HJT log

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37239
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: HJT log

Příspěvekod jaro3 » 22 kvě 2017 21:14

pokud budou problémy se zoek , zkus ho spustit v nouz. režimu.


Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
MiroslavBusacek
nováček
Příspěvky: 23
Registrován: květen 17
Pohlaví: Muž

Re: HJT log

Příspěvekod MiroslavBusacek » 23 kvě 2017 00:48

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Mirda on po 22.05.2017 at 20:25:27,62.
Microsoft Windows 10 Pro 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Mirda\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22.5.2017 20:40:43 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~2\COMMON~1\AltrixSoft deleted successfully
C:\Program Files\VideoLAN deleted successfully
C:\PROGRA~3\BlazeVideo deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Isolated Storage deleted successfully
C:\PROGRA~3\KASTNER software deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Administrator\AppData\LocalLow deleted successfully
C:\Users\Public\AppData\Local deleted successfully
C:\Users\Mirda\AppData\Local\DBG deleted successfully
C:\Users\Mirda\AppData\Local\NetworkTiles deleted successfully
C:\Users\Mirda\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\DBG deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Seznam.cz not found
C:\Users\Mirda\AppData\Roaming\Confide deleted
C:\Users\Mirda\AppData\Roaming\WhatsApp deleted
C:\Users\Mirda\AppData\Local\Temporary Internet Files deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Mirda\AppData\Local\BTServer.log deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{5A001877-EDC1-4C0A-89B9-0BC635147DA8}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox"
{1F440E47-EE58-4FD8-82A3-8E7388D2150F} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454"
{5A001877-EDC1-4C0A-89B9-0BC635147DA8} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Data aplikací\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirda\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Mirda\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Mirda\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3764 folders=88 219891948 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Mirda\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 23.05.2017 at 0:40:37,18 ======================

MiroslavBusacek
nováček
Příspěvky: 23
Registrován: květen 17
Pohlaví: Muž

Re: HJT log

Příspěvekod MiroslavBusacek » 23 kvě 2017 03:45

Zemana AntiMalware 2.72.2.388 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.5.23
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
BIOS Mode : Legacy
CUID : 1287518978483B4FA11794
Scan Type : Skenování systému
Duration : 101m 0s
Scanned Objects : 1348677
Detected Objects : 7
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

MultiKey.sys
Status : Skenováno
Object : %userprofile%\downloads\etka_7.5\x32\multikey x32 mau-rus\multikey.sys
MD5 : EA0F6EAE86875060E862A72D7C9B1E92
Publisher : NGO
Size : 285152
Version : 0.18.2.3
Detection : Adware:Win32/Zelion!Eeae
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\etka_7.5\x32\multikey x32 mau-rus\multikey.sys

MULTIKEY.SYS
Status : Skenováno
Object : %userprofile%\downloads\etka_7.5\etka_doplňky\uprava etka 7.4 pro 64bit - lepší\multikey_64-bit\multikey.sys
MD5 : 8894A680F52C01D00A8582C853651CB1
Publisher : 上海域联软件技术有限公司
Size : 76040
Version : 0.18.1.0
Detection : Adware:Win32/OutBrowse!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\etka_7.5\etka_doplňky\uprava etka 7.4 pro 64bit - lepší\multikey_64-bit\multikey.sys

Etka Cenniky v1.6.exe
Status : Skenováno
Object : %userprofile%\downloads\etka_7.5\etka_doplňky\etka 7.4 prices downloader v1.6\etka cenniky v1.6.exe
MD5 : A3473FE12998F2D23BB2D1C46B206A39
Publisher : -
Size : 994816
Version : 1.6.0.0
Detection : Malware:Win32/Obfus.A!Eere
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\etka_7.5\etka_doplňky\etka 7.4 prices downloader v1.6\etka cenniky v1.6.exe

Etka Ceníky v1.6.exe
Status : Skenováno
Object : %userprofile%\downloads\etka_7.5\etka-utilita-ceníky\etka ceníky v1.6.exe
MD5 : A3473FE12998F2D23BB2D1C46B206A39
Publisher : -
Size : 994816
Version : 1.6.0.0
Detection : Malware:Win32/Obfus.A!Eere
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\etka_7.5\etka-utilita-ceníky\etka ceníky v1.6.exe

Etka Cenniky v1.8.exe
Status : Skenováno
Object : %userprofile%\downloads\etka_7.5\etka-utilita-ceníky\etka cenniky v1.8.exe
MD5 : F4515D7380BBA68DED87F4F57BE185E9
Publisher : -
Size : 996352
Version : 1.8.0.0
Detection : Malware:Win32/Obfus.A!Kmlt
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\etka_7.5\etka-utilita-ceníky\etka cenniky v1.8.exe

tencent
Status : Skenováno
Object : NE->c:\users\mirda\appdata\local\virtualstore\programdata\tencent
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Tencent.K!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)

{b9e13266-1d4c-4f13-a101-04f55bb572d3}
Status : Skenováno
Object : NE->c:\windows\system32\tasks\{b9e13266-1d4c-4f13-a101-04f55bb572d3}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 0

MiroslavBusacek
nováček
Příspěvky: 23
Registrován: květen 17
Pohlaví: Muž

Re: HJT log

Příspěvekod MiroslavBusacek » 23 kvě 2017 03:46

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:46:11, on 23.5.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
Boot mode: Normal

Running processes:
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Mirda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Users\Mirda\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Mirda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [ProgLauncher] C:\Program Files\ProgDVB x64\ProgLauncher.exe
O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX230" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX230" (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: Sidebar814.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AvrcpService - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Redirect Agent (ENAgent) - SEIKO EPSON CORPORATION - C:\Windows\SysWOW64\ENAgent.exe
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\WINDOWS\system32\hasplms.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - C:\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @oem10.inf,%WBFService_SvcDesc%;Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\WINDOWS\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @oem10.inf,%BioSyncService_SvcDesc%;BiometricSensorDataSynchronization (valWbioSyncSvc) - Unknown owner - C:\WINDOWS\system32\valWbioSyncSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 13655 bytes

MiroslavBusacek
nováček
Příspěvky: 23
Registrován: květen 17
Pohlaví: Muž

Re: HJT log

Příspěvekod MiroslavBusacek » 23 kvě 2017 03:47

Bohuzel stav pretrvava,prikazovy radek nelze spustit

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37239
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: HJT log

Příspěvekod jaro3 » 23 kvě 2017 18:46

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

MiroslavBusacek
nováček
Příspěvky: 23
Registrován: květen 17
Pohlaví: Muž

Re: HJT log

Příspěvekod MiroslavBusacek » 23 kvě 2017 20:31

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Mirda (administrator) on MIRDA-NOTEBOOK (23-05-2017 20:07:23)
Running from C:\Users\Mirda\Desktop
Loaded Profiles: Mirda (Available Profiles: Mirda & Administrator & Guest)
Platform: Windows 10 Pro Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(FirebirdSQL Project) C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe
() C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrDba.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrSaz.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\ENAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrHis.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrAdm.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ELSAWINDB\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrPas.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrAuf.exe
(FirebirdSQL Project) C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1408752 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1408752 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1408752 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-01-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [230104 2015-07-10] (Realtek Semiconductor Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2016-02-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd)
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\Run: [ProgLauncher] => C:\Program Files\ProgDVB x64\ProgLauncher.exe [659144 2017-03-17] ()
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-11-22] ()
Startup: C:\Users\Mirda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk [2016-10-25]
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Mirda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar965.lnk [2017-05-23]
ShortcutTarget: Sidebar965.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\Mirda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-11-17]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4b21e484-630d-4a51-9b60-45451abc78d4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d293fb10-d4cb-4c5b-8687-01fdc865fa8e}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-3999955230-315293111-4109583373-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3999955230-315293111-4109583373-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3999955230-315293111-4109583373-1000 -> {1F440E47-EE58-4FD8-82A3-8E7388D2150F} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll [2011-12-06] (TODO: <Company name>)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3999955230-315293111-4109583373-1000 -> hxxp://seznam.cz/

