/28 03:00:04 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\Wise Disk Cleaner
[2013/03/28 17:17:32 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\Xirrus
[2016/09/20 22:06:01 | 000,000,000 | ---D | M] -- C:\Users\Michal a Leňa\AppData\Roaming\Zoner

========== Purity Check ==========



< End of report >

[Vercingetorix]

OTL Extras logfile created on: 4/7/2017 10:44:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michal a Leňa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18617)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.68 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 67.15% Memory free
5.98 Gb Paging File | 4.45 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.22 Gb Total Space | 3.01 Gb Free Space | 5.00% Space Free | Partition Type: NTFS
Drive D: | 392.44 Gb Total Space | 150.36 Gb Free Space | 38.31% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: Michal a Leňa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09123559-2760-4FFB-80EA-D8D51D87AB1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D725369-4DD1-4CB9-84B3-3CAA29E27AA4}" = rport=445 | protocol=6 | dir=out | app=system |
"{0E31B702-D3EB-45F4-B735-86AECBE4F0F2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26DFEBBB-BFA2-4EF0-A2F7-913E530FCEFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28682057-317D-4AAD-8D04-F1704C0C4D78}" = lport=139 | protocol=6 | dir=in | app=system |
"{288AAFEA-E465-421E-BBC8-61DCFD829C05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3447250D-A67E-4670-ADB0-AF34AD1DCBAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{357B923B-792B-4B69-8279-C20B2C89DCEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{398D290F-E9D3-4341-B1E6-04AC4E93DC01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{44E8CC13-98A4-4FEA-9AB6-4198380805D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F915BDA-70B8-40AE-961C-D7504A16808F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69EE14F2-4429-4D71-B40A-047DF62EB67D}" = lport=445 | protocol=6 | dir=in | app=system |
"{70E650A4-3269-4267-8D2B-B034E555EA65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7725B8CB-5459-4CCC-9D05-8EAF61042490}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{80E0FF49-88CC-4D7F-A7E0-3D17E441B5E2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842A08B3-08EE-4569-B5F8-768842228445}" = lport=2869 | protocol=6 | dir=in | app=system |
"{848E2E61-C22D-487D-BF4B-112D723E4373}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8501FEC1-A9AD-480E-BE03-80AF992FFBC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{900CCB53-D0C1-4894-A8B9-AFFECEEDCA32}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD34BC96-1856-48AE-A7D7-AA7FA162AC70}" = rport=137 | protocol=17 | dir=out | app=system |
"{B28CF15F-032A-4564-8418-B72CE23ACBEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B63EB249-8743-4A4A-8161-37BABBD1DB97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B697B739-E7BA-4E7E-8E49-752A03404061}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B93ECAE9-6F1A-4B07-B9CE-446CA641F256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B96087BA-64CB-40DA-BE97-33297C1B4386}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFD0CBF8-BCD0-46C5-8613-DCAED1099B38}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C7D1D850-F9E8-4C64-B41B-8C46CD4DE96A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D1CDCECE-B63E-4A06-81FD-8A14BA6DEF52}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBAE6B7D-1CC1-4FCE-8C87-EC1C896CE577}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E47C2785-1A6B-4906-B3A6-DBEA6B87D999}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E48F6222-AFE7-4205-928E-E09C58DDCF78}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F2833277-F305-469D-B264-5FE3338B3EE4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F3C7DACA-BD67-4D14-A119-70606930A122}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AB7A3C-8610-487C-B10D-DCBF2B5D649A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0DC1B05B-42FD-411C-B46E-0BE2909FBEA1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F92FB70-7504-4993-88F0-CDD1D91F82DC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{204EDC4B-9E61-44A5-882D-8D47B58FCB23}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{25DAEE97-AAD9-49AB-A626-466FE664A4A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B1D6CE4-FCE8-4152-A854-388FEFAC3003}" = protocol=6 | dir=out | app=system |
"{2E745D78-176B-4DA0-91D3-5E64B57AB9AD}" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{324B19AB-C3C5-46CC-BBF3-9ACD11DB58BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32736C75-9B3D-4AAA-9E64-B64084087C26}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{446A13F6-13E1-4BB3-88B1-2C38DA756E03}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4C5611B8-6933-4616-BED9-270CCB7BBDEA}" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{50405AE9-C587-4C25-947B-B41B2DD3E3B4}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{5861979C-91CB-4285-8D2D-5F85E0C889FE}" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{58CA740B-1913-4E2D-8B21-BE622471A3CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5AEB16F3-4A45-4613-9AFC-25203B370509}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E0D9336-55B4-4317-B094-86A8E7853ED6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5E522727-A342-47DA-BE3D-58478953AF7E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5ED096BC-D569-4C9D-8143-925A8A4D7B94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{668FF5B1-8051-4C13-A9C3-2D316752B7AE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{696247D1-52B3-4E22-82CD-97BE91DFFD61}" = protocol=58 | dir=in | app=system |