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3999955230-315293111-4109583373-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default -> Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR Profile: C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default [2017-05-19]
CHR Extension: (Prezentace Google) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-16]
CHR Extension: (Dokumenty Google) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-16]
CHR Extension: (Disk Google) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-16]
CHR Extension: (Volání přes Skype) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-03-22]
CHR Extension: (YouTube) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-11]
CHR Extension: (Tabulky Google) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-16]
CHR Extension: (Mapy Google) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-03-22]
CHR Extension: (WeatherBug) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2017-03-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-06]
CHR Profile: C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (YouTube™ use Flash Player) - C:\Users\Mirda\AppData\Roaming\Opera Software\Opera Stable\Extensions\fiahcimehnkpiibcnpfjappieaokaebl [2017-02-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-02] (Realtek Semiconductor Corporation)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [121560 2015-07-20] ()
R2 ENAgent; C:\Windows\SysWOW64\ENAgent.exe [4209856 2012-07-05] (SEIKO EPSON CORPORATION)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-09-03] (FirebirdSQL Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2002944 2007-09-03] (FirebirdSQL Project) [File not signed]
S2 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-07-17] (SafeNet Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330144 2015-09-09] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-04-25] (Lenovo Group Limited)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LcSvrAdm; C:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-12-06] (Volkswagen AG) [File not signed]
R3 LcSvrAuf; C:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrDba; C:\ElsaWin\bin\LcSvrDba.exe [392704 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrHis; C:\ElsaWin\bin\LcSvrHis.exe [335360 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrPAS; C:\ElsaWin\bin\LcSvrPas.exe [477696 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrSaz; C:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-12-06] (Volkswagen AG) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MSSQL$ELSAWINDB; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ELSAWINDB\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S4 SQLAgent$ELSAWINDB; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ELSAWINDB\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [86544 2016-07-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [56848 2016-07-13] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [88752 2016-10-04] ()
S3 GemCCID; C:\WINDOWS\system32\DRIVERS\GemCCID.sys [139632 2015-07-10] (Gemalto)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-03-13] (REALiX(tm))
S3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [165504 2015-07-15] (ITE )
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-23] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-23] (Malwarebytes)
R1 MpKsl48a6a2dc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2D2EADE0-78AD-4683-9577-734EDF64F389}\MpKsl48a6a2dc.sys [44928 2017-05-23] (Microsoft Corporation)
R1 MpKsl7b7d6672; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10D1C947-AEA9-457F-8452-A97593B47870}\MpKsl7b7d6672.sys [44928 2017-05-23] (Microsoft Corporation)
S3 multikey; C:\WINDOWS\system32\DRIVERS\multikey.sys [883424 2015-09-10] (TestProtect.com) [File not signed]
S4 RsFx0153; C:\WINDOWS\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp.)
R1 rsutils; C:\WINDOWS\System32\DRIVERS\rsutils.sys [69336 2014-08-15] (Beijing Rising Information Technology Co., Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [602352 2015-08-06] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-08-14] (Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\system32\DRIVERS\smi.sys [39488 2016-07-13] (Synaptics Incorporated)
R0 sysmon; C:\WINDOWS\System32\DRIVERS\sysmon.sys [119344 2014-09-10] (Beijing Rising Information Technology Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-14] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-05-23] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-23] (Zemana Ltd.)
U3 idsvc; no ImagePath
S3 RtkA2dp; \SystemRoot\system32\drivers\RtkA2dp.sys [X]

MiroslavBusacek
nováček
Příspěvky: 23
Registrován: květen 17
Pohlaví: Muž

Re: HJT log

Příspěvekod MiroslavBusacek » 23 kvě 2017 20:31

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-23 20:07 - 2017-05-23 20:09 - 00025499 _____ C:\Users\Mirda\Desktop\FRST.txt
2017-05-23 20:07 - 2017-05-23 20:07 - 00000000 ____D C:\FRST
2017-05-23 20:05 - 2017-05-23 20:05 - 02429952 _____ (Farbar) C:\Users\Mirda\Desktop\FRST64.exe
2017-05-23 17:53 - 2017-05-23 17:53 - 00000000 ____D C:\ProgramData\Isolated Storage
2017-05-23 17:14 - 2017-05-23 17:14 - 00000000 ___HD C:\$SysReset
2017-05-23 12:51 - 2017-05-23 12:51 - 00000000 ___HD C:\OneDriveTemp
2017-05-23 00:52 - 2017-05-23 20:08 - 00089281 _____ C:\WINDOWS\ZAM.krnl.trace
2017-05-23 00:52 - 2017-05-23 20:08 - 00071026 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-05-23 00:52 - 2017-05-23 00:52 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-05-23 00:52 - 2017-05-23 00:52 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-05-23 00:52 - 2017-05-23 00:52 - 00001234 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-05-23 00:52 - 2017-05-23 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-05-23 00:51 - 2017-05-23 00:52 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-23 00:51 - 2017-05-23 00:51 - 00000000 ____D C:\Users\Mirda\AppData\Local\Zemana
2017-05-23 00:50 - 2017-05-23 00:50 - 05774688 _____ (Zemana Ltd. ) C:\Users\Mirda\Desktop\Zemana.AntiMalware.Setup.exe
2017-05-22 21:53 - 2017-05-22 21:53 - 00000000 ____D C:\Users\Mirda\AppData\Local\PeerDistRepub
2017-05-22 21:48 - 2017-05-22 21:48 - 00000000 ____D C:\Users\Mirda\AppData\Local\Data aplikacÝ
2017-05-22 21:48 - 2017-05-22 20:25 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-05-22 20:25 - 2017-05-22 21:39 - 00000000 ____D C:\zoek_backup
2017-05-22 20:24 - 2017-05-22 20:24 - 01309184 _____ C:\Users\Mirda\Desktop\zoek.exe
2017-05-20 00:24 - 2017-05-20 00:24 - 26320968 _____ C:\Users\Mirda\Desktop\RogueKiller_portable64.exe
2017-05-19 20:01 - 2017-05-19 20:01 - 00000000 ____D C:\ProgramData\Sophos
2017-05-19 19:57 - 2017-05-19 19:57 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-05-19 19:57 - 2017-05-19 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-05-19 19:56 - 2017-05-19 19:56 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-05-19 19:52 - 2017-05-19 19:54 - 167743696 _____ (Sophos Limited) C:\Users\Mirda\Desktop\Sophos Virus Removal Tool.exe
2017-05-19 18:44 - 2017-05-19 18:44 - 01663672 _____ (Malwarebytes) C:\Users\Mirda\Desktop\JRT.exe
2017-05-19 17:52 - 2017-05-19 17:52 - 00000000 ____D C:\ProgramData\Etwok Software
2017-05-19 17:46 - 2017-05-19 17:46 - 00000844 _____ C:\Users\Mirda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows10Upgrade28085.lnk
2017-05-19 04:23 - 2017-05-19 04:23 - 00247524 _____ C:\Users\Mirda\Downloads\dokument-86008634.pdf
2017-05-19 04:17 - 2017-05-19 04:17 - 00133826 _____ C:\Users\Mirda\Downloads\dokument-86008635.pdf
2017-05-19 04:17 - 2017-05-19 04:17 - 00132211 _____ C:\Users\Mirda\Downloads\dokument-81992170.pdf
2017-05-17 21:54 - 2017-05-17 21:54 - 00000000 ____D C:\Users\Mirda\AppData\Local\CEF
2017-05-17 21:54 - 2017-05-17 21:54 - 00000000 ____D C:\Users\Mirda\AppData\Local\Adobe
2017-05-17 18:14 - 2017-05-23 19:32 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-17 18:14 - 2017-05-23 17:22 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-17 18:14 - 2017-05-23 17:22 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-17 18:14 - 2017-05-23 17:22 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-17 18:14 - 2017-05-23 00:39 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-17 18:13 - 2017-05-17 18:13 - 00001929 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-17 18:13 - 2017-05-17 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-17 18:13 - 2017-05-17 18:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-17 18:13 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-17 17:55 - 2017-05-19 18:18 - 00000000 ____D C:\AdwCleaner
2017-05-17 17:35 - 2017-05-17 21:34 - 00000000 ____D C:\Users\Mirda\AppData\Local\Apps\2.0
2017-05-17 17:32 - 2017-05-17 17:32 - 04102600 _____ C:\Users\Mirda\Desktop\AdwCleaner.exe
2017-05-17 17:31 - 2017-05-17 17:31 - 00448512 _____ (OldTimer Tools) C:\Users\Mirda\Desktop\TFC.exe
2017-05-17 17:31 - 2017-05-17 17:31 - 00050688 _____ (Atribune.org) C:\Users\Mirda\Desktop\ATF-Cleaner.exe
2017-05-16 19:34 - 2001-10-26 23:16 - 00016384 _____ C:\WINDOWS\SysWOW64\FileOps.exe
2017-05-16 17:28 - 2017-05-16 17:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mirda\Desktop\HijackThis.exe
2017-05-14 11:13 - 2017-05-14 11:13 - 00000898 _____ C:\Users\Mirda\Downloads\voda.txt
2017-05-10 21:32 - 2017-05-10 21:32 - 00001678 _____ C:\Users\Mirda\Desktop\opera – zástupce.lnk
2017-05-10 21:14 - 2017-04-28 03:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-10 21:14 - 2017-04-28 03:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-10 21:14 - 2017-04-28 03:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 21:14 - 2017-04-28 03:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 21:14 - 2017-04-28 03:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-10 21:14 - 2017-04-28 03:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 21:14 - 2017-04-28 02:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-10 21:14 - 2017-04-28 02:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 21:14 - 2017-04-28 02:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-10 21:14 - 2017-04-28 02:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-10 21:14 - 2017-04-28 02:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-10 21:14 - 2017-04-28 02:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 21:14 - 2017-04-28 02:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-10 21:14 - 2017-04-28 02:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-10 21:14 - 2017-04-28 02:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 21:14 - 2017-04-28 02:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-10 21:14 - 2017-04-28 02:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-10 21:14 - 2017-04-28 02:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-10 21:14 - 2017-04-28 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-10 21:14 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-10 21:14 - 2017-04-28 02:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-10 21:14 - 2017-04-28 02:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-10 21:14 - 2017-04-28 02:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 21:14 - 2017-04-28 02:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 21:14 - 2017-04-28 02:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 21:14 - 2017-04-28 02:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-10 21:14 - 2017-04-28 02:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 21:14 - 2017-04-28 02:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 21:14 - 2017-04-28 02:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-10 21:14 - 2017-04-28 02:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-10 21:14 - 2017-04-28 02:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-10 21:14 - 2017-04-28 02:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-10 21:14 - 2017-04-28 02:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 21:14 - 2017-04-28 02:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-10 21:14 - 2017-04-28 02:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 21:14 - 2017-04-28 02:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-10 21:14 - 2017-04-28 02:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-10 21:14 - 2017-04-28 01:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-10 21:14 - 2017-04-28 01:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 21:14 - 2017-04-28 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-10 21:14 - 2017-04-28 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-10 21:14 - 2017-04-28 01:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-10 21:14 - 2017-04-28 01:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 21:14 - 2017-04-28 01:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-10 21:14 - 2017-04-28 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-10 21:14 - 2017-04-28 01:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 21:14 - 2017-04-28 01:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-10 21:14 - 2017-04-28 01:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 21:13 - 2017-04-28 03:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-10 21:13 - 2017-04-28 03:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 21:13 - 2017-04-28 03:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 21:13 - 2017-04-28 03:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-10 21:13 - 2017-04-28 03:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-10 21:13 - 2017-04-28 03:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 21:13 - 2017-04-28 03:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 21:13 - 2017-04-28 03:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 21:13 - 2017-04-28 03:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 21:13 - 2017-04-28 03:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-10 21:13 - 2017-04-28 03:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 21:13 - 2017-04-28 03:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-10 21:13 - 2017-04-28 03:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-10 21:13 - 2017-04-28 03:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-10 21:13 - 2017-04-28 03:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-10 21:13 - 2017-04-28 02:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-10 21:13 - 2017-04-28 02:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 21:13 - 2017-04-28 02:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-10 21:13 - 2017-04-28 02:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-10 21:13 - 2017-04-28 02:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-10 21:13 - 2017-04-28 02:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-10 21:13 - 2017-04-28 02:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 21:13 - 2017-04-28 02:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-10 21:13 - 2017-04-28 02:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 21:13 - 2017-04-28 02:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-10 21:13 - 2017-04-28 02:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 21:13 - 2017-04-28 02:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 21:13 - 2017-04-28 02:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 21:13 - 2017-04-28 02:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 21:13 - 2017-04-28 02:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-10 21:13 - 2017-04-28 02:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 21:13 - 2017-04-28 02:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-10 21:13 - 2017-04-28 02:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-10 21:13 - 2017-04-28 02:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-10 21:13 - 2017-04-28 02:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 21:13 - 2017-04-28 02:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-10 21:13 - 2017-04-28 02:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 21:13 - 2017-04-28 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-10 21:13 - 2017-04-28 02:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-10 21:13 - 2017-04-28 02:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-10 21:13 - 2017-04-28 02:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-10 21:13 - 2017-04-28 02:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 21:13 - 2017-04-28 02:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 21:13 - 2017-04-28 02:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-10 21:13 - 2017-04-28 02:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-10 21:13 - 2017-04-28 02:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-10 21:13 - 2017-04-28 02:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 21:13 - 2017-04-28 02:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-10 21:13 - 2017-04-28 02:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-10 21:13 - 2017-04-28 02:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-10 21:13 - 2017-04-28 02:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-10 21:13 - 2017-04-28 02:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 21:13 - 2017-04-28 02:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 21:13 - 2017-04-28 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-10 21:13 - 2017-04-28 02:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 21:13 - 2017-04-28 02:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-10 21:13 - 2017-04-28 02:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-10 21:13 - 2017-04-28 02:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 21:13 - 2017-04-28 02:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-10 21:13 - 2017-04-28 02:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-10 21:13 - 2017-04-28 01:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-10 21:13 - 2017-04-28 01:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-10 21:13 - 2017-04-28 01:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 21:13 - 2017-04-28 01:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 21:13 - 2017-04-28 01:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-10 21:05 - 2017-05-10 21:05 - 00000000 ____D C:\Users\Mirda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Confide
2017-05-10 21:04 - 2017-05-10 21:05 - 00000000 ____D C:\Users\Mirda\AppData\Local\Confide