"{75697F0F-28E6-4538-AF0F-726B4FD62F4A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{75F35ECC-E873-4A8C-B1F9-377053EC291D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EB145E9-8E46-44C7-860B-62379C2E90ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7F6607A0-E719-4125-B777-4FBD1644012E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8D006141-FD10-4072-8BEB-2E80D95B93E6}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{925BE035-B85B-47AA-941E-0CEE337B1C72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9984362D-B209-4FE8-A3F1-FCF687E9CCAA}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A0DFC2BD-8928-4424-B0F9-7C626BECC2C9}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A7BB6B71-4329-4816-86B5-61C978CA5486}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8BB8519-05B7-45EB-AF39-1DE45EC6DEC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD0324F0-B724-46E4-B774-519D181FF884}" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{BF888484-8D93-4184-A831-9F461D32241F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CAE95D3D-FE66-4EF9-AE0D-A52A8119700A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAF7CDAA-D700-41C9-9074-6B4FBBDB65BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D044AA5A-A611-4B78-BC84-D51DD762DFED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC021FEB-354B-4DFF-BD17-17EE9B7FA8DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCEF0731-B1CA-450D-B31A-C8F771FCFFA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFCC307E-630A-4776-92B9-C4696607DAE0}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F0F454DF-7CA3-435F-86D8-491FB141C37C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F79988A2-5302-43FF-B78B-84B5F0E71F81}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{00D1B140-8958-43DB-A28F-A54596F5F212}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"TCP Query User{1A947DD1-D1DA-4503-90B9-3A3AD5B250FC}C:\program files\java\jre1.8.0_111\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_111\bin\javaw.exe |
"TCP Query User{1AC734AC-7BF9-434F-B720-A0BE95A3B822}C:\program files\java\jre1.8.0_111\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_111\bin\java.exe |
"TCP Query User{1BEA7A99-10FA-40A6-AA34-27419CB011C3}C:\program files (x86)\mozilla firefox 3.6\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox 3.6\firefox.exe |
"TCP Query User{73E06E2D-3EB3-4472-ADA3-7AB4A7840078}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"TCP Query User{8DACD847-B9F3-492C-A7E2-D94C42A50927}C:\program files (x86)\mozilla firefox 3.6\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox 3.6\firefox.exe |
"TCP Query User{945036EF-DD40-4A9B-A777-1DB9DC0679A9}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{B7CD69B2-F68C-43AD-AFDB-E92FA97141BF}C:\program files\java\jre1.8.0_111\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_111\bin\java.exe |
"TCP Query User{B81D2545-7289-4F7E-BD94-BD2FDBF68898}C:\program files\java\jre1.8.0_111\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_111\bin\javaw.exe |
"TCP Query User{BA5E81D6-9977-47FE-9702-E4110989FF95}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{EB718A58-E9BD-46E2-84AA-1C9456158126}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2F4643B4-B27F-45EC-AE8C-67F262720605}C:\program files\java\jre1.8.0_111\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_111\bin\java.exe |
"UDP Query User{3353754E-03F1-4ACB-81C9-24C4D10C6956}C:\program files\java\jre1.8.0_111\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_111\bin\javaw.exe |
"UDP Query User{488333C4-4CCB-43C7-9C33-8BCA215474C7}C:\program files\java\jre1.8.0_111\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_111\bin\java.exe |
"UDP Query User{6008B771-C83A-4A78-ACF2-CED4161F392A}C:\program files (x86)\mozilla firefox 3.6\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox 3.6\firefox.exe |
"UDP Query User{6688C3DB-AB3A-4F13-ACD8-F58520EF71DA}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"UDP Query User{7BCD8B43-8C2E-4BAD-9AA4-AEB91447FB53}C:\program files\java\jre1.8.0_111\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_111\bin\javaw.exe |
"UDP Query User{829831EF-51D8-40B7-A5FB-D9C98DDDE8C0}C:\program files (x86)\mozilla firefox 3.6\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox 3.6\firefox.exe |
"UDP Query User{9ADA0EA7-A9D0-4273-8312-E3EBEA223F6C}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{C64563F2-6C97-40F8-BEDD-AE00BA09D329}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{E2EDB1A2-3097-404B-8FD1-789932F6DCCC}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{E3CA207D-28F2-48DD-8F9D-4FB3334784F5}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0136EF84-8660-4FE0-A9E5-F052F6230085}" = OLYMPUS Raw Codec
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-1604-000001000000}" = 7-Zip 16.04 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F64180111F0}" = Java 8 Update 111 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F64180121F0}" = Java 8 Update 121 (64-bit)
"{3C38CA01-7933-31E7-A1F6-EAA1DF9BEDF3}" = Microsoft .NET Framework 4.6.1 (CSY)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.6.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Defraggler" = Defraggler
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"ZonerPhotoStudio14_CZ_is1" = Zoner Photo Studio 14