2017-05-09 18:35 - 2017-04-19 09:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-09 18:35 - 2017-04-19 09:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-09 18:35 - 2017-04-19 08:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-09 18:35 - 2017-04-19 08:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-09 18:35 - 2017-04-19 08:13 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-09 18:35 - 2017-04-19 08:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-09 18:35 - 2017-04-19 08:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-09 18:35 - 2017-04-19 08:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-09 18:35 - 2017-04-19 08:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-09 18:35 - 2017-04-19 08:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-09 18:35 - 2017-04-19 08:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-09 18:35 - 2017-04-19 07:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-09 18:35 - 2017-04-19 07:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-09 18:35 - 2017-04-19 07:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-09 18:35 - 2017-04-19 07:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-09 18:35 - 2017-04-19 07:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-09 18:35 - 2017-04-19 07:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-09 18:35 - 2017-04-19 07:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-09 18:35 - 2017-04-19 07:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-09 18:35 - 2017-04-19 07:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-09 18:35 - 2017-04-19 07:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-09 18:35 - 2017-04-14 01:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-09 18:35 - 2017-04-14 01:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-09 18:35 - 2017-04-14 01:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-09 18:35 - 2017-04-14 01:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-09 18:35 - 2017-04-14 01:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-09 18:35 - 2017-04-14 01:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-09 18:35 - 2017-04-14 01:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-09 18:35 - 2017-04-14 01:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-09 18:35 - 2017-04-14 01:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-09 18:35 - 2017-04-14 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-09 18:35 - 2017-04-14 01:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-09 18:35 - 2017-04-14 01:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-09 18:35 - 2017-04-14 01:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-09 18:35 - 2017-04-14 01:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-09 18:35 - 2017-04-14 01:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-09 18:35 - 2017-04-14 01:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-09 18:35 - 2017-04-14 01:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-09 18:35 - 2017-04-14 01:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-09 18:35 - 2017-04-14 01:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-09 18:35 - 2017-04-14 01:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-09 18:35 - 2017-04-14 01:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-09 18:34 - 2017-04-19 09:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-09 18:34 - 2017-04-19 09:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-09 18:34 - 2017-04-19 08:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-09 18:34 - 2017-04-19 08:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-09 18:34 - 2017-04-19 08:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-09 18:34 - 2017-04-19 08:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-09 18:34 - 2017-04-19 08:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-09 18:34 - 2017-04-19 08:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-09 18:34 - 2017-04-19 08:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-09 18:34 - 2017-04-19 08:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-09 18:34 - 2017-04-19 08:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-09 18:34 - 2017-04-19 08:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-09 18:34 - 2017-04-19 08:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-09 18:34 - 2017-04-19 08:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-09 18:34 - 2017-04-19 08:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-09 18:34 - 2017-04-19 08:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-09 18:34 - 2017-04-19 08:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-09 18:34 - 2017-04-19 08:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-09 18:34 - 2017-04-19 07:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-09 18:34 - 2017-04-19 07:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-09 18:34 - 2017-04-14 02:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-09 18:34 - 2017-04-14 02:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-09 18:34 - 2017-04-14 02:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-09 18:34 - 2017-04-14 02:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-09 18:34 - 2017-04-14 02:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-09 18:34 - 2017-04-14 02:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-09 18:34 - 2017-04-14 02:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-09 18:34 - 2017-04-14 02:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-09 18:34 - 2017-04-14 01:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-09 18:34 - 2017-04-14 01:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-09 18:34 - 2017-04-14 01:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-09 18:34 - 2017-04-14 01:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-09 18:34 - 2017-04-14 01:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-09 18:34 - 2017-04-14 01:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-09 18:34 - 2017-04-14 01:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-09 18:34 - 2017-04-14 01:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-09 18:34 - 2017-04-14 01:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-09 18:34 - 2017-04-14 01:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-09 18:34 - 2017-04-14 01:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-09 18:34 - 2017-04-14 01:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-09 18:34 - 2017-04-14 01:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-09 18:34 - 2017-04-14 01:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-09 18:34 - 2017-04-14 01:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-09 18:34 - 2017-04-14 01:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-09 18:34 - 2017-04-14 01:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-09 18:34 - 2017-04-14 01:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-09 18:34 - 2017-04-14 01:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-09 18:34 - 2017-04-14 01:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-09 18:34 - 2017-04-14 01:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-09 18:34 - 2017-04-14 01:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-09 18:34 - 2017-04-14 01:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-09 18:34 - 2017-04-14 01:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-09 18:34 - 2017-04-14 01:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-09 18:34 - 2017-04-14 01:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-09 18:34 - 2017-04-14 01:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-06 07:09 - 2017-05-06 07:09 - 56346200 _____ (Confide) C:\Users\Mirda\Downloads\ConfideSetup.exe
2017-04-30 12:34 - 2011-12-24 08:40 - 00627558 _____ C:\Users\Mirda\Downloads\Marketka zpiva.3gp
2017-04-30 12:33 - 2015-03-05 09:52 - 00107389 _____ C:\Users\Mirda\Downloads\received_1069367366413060.jpeg
2017-04-30 12:06 - 2017-04-30 12:06 - 00000000 ____D C:\Users\Mirda\Documents\Visual Studio 2008
2017-04-30 09:10 - 2017-05-20 16:25 - 00000000 ____D C:\Users\Mirda\AppData\Local\Deployment
2017-04-30 06:45 - 2017-04-30 06:45 - 00038435 _____ C:\Users\Mirda\AppData\Roaming\Hodnoty oddělené čárkami (DOS).ADR
2017-04-29 07:22 - 2017-04-29 07:22 - 00000000 ____D C:\Users\Mirda\AppData\Roaming\Google
2017-04-28 19:53 - 2016-07-02 14:47 - 656167186 _____ C:\Users\Mirda\Downloads\ETKA_7.5.rar
2017-04-25 16:54 - 2017-04-25 16:54 - 00257856 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-23 20:02 - 2017-04-06 19:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-23 18:28 - 2015-07-22 19:00 - 02190336 _____ C:\Users\Mirda\database.fdb
2017-05-23 17:55 - 2016-11-16 20:52 - 00526249 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-05-23 17:51 - 2015-01-30 13:05 - 00000000 ___RD C:\Users\Mirda\OneDrive
2017-05-23 17:50 - 2015-01-29 21:14 - 00000000 __SHD C:\Users\Mirda\IntelGraphicsProfiles
2017-05-23 17:22 - 2017-04-06 19:37 - 00000000 ____D C:\ProgramData\Synaptics
2017-05-23 17:22 - 2016-07-30 11:01 - 00008883 _____ C:\WINDOWS\SysWOW64\ÁÂĂÄĹĆÇČÉĘËĚÍÎĎĐŃŇÓÔŐÖ÷ŘŮÚŰÜÝŢ
2017-05-23 17:21 - 2017-04-06 20:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-23 17:20 - 2017-03-18 13:40 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2017-05-23 16:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-23 13:34 - 2015-01-31 09:13 - 00000000 ____D C:\Program Files\TeamViewer
2017-05-23 12:51 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-23 12:06 - 2015-12-31 18:39 - 02125824 ___SH C:\Users\Mirda\Desktop\Thumbs.db
2017-05-23 01:08 - 2015-01-29 22:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 00:53 - 2017-04-06 19:40 - 00000000 ____D C:\Users\Mirda
2017-05-23 00:50 - 2015-01-29 22:33 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-23 00:23 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-23 00:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-22 21:39 - 2016-08-03 20:23 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-05-22 21:39 - 2016-08-03 20:23 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-05-22 21:39 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-22 18:07 - 2015-07-30 12:10 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-05-21 20:52 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-21 07:12 - 2015-02-01 11:37 - 00000000 ___RD C:\Users\Mirda\Documents\Scanned Documents
2017-05-21 06:58 - 2016-10-26 03:42 - 00000000 ____D C:\Users\Mirda\AppData\Local\CrashDumps
2017-05-19 19:01 - 2017-04-06 20:29 - 00003968 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1422559614
2017-05-19 19:01 - 2017-01-28 12:53 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-19 19:01 - 2015-01-29 21:24 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-18 22:27 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-05-17 18:13 - 2015-07-29 20:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-17 17:56 - 2016-07-30 05:37 - 00000000 ____D C:\Users\Mirda\AppData\Local\Comms
2017-05-16 19:37 - 2016-12-18 08:09 - 00000000 ____D C:\Users\Mirda\Downloads\ELSA
2017-05-16 11:49 - 2015-07-23 06:39 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 11:49 - 2015-07-23 06:39 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-13 21:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-13 14:37 - 2015-10-29 18:06 - 00000680 _____ C:\Users\Mirda\Desktop\TV.website
2017-05-11 03:39 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-11 03:39 - 2015-07-24 18:32 - 00000000 ___RD C:\Users\Mirda\Virtual Machines
2017-05-10 23:18 - 2017-04-06 19:38 - 02454236 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-10 23:18 - 2017-03-20 06:39 - 01025012 _____ C:\WINDOWS\system32\perfh005.dat
2017-05-10 23:18 - 2017-03-20 06:39 - 00252382 _____ C:\WINDOWS\system32\perfc005.dat
2017-05-10 23:15 - 2017-04-06 19:29 - 00409128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-10 23:10 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-10 23:10 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-10 23:10 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 23:10 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-10 21:17 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-10 21:05 - 2015-10-31 13:05 - 00000000 ____D C:\Users\Mirda\AppData\Local\SquirrelTemp
2017-05-09 21:32 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-09 21:32 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-09 21:32 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-09 21:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-09 21:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-09 21:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-09 21:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-09 21:32 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-06 06:03 - 2017-04-06 20:29 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-01 21:47 - 2015-01-30 13:04 - 00000000 ____D C:\Users\Mirda\AppData\Roaming\Skype
2017-05-01 21:46 - 2016-08-06 18:28 - 00082317 _____ C:\Users\Mirda\Documents\Spotreby Byt.xlsx
2017-05-01 21:19 - 2015-02-01 00:01 - 00007601 _____ C:\Users\Mirda\AppData\Local\Resmon.ResmonCfg
2017-05-01 21:19 - 2015-01-31 09:13 - 00000000 ____D C:\Users\Mirda\AppData\Roaming\TeamViewer
2017-05-01 18:55 - 2017-01-14 14:15 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-04-30 12:37 - 2015-02-01 10:21 - 00013312 _____ C:\Users\Mirda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-30 02:30 - 2017-04-06 20:29 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 02:30 - 2017-04-06 20:29 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 22:24 - 2017-04-06 19:40 - 00000000 ____D C:\Users\Guest
2017-04-29 22:24 - 2017-03-15 07:16 - 00000000 ____D C:\Users\Mirda\AppData\Local\Zello
2017-04-29 22:24 - 2016-08-03 18:07 - 00000000 ___HD C:\$GetCurrent
2017-04-29 22:24 - 2016-08-03 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-29 22:24 - 2016-08-03 04:14 - 00000000 ____D C:\Program Files\CCleaner
2017-04-29 22:24 - 2015-02-01 14:56 - 00000000 ____D C:\Users\Mirda\AppData\Roaming\GHISLER
2017-04-29 22:24 - 2015-01-31 23:32 - 00000000 ____D C:\Users\Mirda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-04-29 22:24 - 2015-01-29 21:20 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-04-29 22:09 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\registration
2017-04-29 03:05 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 03:05 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-27 19:45 - 2016-11-01 05:02 - 00000000 ____D C:\Users\Mirda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-04-27 19:45 - 2016-11-01 05:01 - 00000000 ____D C:\Users\Mirda\AppData\Local\WhatsApp
2017-04-24 23:52 - 2016-12-23 14:33 - 00000000 ____D C:\Users\Mirda\Downloads\Dokumenty
2017-04-24 23:46 - 2016-04-10 10:43 - 00000000 ___RD C:\Users\Mirda\Documents\MEGA
2017-04-24 23:33 - 2016-12-29 04:40 - 00000748 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník při upgradu na Windows 10.lnk
2017-04-24 23:33 - 2016-12-29 04:40 - 00000000 ____D C:\Windows10Upgrade

==================== Files in the root of some directories =======

2015-02-10 09:30 - 2014-05-10 13:56 - 1577984 _____ (Centrum.cz) C:\Program Files (x86)\Fotoalba nahravac.exe
2016-11-05 13:20 - 2016-12-12 21:48 - 0000092 _____ () C:\Users\Mirda\AppData\Roaming\Control System_Settings.ini
2017-04-30 06:45 - 2017-04-30 06:45 - 0038435 _____ () C:\Users\Mirda\AppData\Roaming\Hodnoty oddělené čárkami (DOS).ADR
2016-10-29 12:03 - 2016-10-29 12:03 - 0038426 _____ () C:\Users\Mirda\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2016-12-11 06:16 - 2016-12-11 06:16 - 0001173 _____ () C:\Users\Mirda\AppData\Roaming\Network Meter_Settings.ini
2016-12-11 07:40 - 2016-12-18 07:15 - 0000024 _____ () C:\Users\Mirda\AppData\Roaming\Network Meter_Usage.ini
2016-12-11 06:06 - 2016-12-11 06:06 - 0000154 _____ () C:\Users\Mirda\AppData\Roaming\Network Monitor II_#0_ExternalIPs.txt
2016-12-11 05:59 - 2016-12-11 06:14 - 0000888 _____ () C:\Users\Mirda\AppData\Roaming\Network Monitor II_#0_Settings.ini
2016-12-11 06:14 - 2016-12-11 06:14 - 0000119 _____ () C:\Users\Mirda\AppData\Roaming\Network Monitor II_#0_Traffic.ini
2016-12-11 06:04 - 2016-12-11 06:04 - 0002451 _____ () C:\Users\Mirda\AppData\Roaming\System Monitor II_CPU0_Settings.ini
2016-11-05 13:30 - 2016-12-11 06:19 - 0000121 _____ () C:\Users\Mirda\AppData\Roaming\System Monitor II_UptimeRecord.ini
2017-05-23 00:36 - 2017-05-23 17:50 - 0010397 _____ () C:\Users\Mirda\AppData\Local\BTServer.log
2015-02-01 10:21 - 2017-04-30 12:37 - 0013312 _____ () C:\Users\Mirda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-23 19:48 - 2016-10-23 19:48 - 0004096 ____H () C:\Users\Mirda\AppData\Local\keyfile3.drm
2015-02-01 00:01 - 2017-05-01 21:19 - 0007601 _____ () C:\Users\Mirda\AppData\Local\Resmon.ResmonCfg
2017-04-06 19:36 - 2017-04-06 19:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Mirda\IP_Log_Data.js
C:\Users\Mirda\Network_Meter_Data.js