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25A60C59-0FDC-4D73-81F4-D4A6D4E0CB92}" = Adobe AIR
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}" = Skype™ 7.33
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87D46479-4132-4639-9A81-14E9F0A8CAFE}" = ZoneAlarm Antivirus
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1" = Zemana AntiMalware
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{924A274D-38B6-4930-8859-F3F51CFA8DDD}" = WD SES Driver Setup
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2104078-AAA5-449E-95DD-55C9443A1029}" = Nero 7 Essentials
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-0804-1033-1959-001824211354}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1036-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Français
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BBB21AB1-2C45-435D-A05A-B563072E7B9B}" = Xirrus Wi-Fi Inspector
"{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2010 Free Advanced
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}" = QuickTime 7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 25 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI
"Avast Antivirus" = Avast Free Antivirus
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.2.2
"EPSON Scanner" = EPSON Scan
"F-Link 1.4.1.977_is1" = F-Link 1.4.1.977
"FormatFactory" = FormatFactory 2.50
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.0.1024
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Firefox 52.0.2 (x86 cs)" = Mozilla Firefox 52.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MVApplication1" = SureThing CD Labeler 4 SE
"Office14.SingleImage" = Microsoft Office 2010 pro studenty a domácnosti
"PerfV350 Uživatelská příručka" = PerfV350 Uživatelská příručka
"RealPlayer 12.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"TechniPort Plus Beta" = TechniPort Plus Beta
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 8.42

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2017 2:25:43 PM | Computer Name = Acer | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 4/5/2017 2:25:43 PM | Computer Name = Acer | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 4/6/2017 4:03:52 PM | Computer Name = Acer | Source = DbxSvc | ID = 131392
Description = Failed to connect to the driver: (-2147024894) Systém nemůže nalézt
uvedený soubor.

Error - 4/6/2017 4:09:40 PM | Computer Name = Acer | Source = VSS | ID = 18
Description =

Error - 4/6/2017 4:09:40 PM | Computer Name = Acer | Source = VSS | ID = 8193
Description =

Error - 4/6/2017 4:09:40 PM | Computer Name = Acer | Source = System Restore | ID = 8193
Description =

Error - 4/6/2017 4:29:10 PM | Computer Name = Acer | Source = DbxSvc | ID = 131392
Description = Failed to connect to the driver: (-2147024894) Systém nemůže nalézt
uvedený soubor.

Error - 4/6/2017 4:33:34 PM | Computer Name = Acer | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 4/6/2017 4:33:34 PM | Computer Name = Acer | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 4/6/2017 4:33:34 PM | Computer Name = Acer | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 4/6/2017 4:33:34 PM | Computer Name = Acer | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

[ System Events ]
Error - 4/6/2017 4:22:16 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 4/6/2017 4:22:16 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 4/6/2017 4:22:16 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 4/6/2017 4:22:16 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 4/6/2017 4:22:16 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 4/6/2017 4:22:16 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 4/6/2017 4:22:16 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 4/6/2017 4:29:08 PM | Computer Name = Acer | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Službě Plánovač úloh se při spuštění nepodařilo načíst úlohy. Další
údaje: Hodnota chyby: 2147942523

Error - 4/6/2017 4:29:10 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7002
Description = Služba MLPTDR_C závisí na skupině Parallel arbitrator a žádný člen
této skupiny nebyl spuštěn.

Error - 4/6/2017 4:31:33 PM | Computer Name = Acer | Source = Service Control Manager | ID = 7003
Description = Služba Intel(R) Management & Security Application User Notification
Service závisí na následující službě: LMS. Tato služba pravděpodobně není nainstalována.


< End of report >

[jaro3]

Drive C: | 60.22 Gb Total Space | 3.01 Gb Free Space | 5.00% Space Free | Partition Type: NTFS

Totální nedostatek volného místa na disku!! Něco odinstaluj , smaž. Máš mít nejméně 15-20% volného místa na syst. disku , pro zajištění bezproblémového chodu windows!!

Pak nový OTL.

[Vercingetorix]

OK.
V programech mám asi 10 verzí Microsoft Visual C++ (viz příloha).
Můžu je nějak promazat?

[Vercingetorix]

A můžu bez obav smazat obsah složky Windows/SoftwareDistribution?
Jinak tam nějak nemám co smazat.

[jaro3]

To nemaž!

Mazat , odinstalovat jen programy mimo microsoft , nějaké dokumenty přemístit jinam ap.