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-19 04:04

==================== End of FRST.txt ============================

MiroslavBusacek
nováček
Příspěvky: 23
Registrován: květen 17
Pohlaví: Muž

Re: HJT log

Příspěvekod MiroslavBusacek » 23 kvě 2017 20:32

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Mirda (23-05-2017 20:10:29)
Running from C:\Users\Mirda\Desktop
Windows 10 Pro Version 1703 (X64) (2017-04-06 19:30:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3999955230-315293111-4109583373-500 - Administrator - Disabled) => C:\Users\Administrator.MIRDA-NOTEBOOK
DefaultAccount (S-1-5-21-3999955230-315293111-4109583373-503 - Limited - Disabled)
Guest (S-1-5-21-3999955230-315293111-4109583373-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3999955230-315293111-4109583373-1024 - Limited - Enabled)
Mirda (S-1-5-21-3999955230-315293111-4109583373-1000 - Administrator - Enabled) => C:\Users\Mirda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{F60DAD2D-8625-4467-AE01-EA0382187621}) (Version: 19.0.0 - Helmut Buhler)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
AirXonix version 1.45 (HKLM-x32\...\AirXonix_is1) (Version: 1.45 - AxySoft)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)
Ashampoo Photo Commander 12 v.12.0.13 (HKLM-x32\...\{C92AB6F1-691B-9629-9ECD-7291A9DF25A8}_is1) (Version: 12.0.13 - Ashampoo GmbH & Co. KG)
Autoškola professional 3.5 (HKLM-x32\...\Autoškola professional_is1) (Version: - )
Balíček ovladače systému Windows - FTDI CDM Driver Package - Bus/D2XX Driver (07/10/2015 2.12.06) (HKLM\...\B85E5F21D69245012A4E4C2DFAF38615FC7CF7AA) (Version: 07/10/2015 2.12.06 - FTDI)
Balíček ovladače systému Windows - FTDI CDM Driver Package - VCP Driver (07/10/2015 2.12.06) (HKLM\...\71B7FC12B248030B4BBBCA0C57826D74F64DB010) (Version: 07/10/2015 2.12.06 - FTDI)
Balíček ovladače systému Windows - Lenovo (ACPIVPC) System (09/24/2013 11.19.0.845) (HKLM\...\BD8A640DD72A18DFC3CEF8418113F7170A6CB417) (Version: 09/24/2013 11.19.0.845 - Lenovo)
Balíček ovladače systému Windows - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Confide (HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\Confide) (Version: 1.4.6 - Confide)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
ElsaWin (HKLM-x32\...\ElsaWin) (Version: 4.00 - )
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.17 - Lenovo)
Energy Manager (x32 Version: 1.5.0.17 - Lenovo) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX230 Series Printer Uninstall (HKLM\...\EPSON SX230 Series) (Version: - SEIKO EPSON Corporation)
EVEREST Ultimate Edition v4.20 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 4.20 - Lavalys, Inc.)
Express Courier Beta verze 0.5.0 (HKLM-x32\...\{56224C24-4579-4A63-80E2-18284A0990F7}_is1) (Version: 0.5.0 - Simopt, s.r.o.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Firebird 2.0.3 (HKLM-x32\...\FBDBServer_2_0_is1) (Version: - Firebird Project)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GDR 4042 for SQL Server 2008 R2 (KB3045313) (64-bit) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HWiNFO64 Version 5.20 (HKLM\...\HWiNFO64_is1) (Version: 5.20 - Martin Malík - REALiX)
Chroma Crash! version 1.21 (HKLM-x32\...\Chroma Crash!_is1) (Version: 1.21 - AxySoft)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jízdní řád ČD 2017 (HKLM-x32\...\{2FFA4F8E-8D11-4A0C-9C58-4BD03B51DDDA}_is1) (Version: - České dráhy a.s.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.076.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0042 - Lenovo)
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0405-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{B2213E4E-F502-4D36-BE95-9293C866EF3F}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Motordiag Komfort Manager Lite 1.20 (HKLM-x32\...\Motordiag Komfort Manager Lite) (Version: 1.20 - Motordiag)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1029}) (Version: 7.03.1152 - Nero AG)
NetSpot (HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\a6e43da6e76c5494) (Version: 2.0.1.485 - Etwok LLC)
OBD-Czech 1.8 (HKLM-x32\...\OBD-Czech) (Version: 1.8 - Motordiag)
OBD-DIAG V1.01.02 (HKLM-x32\...\OBD-DIAG_is1) (Version: - Stange Distribution)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
Opera Stable 45.0.2552.812 (HKLM-x32\...\Opera 45.0.2552.812) (Version: 45.0.2552.812 - Opera Software)
PC-CCID (HKLM\...\{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}) (Version: 2.0.0 - Gemalto)
PDF to JPG 10.0 (HKLM-x32\...\PDF to JPG_is1) (Version: - TriSun Software Limited)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.5.0 - Prolific Technology INC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pomocník při upgradu na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
ProgDVB x64 x64 (HKLM\...\ProgDVB) (Version: 7.x - Prog)
Quick Moto 2.9c (HKLM-x32\...\Quick Moto) (Version: 2.9c - Michal Adámek)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.875.867.080715 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Sentinel Runtime (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Management Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{10098395-09D6-495A-BAE4-D3CE5739581A}) (Version: 4.5.317.0 - Synaptics)
TAGRA-TRUCKER.eu 30.1.97 (HKLM-x32\...\{1BC4C515-99B7-4A40-ABEA-6B988B84DB80}) (Version: 30.1.97 - bitbreeze s.r.o.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM-x32\...\InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.)
TIPCI (x32 Version: 1.20.0000 - Texas Instruments Inc.) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
Ulož.to File Manager verze 1.7 (HKLM-x32\...\{8190420D-F4BA-4744-8940-A466F81AF89C}_is1) (Version: 1.7 - Nodus Technologies s.r.o.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USVC (HKLM-x32\...\PC-SW USVC_is1) (Version: - Mikroelektronika spol. s r.o.)
Uživatelská příručka EPSON SX230 Series (HKLM-x32\...\EPSON SX230 Series Useg) (Version: - )
VCDS-Lite 1.2 (HKLM-x32\...\VCDS-Lite 1.2) (Version: 1.2 - Ross-Tech)
WhatsApp (HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\WhatsApp) (Version: 0.2.4240 - WhatsApp)
Windows 7 Codec Pack 4.1.6 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.6 - Windows 7 Codec Pack)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{1407B87C-36E3-4FC1-9051-D08B21E1096F}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Základní uživatelská příručka EPSON SX230 Series (HKLM-x32\...\EPSON SX230 Series Bog) (Version: - )
Zello 1.75.0.0 (HKLM-x32\...\Zello) (Version: 1.75.0.0 - Zello Inc)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3999955230-315293111-4109583373-1000_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Mirda\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3999955230-315293111-4109583373-1000_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Mirda\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3999955230-315293111-4109583373-1000_Classes\CLSID\{55e0ef9c-5380-4b0d-8257-85d35e21ecdf}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999955230-315293111-4109583373-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999955230-315293111-4109583373-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3999955230-315293111-4109583373-1000_Classes\CLSID\{89BB4535-5AE9-43a0-89C5-19B4697E5C5E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CDCA4C-B6F2-4ACF-8B72-3789925D423A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {0B63CD6D-FA25-4429-90F9-95BD210B8026} - System32\Tasks\{643A9E2E-749B-4460-B261-892FAECF6AC1} => pcalua.exe -a "C:\vag com 208_4\VagCom.exe" -d "C:\vag com 208_4"
Task: {0CC0E64D-D84D-4905-9FC5-ABC22F0B7A43} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {0DD1D941-C737-442B-9724-333B7B0B4E63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-15] (Google Inc.)
Task: {1230A061-8D61-474C-AA71-07BBD95BFCEC} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a8e20ff3-bee5-4168-a97f-5368988a4725 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-04-25] (Lenovo Group Limited)
Task: {152EFB00-7F81-45B6-AFDE-6A738E2CCE51} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {196E2622-D78B-49E6-8C9F-23779C18456C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1D812D3C-7077-44C8-B3A5-FDD468E9BCE5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2165C9E9-F6F6-43DD-A3DF-B4856632EA24} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {21D75EE1-C80B-43EC-BD27-A020226E5183} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {23EAA4B2-4E27-49E4-9C27-435D54B2A812} - System32\Tasks\{9448A1D9-5E65-4821-BF18-7E03359875F7} => C:\Users\Mirda\Downloads\ETKA 7.3\ETKA73_International_2011.exe
Task: {24B7DE62-19DD-4A13-B608-3CAF1231985B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {2791BFA9-8ED9-4078-8D4D-5A8E3AFC4416} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {27B82D10-62C5-4F77-8177-1438D70D43B2} - System32\Tasks\{23437597-06E0-4247-998D-3DE2A8ED82B9} => pcalua.exe -a C:\Users\Mirda\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe -d C:\Windows\system32 -c __IRAOFF:664610 "__IRAFN:C:\Users\Mirda\Downloads\ETKA 7.3\ETKA73_International_2011.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-3999955230-315293111-4109583373-1000" <==== ATTENTION
Task: {27F445EA-C979-4D62-9BA2-C93DF3621B89} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2A7B898D-9706-41D9-A237-BF95731BBE17} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {31C94C82-A814-4258-9788-DEEF36ADBE2F} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {32C7F951-DCFD-48CF-A83F-6EF0043151D4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {36A4AC88-187A-4B62-88BD-D813E9F26E9D} - System32\Tasks\{DE38F7AC-1BE5-4E18-BE86-C3C621D73CE2} => launchwinapp.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457 ... Error=1603
Task: {3DD13A5F-C200-4176-BDEB-582A81E5352A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {3E0408E8-869C-4DFF-963A-C7762F97872A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {46500F25-5405-4877-B5DE-245554133CBF} - System32\Tasks\{73D6A6CE-A0FF-4760-BF80-F0680A2AA307} => pcalua.exe -a C:\Users\Mirda\Downloads\ETKA_7.5\x64\MULTIKEY64\DSEO13B.EXE -d C:\Users\Mirda\Downloads\ETKA_7.5\x64\MULTIKEY64
Task: {4AA59E92-2E35-4A46-8D88-B54BC710EA26} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {53B9BBA1-7A95-4538-A720-1FE8B0B292A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-15] (Google Inc.)
Task: {55FBFB17-32B7-4EC7-93A2-5350B9B2540C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {580CB6C3-3069-47AE-B90C-C18F35CACFD6} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5B12ACE3-2909-4138-8390-DDD51BC8E744} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {5CC4FE24-5865-4231-8311-284C6F68A2D2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-19] (Adobe Systems Incorporated)
Task: {6376B684-0059-4BE7-B313-2B13E1B0E3CB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6A077E16-C3EF-4FB9-BB2E-DC2139F2105E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {767A2FC2-EBA0-483D-8F2B-F081101BA776} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {77D71775-2290-4FF4-9A76-BC79609A926C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7AA2CC88-9673-4C3F-8741-FEB3A380297E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {82438B15-E05C-4F6F-ADB7-8F3BE5797829} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {85C21729-50EA-43B3-8C68-1FCD6CB81942} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-19] (Adobe Systems Incorporated)
Task: {88157ADA-D2A6-4ADA-B0B1-FC7EF73EECF4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8C9C3829-CC03-4CC7-9EDE-2F551F55C127} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8F01E1C9-3C4A-452D-9EEA-4744B8590BDB} - \Games\UpdateCheck_S-1-5-21-3999955230-315293111-4109583373-1000 -> No File <==== ATTENTION
Task: {92D337A5-A89C-4EE6-B9F9-CFA1CAEE72C2} - System32\Tasks\DolbySelectorTask => %ProgramFiles%\Dolby Digital Plus\ddp.exe
Task: {9A1C1B4A-F1B4-46B1-96ED-E0B0E905D294} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9FD43215-D7C1-44F8-BC13-C70CB1A02190} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A4A7BB36-9E7F-45AD-B8C8-7568C3FFEE03} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {A735AE61-88AD-40CA-A49F-D8D91D1817FD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {AC680811-2017-49D5-A258-E627554402DE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AD67560B-AD77-45C0-B88F-DF6680823B11} - System32\Tasks\{49FDE996-3BDA-4125-8B78-D657F9389589} => pcalua.exe -a "C:\Users\Mirda\Downloads\KKL černý - USB VAG OBD II Diagnostický kabel\ovladace-usb-win7\CDM20824_Setup.exe" -d "C:\Users\Mirda\Downloads\KKL černý - USB VAG OBD II Diagnostický kabel\ovladace-usb-win7"
Task: {AEFEAF1C-537D-4975-B0C0-3E06D965F432} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B07FDAA5-39F6-4CF0-A75F-BFA3BBF6DD97} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {B7E40C6B-CE22-466A-8D8B-8F2C4E78507C} - System32\Tasks\{C284093C-E790-4593-B1AF-1E12D70D63BC} => C:\Users\Mirda\Downloads\ETKA 7.3\ETKA73_International_2011.exe
Task: {B87B41E6-0545-4E69-BD8C-B6A28512A98E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {BE0CDE01-F08A-4C98-8ECB-0125723D34F7} - System32\Tasks\Opera scheduled Autoupdate 1422559614 => C:\Program Files (x86)\Opera\launcher.exe [2017-05-15] (Opera Software)
Task: {C9715B1F-C082-409B-A9EE-31B144B6A601} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => %ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {CA7409AD-6525-42DA-9454-2896092A776F} - System32\Tasks\{203B1717-C488-4241-9390-C860A7E1B926} => C:\Users\Mirda\Downloads\ETKA 7.3\ETKA73_International_2011.exe
Task: {CB2C10C7-6297-413B-852D-53E97F451979} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CDE2EC6B-A91F-4238-B033-0222204B6125} - System32\Tasks\{C5A2C190-2CCB-453E-A307-8A5726528760} => pcalua.exe -a C:\VAG-COM\VagCom.exe -d C:\VAG-COM
Task: {D41E4A77-689C-4C5D-A7DE-6FA9F81E28AA} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E11668C9-190C-462A-8BDB-81C138B7E732} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {E1B4CF11-F288-446D-999B-1FA056F2C2CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {E3613AA2-7826-416B-8FA6-2BB02EE13FDB} - System32\Tasks\{9B641EFF-F087-4841-BD46-E524ABB6899E} => pcalua.exe -a "C:\WINDOWS\ISO Creator\uninstall.exe" -c "/U:C:\Program Files (x86)\ISO Creator\Uninstall\uninstall.xml"
Task: {E3EED875-4CFB-4E18-9157-E9065DBBD8E3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E45E0F0E-50AF-49B1-8FFB-E602CE8794E9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E7234B5A-BFB3-4AF2-A88C-64FBB0EE080E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {E92C8C31-9C56-44AF-9D60-A62F59808488} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E9A4A96F-C2D5-4045-97D7-6CD0BD890F1C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fd39ccbb-ddb4-471c-819b-5e05a879e6d3 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-04-25] (Lenovo Group Limited)
Task: {F3D1A746-8216-4670-8093-7B107A26A531} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F47A724D-9394-473D-8D04-C2D6917104A5} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F6803AFA-4DD6-4FE9-8D3D-CD1BC9C4516A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8e719433-08bb-4524-becd-38f049c26165 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-04-25] (Lenovo Group Limited)
Task: {F79232F1-5B9D-45C3-98AF-F6E59EBB4CCD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Mirda\Downloads\ETKA_7.5\ETKA_doplňky\Zástupce na plochu\ETKA 7.4 PLUS 2013 International.lnk -> C:\ETKA\PROG\EtStart.bat (No File)

ShortcutWithArgument: C:\Users\Mirda\Desktop\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mirda\AppData\Local\Google\Chrome\User Data\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mirda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mirda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\WeatherBug.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco

==================== Loaded Modules (Whitelisted) ==============

2017-01-14 14:15 - 2017-04-25 10:35 - 00020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2015-01-29 20:44 - 2015-07-20 20:19 - 00121560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2017-05-17 18:13 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-30 10:23 - 2016-11-22 20:27 - 00592384 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2017-05-23 00:52 - 2017-05-23 00:52 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:41 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-03-26 13:50 - 2016-02-21 16:20 - 00058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2017-05-09 17:19 - 2017-05-09 17:20 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 17:19 - 2017-05-09 17:20 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 17:19 - 2017-05-09 17:20 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 17:19 - 2017-05-09 17:20 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-19 19:00 - 2017-05-19 18:47 - 91090520 _____ () C:\Program Files (x86)\Opera\45.0.2552.812\opera_browser.dll
2017-05-19 18:50 - 2017-05-19 18:46 - 03949144 _____ () C:\Program Files (x86)\Opera\45.0.2552.812\libglesv2.dll
2017-05-19 18:50 - 2017-05-19 18:46 - 00101464 _____ () C:\Program Files (x86)\Opera\45.0.2552.812\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:264A9BB7 [124]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-05-22 20:41 - 00000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3999955230-315293111-4109583373-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mirda\Pictures\Plocha\RTO+Vlek malba.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: BTDevManager => 2
MSCONFIG\startupfolder: C:^Users^Mirda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: ABBYY Screenshot Reader Bonus =>
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\Mirda\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Quick Moto Agent => C:\Program Files (x86)\Quick Moto\Agent.exe
MSCONFIG\startupreg: RtsFT => RTFTrack.exe
HKLM\...\StartupApproved\StartupFolder: => "CodecPackTrayMenu.lnk"
HKLM\...\StartupApproved\Run: => "MSC"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\StartupApproved\StartupFolder: => "Microsoft Office Groove.lnk"
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\StartupApproved\StartupFolder: => "Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk"
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\StartupApproved\StartupFolder: => "Sidebar397.lnk"
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\StartupApproved\Run: => "Uninstall C:\Users\Mirda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\...\StartupApproved\Run: => "ProgLauncher"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2165E667-7EF6-48ED-B446-FDDA08CCF387}C:\program files\progdvb x64\progtv.exe] => (Allow) C:\program files\progdvb x64\progtv.exe
FirewallRules: [TCP Query User{8E165197-5022-416B-9A2A-8BC1414FEC99}C:\program files\progdvb x64\progtv.exe] => (Allow) C:\program files\progdvb x64\progtv.exe
FirewallRules: [UDP Query User{E744DD17-5E68-473F-9369-815F6903409E}C:\program files\progdvb x64\progdvbnet.exe] => (Allow) C:\program files\progdvb x64\progdvbnet.exe
FirewallRules: [TCP Query User{E382A7FE-0FD8-4FC8-9943-3C20044B0B35}C:\program files\progdvb x64\progdvbnet.exe] => (Allow) C:\program files\progdvb x64\progdvbnet.exe
FirewallRules: [{09A45281-06A0-46F9-9EF2-5D0D319FD8C2}] => (Allow) C:\Program Files (x86)\Zello\Zello.exe
FirewallRules: [{629E4732-A26C-415F-9592-D12E10411E7F}] => (Allow) C:\Program Files (x86)\Zello\Zello.exe
FirewallRules: [{9A260003-864D-431A-958A-2F8B4A2E1126}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EFFD06E4-A9EC-45E2-A6B9-B88B4F982FCB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DAE5FC53-EE5E-4579-8B7A-4879DF8CED97}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A168F482-EBB8-46EA-A8B9-9B00E099B6EB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{F515CDE8-B4A8-4F01-BAFB-A0BE01FA6CD7}] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [{039B3BCB-C2C9-4E04-B90C-262428FEB650}] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [{1C7141D1-F59B-43C4-9189-B4385610657D}] => (Allow) C:\ElsaWin\bin\ElsaWin.exe
FirewallRules: [{76647790-10F9-49C8-945A-01D07F25F88D}] => (Allow) C:\ElsaWin\bin\ElsaWin.exe
FirewallRules: [{1C8CC84A-74E9-4E45-9BA3-39081FDB3342}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{43EE52E0-6CBC-4A4C-A466-DEC6AD67842C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2502FD9B-7EF4-436D-A7F6-6D1E34616E51}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65540B48-6BDE-4193-A71A-4D3E5616F648}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2442845-2128-447D-B9E9-187566C7A14A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6D3557B8-865A-4B6B-8613-60D31D8C0049}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68687DAF-7DB5-4F62-9CF1-7A85BB51E4DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CEB2AD47-823F-4DAF-B771-B54BD063A18F}] => (Allow) LPort=135
FirewallRules: [{906278A7-406E-4577-92C1-ED0F5ADF22DE}] => (Allow) C:\Program Files (x86)\ElsaWin\bin\ElsaWin.exe
FirewallRules: [{E29F06CC-A727-42FF-B474-2B327FE87E6F}] => (Allow) C:\Program Files (x86)\ElsaWin\bin\ElsaWin.exe
FirewallRules: [{FC3B5B6E-7DAA-40AA-9F85-910E1684368D}] => (Allow) LPort=135
FirewallRules: [UDP Query User{E2174CB0-3DB9-43F1-9AF7-4432BD20E83F}C:\users\mirda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mirda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B32F29AF-F4C7-4932-BAEF-DF2E1E890C2A}C:\users\mirda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mirda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{422EBE8F-8990-4F08-A8AC-561887529F03}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{EB88C2A3-4422-4ED2-B85B-4AAF85537A38}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{BF14D9EC-A31A-4AC8-935F-DCFD5CA28E33}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{7A6C09BE-F711-4817-8ACD-F863135D8A73}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B45B661F-6FCA-49E1-BD8D-A63BC61ED802}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{08E7FC20-6F66-4B8A-BA96-6EBEF7E8F49D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E43B07AA-767D-42BA-81AA-F7703BF1A419}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{28F34ACA-D324-484E-92DE-972EB4907994}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{D9346B05-4358-4245-8EB6-3CB25919EA1C}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{982CDB52-4CB8-408C-8694-73663D7371EE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0388FB51-C13C-4F39-9F26-9EAEAE0F90C9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3EA08A23-9990-4022-9F34-3DAC631A76CB}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{D4C5C4D7-A636-4595-B01C-3BA11EADB5C7}] => (Allow) C:\ElsaWin\bin\ElsaWin.exe
FirewallRules: [{480E4C65-59B8-4140-9606-A867E1770B55}] => (Allow) C:\ElsaWin\bin\ElsaWin.exe
FirewallRules: [{FBF821BE-3814-40CA-BE07-FF6D1F2E8BC4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{997E1D78-A572-4669-A5D4-B68685FB1E75}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{195E4A19-8814-4049-88D0-2270F61852F3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E109A0B9-EF4B-4AD5-8DC5-1409377C10BC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3D2C7B99-D43E-4296-BEBF-8A7BD64ADCDA}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.635\opera.exe
FirewallRules: [{FA93E467-071A-4125-9B0A-C2B4A789E636}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AD16FD2F-AC71-42A0-8B20-6328247B85A3}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe

==================== Restore Points =========================

23-05-2017 00:48:48 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Wi-Fi Direct Virtual Adapter #2
Description: Virtuální adaptér Microsoft Wi-Fi Direct
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2017 05:22:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: IIS APPPOOL)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.

Error: (05/23/2017 05:22:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: IIS APPPOOL)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.

Error: (05/23/2017 01:31:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 22 1.0.0.127.in-addr.arpa. PTR Mirda-Notebook.local.

Error: (05/23/2017 01:31:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 24 1.0.0.127.in-addr.arpa. PTR Mirda-Notebook-2.local.

Error: (05/23/2017 12:50:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 22 1.0.0.127.in-addr.arpa. PTR Mirda-Notebook.local.

Error: (05/23/2017 12:50:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 24 1.0.0.127.in-addr.arpa. PTR Mirda-Notebook-2.local.

Error: (05/23/2017 11:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 24 4.4.E.B.9.2.E.8.9.0.B.9.A.1.8.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Mirda-Notebook-2.local.

Error: (05/23/2017 11:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.106:5353 22 4.4.E.B.9.2.E.8.9.0.B.9.A.1.8.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Mirda-Notebook.local.

Error: (05/23/2017 11:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 24 106.0.168.192.in-addr.arpa. PTR Mirda-Notebook-2.local.

Error: (05/23/2017 11:58:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.106:5353 22 106.0.168.192.in-addr.arpa. PTR Mirda-Notebook.local.


System errors:
=============
Error: (05/23/2017 05:50:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (05/23/2017 05:50:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby FontCache3.0.0.0 bylo dosaženo časového limitu (30000 ms).

Error: (05/23/2017 05:22:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (05/23/2017 05:22:04 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba hasplms závisí na následující službě: aksfridge. Tato služba pravděpodobně není nainstalována.

Error: (05/23/2017 05:22:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba HomeGroupListener skončila s následující chybou specifickou pro službu:
%%2147944153 = Pro mapovač koncových bodů nejsou k dispozici další koncové body.

Error: (05/23/2017 05:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba CldFlt neuspěla při spuštění v důsledku následující chyby:
Požadavek není podporován.

Error: (05/23/2017 05:20:16 PM) (Source: DCOM) (EventID: 10010) (User: MIRDA-NOTEBOOK)
Description: Server {0002DF02-0000-0000-C000-000000000046} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/23/2017 05:20:13 PM) (Source: DCOM) (EventID: 10010) (User: MIRDA-NOTEBOOK)
Description: Server {0002DF02-0000-0000-C000-000000000046} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/23/2017 04:55:06 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Integrovaný řadič neodpověděl během zadaného časového limitu. Může to znamenat chybu hardwaru nebo firmwaru integrovaného řadiče nebo že systém BIOS přistupuje k integrovanému řadiči nesprávně. Měli byste zjistit, zda výrobce počítače nemá k dispozici upgrade systému BIOS. V některých situacích může tato chyba způsobit, že počítač nebude pracovat správně.

Error: (05/23/2017 11:42:50 AM) (Source: DCOM) (EventID: 10010) (User: MIRDA-NOTEBOOK)
Description: Server Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!MicrosoftEdge se v daném časovém limitu neregistroval u služby DCOM.


CodeIntegrity:
===================================
Date: 2017-05-23 17:18:38.708
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-05-23 17:17:13.979
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-05-23 17:16:11.096
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-05-23 17:14:44.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-05-23 17:14:41.398
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-05-23 03:49:28.888
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-05-23 03:48:20.084
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-05-23 03:48:19.026
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-05-23 02:50:09.548
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-22 20:08:27.273
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 35%
Total physical RAM: 8077.36 MB
Available physical RAM: 5184.38 MB
Total Virtual: 8589.36 MB
Available Virtual: 5702.35 MB

==================== Drives ================================

Drive c: (Windows 10 64-bit) (Fixed) (Total:230.53 GB) (Free:86.82 GB) NTFS
Drive d: () (Fixed) (Total:320 GB) (Free:260.72 GB) NTFS
Drive e: () (Fixed) (Total:350 GB) (Free:107.61 GB) NTFS
Drive h: (LEXAR USB 2) (Removable) (Total:7.44 GB) (Free:7.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=1000 MB) - (Type=42)
Partition 3: (Not Active) - (Size=700 GB) - (Type=42)
Partition 4: (Not Active) - (Size=230.5 GB) - (Type=42)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37239
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: HJT log

Příspěvekod jaro3 » 23 kvě 2017 21:55

Můžeš odinstalovat:
Sophos Virus Removal Tool
Zemana AntiMalware


Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3999955230-315293111-4109583373-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3999955230-315293111-4109583373-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3999955230-315293111-4109583373-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3999955230-315293111-4109583373-1000 -> {1F440E47-EE58-4FD8-82A3-8E7388D2150F} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin HKU\S-1-5-21-3999955230-315293111-4109583373-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Mirda\AppData\Local\BTServer.log
C:\Users\Mirda\AppData\Local\keyfile3.drm
C:\Users\Mirda\AppData\Local\Resmon.ResmonCfg
C:\ProgramData\DP45977C.lfl
C:\Users\Mirda\IP_Log_Data.js
C:\Users\Mirda\Network_Meter_Data.js
Task: {0DD1D941-C737-442B-9724-333B7B0B4E63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-15] (Google Inc.)
Task: {2165C9E9-F6F6-43DD-A3DF-B4856632EA24} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {2791BFA9-8ED9-4078-8D4D-5A8E3AFC4416} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {27B82D10-62C5-4F77-8177-1438D70D43B2} - System32\Tasks\{23437597-06E0-4247-998D-3DE2A8ED82B9} => pcalua.exe -a C:\Users\Mirda\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe -d C:\Windows\system32 -c __IRAOFF:664610 "__IRAFN:C:\Users\Mirda\Downloads\ETKA 7.3\ETKA73_International_2011.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-3999955230-315293111-4109583373-1000" <==== ATTENTION
Task: {32C7F951-DCFD-48CF-A83F-6EF0043151D4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4AA59E92-2E35-4A46-8D88-B54BC710EA26} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {53B9BBA1-7A95-4538-A720-1FE8B0B292A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-15] (Google Inc.)
Task: {767A2FC2-EBA0-483D-8F2B-F081101BA776} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {77D71775-2290-4FF4-9A76-BC79609A926C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7AA2CC88-9673-4C3F-8741-FEB3A380297E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {82438B15-E05C-4F6F-ADB7-8F3BE5797829} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8C9C3829-CC03-4CC7-9EDE-2F551F55C127} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8F01E1C9-3C4A-452D-9EEA-4744B8590BDB} - \Games\UpdateCheck_S-1-5-21-3999955230-315293111-4109583373-1000 -> No File <==== ATTENTION
Task: {9A1C1B4A-F1B4-46B1-96ED-E0B0E905D294} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A735AE61-88AD-40CA-A49F-D8D91D1817FD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {AC680811-2017-49D5-A258-E627554402DE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B87B41E6-0545-4E69-BD8C-B6A28512A98E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {CB2C10C7-6297-413B-852D-53E97F451979} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D41E4A77-689C-4C5D-A7DE-6FA9F81E28AA} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {F3D1A746-8216-4670-8093-7B107A26A531} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F79232F1-5B9D-45C3-98AF-F6E59EBB4CCD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Shortcut: C:\Users\Mirda\Downloads\ETKA_7.5\ETKA_doplňky\Zástupce na plochu\ETKA 7.4 PLUS 2013 International.lnk -> C:\ETKA\PROG\EtStart.bat (No File)
AlternateDataStreams: C:\ProgramData\TEMP:264A9BB7 [124]

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\SysWOW64\FileOps.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

C:\WINDOWS\SysWOW64\ÁÂĂÄĹĆÇČÉĘËĚÍÎĎĐŃŇÓÔŐÖ÷ŘŮÚŰÜÝŢ je složka? Co v ní je?
C:\Users\Mirda\AppData\Local\Zello co je to za program?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

MiroslavBusacek
nováček
Příspěvky: 23
Registrován: květen 17
Pohlaví: Muž

Re: HJT log

Příspěvekod MiroslavBusacek » 23 kvě 2017 22:35


MiroslavBusacek
nováček
Příspěvky: 23
Registrován: květen 17
Pohlaví: Muž

Re: HJT log

Příspěvekod MiroslavBusacek » 23 kvě 2017 22:42

C:\WINDOWS\SysWOW64\ÁÂĂÄĹĆÇČÉĘËĚÍÎĎĐŃŇÓÔŐÖ÷ŘŮÚŰÜÝŢ je složka? Co v ní je?...to nevim co je a to Zello je vpodstate CB vysilacka v PC


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 0 hostů